This article will help in configuring the windows event logs ( winevt) folder for backup.

By default, Windows location is added to the exclusion list in inSync which is why it never picks up any subfolders.

However, there is a workaround you could try for devices that absolutely needs Events to be backed up.

Please find the steps on how to create a junction folder.

1) Created a junction folder on the root of C Drive with the below command:

mklink /j C:\Events C:\Windows\System32\winevt\Logs

It creates a folder Events and mapped it to the Logs folder where all the .evtx files reside.

2) Need to give full permission on the logs folder inside Winevt folder for authenticated users.

3) Add a custom folder in inSync and add C:\Events as the path.For the file types you can select either All Files or *.evtx; and remove everything from exclusion list, path and from global exclusions.

Save this profile and you can find this folder in the inSync client available for backup.

Note: You can create a small script (like batch file with the above command for creating junction folder and can deploy it using any deployment tool ) to run on the user machines to create the mapping. This way you can back up event viewer files