How to move Audit Archive to a new location

Setup and Configuration
6.5 and older
Copy Article URL Copied

If you want to move the local audit data storage (Audit Archive) to a new location, perform the following steps

  1. Disable all Netwrix Auditor features: under each Managed Object navigate to each audited system's page and disable it.
  2. Open Windows Task Manager, switch to the Processes tab and wait until the following processes have completed:
  • ADCR.exe
  • EventManager.exe
  • FSCR.exe
  • Sqlcr.exe
  • CRVM.exe
  • SCCR.exe
  1. Stop all product services: navigate to Start –> Run and type "services.msc"; locate and stop the following services:
  • Netwrix Auditor Service for SharePoint
  • Netwrix User Activity Video Reporter Service
  1. Navigate to the current Audit Archive location (you can check the path in the Netwrix Management Console under Settings –> Audit Archive).
  2. Copy audit data to a new Audit Archive location.
  3. Modify the Audit Archive location settings in the Netwrix Auditor console: navigate to Settings –> Audit Archive, click Modify and specify the new path.
  4. Restart the services you have stopped.
  5. In Netwrix Auditor, make sure that audit is enabled for each audited system under each Managed Object individually.

Note: For File Servers, SQL Server and VMware audited systems, sessions are stored in %audit archive%Sessions<Managed_Object_name><Netwrix_Auditor_feature> have absolute paths, As a result, when you modify the Audit Archive location, sessions information will be displayed incorrectly. To resolve the issue, you can create a directory junction or a symbolic link to the new path.

Go Up