In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

Objective  

Learn how to import EVT/EVTX logs into ADAudit Plus for analysis and auditing by configuring scheduled or one-time imports using the built-in import functionality.

Prerequisites  

• Ensure sufficient disk space is available for log storage. The requirement will vary depending on the environment size and log retention period.

• Administrator privileges in ADAudit Plus are required.

• The service account must have read permissions on the source log files.

• The service account must be a member of the Event Log Readers group (for automatic log collection).

• Confirm that the log files (EVT/EVTX) are accessible from the ADAudit Plus server, either via a local path or a network share.

• Windows Management Instrumentation (WMI) must be enabled on all source servers.

• The Remote Registry service must be running on all source servers.

Steps to follow

1. Use an account with administrator rights or the required permission level to configure log imports.

2. Go to the Admin tab.

3. Under Configuration, select Import EVT/EVTX Logs.

4. Click Import Log Path located at the top-right corner of the screen.

5. Enable the time interval at which the logs should be imported:

1. Once

2. Hourly

3. Daily

4. Weekly

6. Choose the desired interval under Import EVT/EVTX logs Once Every.

7. Provide the file path where the logs are stored:

1. Local path example: C:\FolderName

2. Network share example: \\ComputerName\SharedFolder

8. Click Save to apply the settings.

9. ADAudit Plus will import logs from the specified location at the configured schedule.

10. Click View Imported Logs to check the import history and verify successful log imports.

Validation and confirmation  

1. After saving, monitor the View Imported Logs section to confirm that logs are being imported as per the schedule.

2. Check for successful entries and timestamps that align with your configured interval.

3. Ensure no errors are logged indicating access issues or invalid paths.

Tips

• When using a network path, make sure the ADAudit Plus service account has read permissions on the shared folder.

• Ensure the logs are not in use or locked by another process to prevent import failures.

• Use a consistent folder structure and naming convention to simplify log tracking.

• For large log sets, consider setting the schedule to off-peak hours to avoid impacting performance.

Related topics and articles  

● Configuring SIEM integration with ADAudit Plus