You receive reports containing no information or the ‘System’ value in the ‘Who’ column.
- Netwrix Auditor 5.0: No warning.txt is attached
- Netwrix Auditor 6.0 - 6.5: No events logged in the Netwrix Auditor EventLog.
- Netwrix Auditor 7.0 and above: No events logged in the Netwrix Auditor System Health log.
- The Security event log is not populated with new events.
- The Security event log was relocated.
- If you changed the Security event log location and do not reboot your file server, the system services may fail to update their settings based on the updated configuration. Therefore, you must reboot your file server.
- If you have not relocated the Security event log, perform one of the following to resolve the issue:
- Open the Security event log using the Event Viewer. If the log is corrupted or contains events with ID 521, this may indicate that there is not enough free disk space to store new information. Provide more disk space and clear the log. Refer to the The disk on a monitored file server is overfilled knowledge base article for more information.
- Make sure that either the Overwrite events as needed retention method is selected, or the Security log automatic archiving option is enabled. Refer to Netwrix Auditor Installation and Configuration Guide for more information.
- Verify your settings are not overwritten by Group Policies using the Resultant Set of Policies (RSoP) snap-in.