Processed event log data older than required can be archived and cleared from the working DB. This can be done using the Archive Events option in ADAudit Plus. Archiving audit data helps to maintain an optimum size for the working DB, which helps for a quicker reporting and for forensic and compliance reuirements.
The 'Restore Archived Events' can be used to restore ADAudit Plus archived event data and backup Evt / Evtx files (which can also be scheduled to import), back to the working DB.
Why is restoring of Archived Events required?
The restore archived events is an option to address the need for audit information (reports) on older events that were processed by ADAudit Plus or from backup Evt / Evtx files which were cleared from the working database.
How are the older data archived?
As and when event log data are cleared from the database, they are zipped and stored in an 'Archive folder'. The 'Archive Folder' is configured under 'Archive Events', by default is stored in the '<installation directory>\archive' folder. The Archive folder contains multiple zip files, each zip file contains event information of a specific category within a time range.
Restoring Archived Events
To restore archived data for a range:
Once the event data is restored from the archive folder to the working DB. Under the 'Reports' tab select a 'Custom Period' for the corresponding report and view audit reports for them.
Re-archiving restored Archive events:
All the restored archived events are listed with an unload icon against them. To re-archive the restored archive events:
Restored archive data older than 2 days (48 hours) in the database will be automatically re-archived.