Version

Argent Data Consolidator 8.0A-0701

Date

13 Apr 2007

Summary

When consolidating Events with Event ID 560, specifically looking for text in the Accesses portion of the event, the rule will not send alerts and when reporting, no event will be found with the specified criteria.

An example is below:

Technical Background

When consolidating these types of events, the data from the Accesses portion of the event is stored in the database as a numerical value. Therefore, all alerts, filters and reports will not work on the given rule.

Resolution

Development has been made aware of this issue.