Can I import previously generated security logs into ADAudit Plus?
Objective
Learn how to import EVT/EVTX logs into ADAudit Plus for analysis and auditing by configuring scheduled or one-time imports using the built-in import functionality.
Prerequisites
Ensure sufficient disk space is available for log storage. The requirement will vary depending on the environment size and log retention period.
Administrator privileges in ADAudit Plus are required.
The service account must have read permissions on the source log files.
The service account must be a member of the Event Log Readers group (for automatic log collection).
Confirm that the log files (EVT/EVTX) are accessible from the ADAudit Plus server, either via a local path or a network share.
Windows Management Instrumentation (WMI) must be enabled on all source servers.
The Remote Registry service must be running on all source servers.
Steps to follow
- Use an account with administrator rights or the required permission level to configure log imports.
- Go to the Admin tab.
Under Configuration, select Import EVT/EVTX Logs.
Click Import Log Path located at the top-right corner of the screen.
Enable the time interval at which the logs should be imported:
Once
Hourly
Daily
Weekly
Choose the desired interval under Import EVT/EVTX logs Once Every.
Provide the file path where the logs are stored:
Local path example: C:\FolderName
Network share example: \\ComputerName\SharedFolder
Click Save to apply the settings.
ADAudit Plus will import logs from the specified location at the configured schedule.
Click View Imported Logs to check the import history and verify successful log imports.
Validation and confirmation
- After saving, monitor the View Imported Logs section to confirm that logs are being imported as per the schedule.
- Check for successful entries and timestamps that align with your configured interval.
Ensure no errors are logged indicating access issues or invalid paths.
Tips
When using a network path, make sure the ADAudit Plus service account has read permissions on the shared folder.
Ensure the logs are not in use or locked by another process to prevent import failures.
Use a consistent folder structure and naming convention to simplify log tracking.
For large log sets, consider setting the schedule to off-peak hours to avoid impacting performance.
Related topics and articles
New to ADSelfService Plus?
Related Articles
Understanding how ADAudit Plus handles security Event Logs and Archiving
In this article : Question Explanation Important considerations Related topics and articles Question I would like to know if there’s a way to store historical security event logs within ADAudit Plus, access older logs, and view the raw event data. ...How to configure Workstations in ADAudit Plus
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective To configure Windows Workstations in ADAudit Plus using either the product console or command-line arguments, and to apply ...How can I set up notifications if ADAudit Plus stops collecting event logs?
Objective To configure notifications in ADAudit Plus to receive alerts about the product’s performance, failures, and service status, including when event log collection stops. Prerequisites You must have administrative access or delegate permission ...Unable to upgrade ADAudit Plus
Issue description ManageEngine ADAudit Plus may occasionally encounter issues during the upgrade process, resulting in error messages or unexpected interruptions. These problems can hinder users from accessing new features and critical security ...Upgrading ADAudit Plus PostgreSQL database to version 17.5
In this article : Issue description Prerequisites Possible causes Resolution Related topics and articles How to reach support Issue description When trying to upgrade ADAudit Plus specifically from build 8500, 8511, or 8512, the following error ...