Troubleshooting Archive File is Missing in EventLog Analyzer

Troubleshooting Archive File is Missing in EventLog Analyzer

Issue description

Archive files show as missing when the flat file created during the zipping process is not available in its intended location.

Possible causes

Below are the scenarios where an archive file integrity is updated as Archive file is missing in EventLog Analyzer for 0 KB files:

1. Abrupt shutdown during the zipping cycle:
If the product is shut down unexpectedly(Abrupt shutdown) during the zipping process, flat files may be zipped successfully but not removed from the database. During the next cycle, the system checks the database and attempts to zip those files again. Since they are already zipped and no longer physically present, the system creates a dummy zip file with a _deletedFile.zip extension and shows the archive as missing, with a file size of 0 bytes.

2. Files deleted by antivirus:
  • If the files were not deleted during the product's operation, they may have been removed manually by a user or automatically by an antivirus (AV) program. If an AV flags these files as potential threats or irrelevant, it may delete them. During the next zipping cycle, the system cannot locate the files and creates dummy zip files.
3. Other causes:
  • File(s) moved: If the archive location was changed, the flat files may not have been copied properly, resulting in a missing file.
  • Cleanup tools or scheduled cleanup tasks: Automated cleanup utilities, scripts, or OS-level scheduled tasks may have deleted the file.

Prerequisites

  • Antivirus exclusions configured as recommended in EventLog Analyzer documentation.
  • Administrative access to the EventLog Analyzer server.
  • Access to the configured archive directory.

Resolution

  1. Navigate to Settings > Admin Settings > Archive in EventLog Analyzer.
  2. In the Archives page, select the log source for which the Archive file missing notification was received.
  3. If the size of the respective archive file is 0 bytes, it is likely due to the possible causes listed.


  4. Hover over the respective device to view the filename in which the archive zip file is stored.
  5. Check if the zip filename has the extension _deletedFile.zip. If yes, the respective entry can either be deleted or updated using the Reload File Status option.


  6. To reload file status, in the Archives page click More at the top right corner and choose Update Path.
  7. In the Update Path page, click the reload file status icon (🔄).
  8. The number of file statuses changed will be displayed immediately upon completion.



Tips

  • Ensure the archive directory always has sufficient free disk space to avoid failures.
  • Place the archive directory on a dedicated partition, separate from the installation drive, for stability.
  • Back up archive files periodically to external storage for disaster recovery purposes.

How to contact support

If the issue continues, contact ManageEngine support with the following details:
  • Screenshots of the Archival page.
  • Archive configuration details (path, schedule, Archive retention settings).
  • Screenshot of Email notification received for archive integrity
  • EventLog Analyzer build number.

Related articles and topics

 
 


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products