Reset collection history for Generic Events (Event Log Management)

Event Log Management
6.5 and older
Copy Article URL Copied

How to reset the Generic Event (Event Log Management) collections in order to collect data that had been collected in the past.

In cases where Netwrix Auditor – Generic Events (Event Log Management) is not being used to archive event data but rather collect it "on demand" you must remove prior collection history for the server you are trying to collect from so that event logs are collected that were already collected in the past.

In order to do this please perform the following:

1) Navigate to the audit archive location (location specified under Settings -> Audit Archive) and drill down into the Logs folder.  In this folder find the name of the Managed Object and inside that there is a folder for each of the computers the product is collecting from.  Delete the folder for the computer in question.

Go Up