How to move Long-Term Archive to a new location

Setup and Configuration
Copy Article URL Copied

Note: Unlike clean Netwrix Auditor 8.5 install, upgrades to 8.5 from older versions will have the product save Long-term Archive and Short-Term Archive to the same directory. In this scenario you will need to move your Short-term Archive prior to moving the Long-Term Archive. Contact Netwrix technical support for instructions on how to move Short-Term Archive to a new location.

To move Long-Term Archive to another location:

  1. Navigate to the Managed Object, pick an audited system and unselect the Enable checkbox. Do this for all your Managed Objects.
  2. Open Windows Task Manager, switch to the Processes tab and wait until the following processes have completed:
Audited System Netwrix Auditor 8.0 and below Netwrix Auditor 8.5 after upgrade Clear install of Netwrix Auditor 8.5
Active Directory ADCR.exe
Group Policy
File Servers Netwrix.FSA.Collector.exe Netwrix.FSA.AgentService.exe
Azure AD Netwrix.O365.AzureAdReporter.exe
Exchange Online Netwrix.O365.ExchangeOnlineReporter.exe
SharePoint Online SpaOnlineHost.exe
Oracle Database Netwrix.OracleDataRetriever.exe
SharePoint SpaService.exe
SQL Server Netwrix.SQLA.Collector.exe
VMware VMA.exe
Windows Server WSA.exe
Event Log EventManager.exe
Inactive Users in Active Directory Iut.exe
Password Expiration Alerting Pea.exe Pea.exe
User Activity UserMonitor.exe UAVRServer.exe
  1. Stop product services. Navigate to Start –> Run and type “services.msc”; locate and stop the following services:
  • Netwrix Auditor Service for SharePoint
  • Netwrix Auditor Archive Service (Note: Stop this service only if you use clear install of Netwrix Auditor 8.5).
  • Netwrix Auditor User Activity Audit Service (Auditor User Activity Collector for Netwrix Auditor 8.5 and below)
  • Netwrix Auditor for File Servers Audit Service
  • Netwrix Auditor for Oracle Database Audit Service
  • Netwrix Auditor Logon Activity Audit Service
  • Netwrix Auditor Data Collection Service
  • Netwrix Auditor for Windows Server Audit Service

Note: If you have Netwrix Auditor Event Log Manager enabled, you must disable his scheduled task. Navigate to Start –> All Programs –> Task Scheduler –> task Scheduler Library and locate the task with description “Starts Netwrix Auditor data collection on Event Log for <your monitoring plan name>”. Disable the task.

  1. Navigate to the current Long-Term Archive location. Check the path: navigate to Settings –> Long-Term Archive.
  2. Copy audit data to a new Long-Term Archive location.

     Note: It is not recommended to store Long-Term Archive on a system disk.

  1. Modify the Long-Term Archive location settings in Netwrix Auditor Console: navigate to Settings –> Long-Term Archive and click Modify.  Specify the new path.
  2. Restart the services and tasks you have stopped.
  3. Enable audit to each Managed Object as shown on the step 1.
Go Up