KBI 310787 Issue Addressed: Linux/UNIX Log Rule Does Not Report Communication Error

Version

Argent for Compliance 3.1A-1310-A or below

Date

Friday, 20 Dec 2013

Summary

The Argent Linux/Unix Log Rule generally uses ‘tail‘ command to read the log from the server

When a communication error occurred (such as account did not have permission to read the log), the Argent AT Engine simply reported ‘No new lines in log

This was confusing because it was not clear if there really were no new lines or if the Argent AT Engine simply could not read the log

Argent AT 3.1A-1401-A has enhanced to log the communication error in the Relator Trace Log

Technical Background

In order to tell the difference between log lines and communication error, the Argent AT Engine now searches for the matching timestamp in the returned lines

If no line containing valid timestamp, it is reported as potential communication error

Resolution

Upgrade to Argent AT 3.1A-1401-A or later