Version

Argent Extended Technology – All Versions

Date

23 Sep 2011

Summary

Argent Data Consolidator processes numerous SYSLOG files for a brief time then starts to fail and eventually stops parsing under a heavy load.

Technical Background

Expand Transfer Engine, choose the primary Transfer Engine and click button “View Current Engine Log With Notepad”.

You should see a timestamp difference between the SYSLOG source and Argent Data Consolidator timestamp over the course of five minutes.

This issue is caused by built in code that executes a reverse DNS lookup for IP address of each device sending SYSLOG

within the packet handling callback function. If the IP address is NOT in DNS server, the reverse DNS lookup can take much longer to complete. As result, the following UDP packets can be delayed or dropped by OS when SYSLOG network traffic is heavy.

Resolution

Workaround:

If user can update DNS, add the device sending SYSLOG to DNS server.

If user cannot update DNS, user can edit local HOSTS file to add the device name and IP addresses.

Recommended:

Upgrade to Argent Extended Technology 1104-T3 or later.