If you are current on support/maintenance you are welcome to give us a call or create a case on our Customer Portal. The reasons this is happening could be quite extensive so i recommend this. However the most common is audit settings were configured but not applied by GPO because of precendence, conflict or some other reason. The best way to verify audit configuration is to run the following command from an elevated command prompt on the fileserver: auditpol /get /category:* . This will list audit settings that are APPLIED to the machine. Also, SACLs have to be set on the files/folders that you want to audit and it is not enough to just configure auditing at the server level. Another potential reason is event log overwrites. These 3 reasons are typically well documented in the errors and warnings that you receive however. Anything beyond that i recommend a support case for further clarification on the above as well as other options once those 3 have been confirmed on our end.
Thanks for the response. I followed your instructions and added the appropriate auditing policies on the shared folder. Now i get the modifications on the files and folders on the shared folder but the field "Who" is always filled with "system". Also i noticed in the Netwrix event viewer that i keep getting a Warning with event ID 6136 that says "Cannot resolve a drive letter for the object:\Device\HarddiskVolume4\%Sharename%. The drive record cannot be found in the mount manager's persistent name database for target host. This may lead to the loss of detected changer."
I don't know whether these two relate to each other.
If i cannot find a solution for this either, then i will open ticket for support, since i already purchased the product a week ago.
Thanks again and i hope you can give me some advice to finally get it working.