This article explains how to move Audit Archive to another location in order to prevent disk overfilling.
|If you want to move the local audit data storage (Audit Archive) to a new location, perform the following steps
- Disable all Netwrix Auditor features: under each Managed Object navigate to each audited system's page and disable it.
- Open Windows Task Manager, switch to the Processes tab and wait until the following processes have completed:
- Stop all product services: navigate to Start --> Run and type "services.msc"; locate and stop the following services:
- Netwrix Auditor Service for SharePoint
- Netwrix User Activity Video Reporter Service
Note: For File Servers, SQL Server and VMware audited systems, sessions are stored in %audit archive%\Sessions\<Managed_Object_name>\<Netwrix_Auditor_feature> have absolute paths, As a result, when you modify the Audit Archive location, sessions information will be displayed incorrectly. To resolve the issue, you can create a directory junction or a symbolic link to the new path.
- Navigate to the current Audit Archive location (you can check the path in the Netwrix Management Console under Settings --> Audit Archive).
- Copy audit data to a new Audit Archive location.
- Modify the Audit Archive location settings in the Netwrix Auditor console: navigate to Settings --> Audit Archive, click Modify and specify the new path.
- Restart the services you have stopped.
- In Netwrix Auditor, make sure that audit is enabled for each audited system under each Managed Object individually.