KBI 220527 Security Event Log and Event ID 560


Argent Data Consolidator 8.0A-0701


13 Apr 2007


When consolidating Events with Event ID 560, specifically looking for text in the Accesses portion of the event, the rule will not send alerts and when reporting, no event will be found with the specified criteria.

An example is below:

Technical Background

When consolidating these types of events, the data from the Accesses portion of the event is stored in the database as a numerical value. Therefore, all alerts, filters and reports will not work on the given rule.


Development has been made aware of this issue.