Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Archive Events

    The Archive Events in ADAudit Plus allows to archive processed audit data to an archive folder by compressing the files to a zip format at the intervals mentioned, ensuring forensic and compliance requirements.

    To Enable Archiving:

    1. Click on ´Admin´ Tab → ´Archive Events´.
    2. Provide a check against ´Categories´ to enable archiving.
    3. Enter a ´Archiving interval´ (days) in the box provided.
    4. Enter a location for the ´Archived files´ in the box provided.
    5. Click on ´Save´.

    Archive Events

    Note:

    The archived data are stored at a user defined location. By default the archived files are zipped and stored at 'C:\Program Files (x86)\ManageEngine\ADAudit Plus\archive\'
    User must have read privilege on the archive folder. Steps

    1. Right-click the archive folder, click Properties, and then click the Security tab.
    2. Click Advanced, and then click the "Permission" tab.
    3. Provide Read Access to "Authenticated Users" group or "ADAudit Plus Service Account".

    Reports can be viewed on the ADAudit Plus archived files & from the backup Evt / Evtx files by restoring archived data for desired date ranges.

    Restore Archived Events

    Processed event log data older than required can be archived and cleared from the working DB. This can be done using the Archive Events option in ADAudit Plus. Archiving audit data helps to maintain an optimum size for the working DB, which helps for a quicker reporting and for forensic and compliance reuirements.

    The 'Restore Archived Events' can be used to restore ADAudit Plus archived event data and backup Evt / Evtx files (which can also be scheduled to import), back to the working DB.

    Why is restoring of Archived Events required?

    The restore archived events is an option to address the need for audit information (reports) on older events that were processed by ADAudit Plus or from backup Evt / Evtx files which were cleared from the working database.

    How are the older data archived?

    As and when event log data are cleared from the database, they are zipped and stored in an 'Archive folder'. The 'Archive Folder' is configured under 'Archive Events', by default is stored in the '<installation directory>\archive' folder. The Archive folder contains multiple zip files, each zip file contains event information of a specific category within a time range.

    Restoring Archived Events

    To restore archived data for a range:

    • Click on 'Restore Archived Events'.
    • All archived events is displayed category and range wise with an option to load / unload data.
    • Click on the Load data icon icon to load data.
    • The above can be selected for one or all date ranges between which event data is needed to be restored.

    Once the event data is restored from the archive folder to the working DB. Under the 'Reports' tab select a 'Custom Period' for the corresponding report and view audit reports for them.

    Re-archiving restored Archive events:

    All the restored archived events are listed with an unload icon against them. To re-archive the restored archive events:

    • Click on the Load data icon icon.
    • This will unload the loaded database immediately. (i.e. The restored data are re-archived.)

    Restored archive data older than 2 days (48 hours) in the database will be automatically re-archived.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

    On this page

    Get download link