Version

All

Date

4 Jan 2013

Summary

Some Argent Data Consolidator Event Log Rules may not have copy function.

Technical Background

In Argent Data Consolidator, Event Log rules have some pre-assigned prefixes and are grouped under pre-defined subfolders. They include:

• Prefix ‘EVT_SEC_‘ goes to subfolder ‘Security‘
• Prefix ‘EVT_SOFT_‘ goes to subfolder ‘Software Installation‘
• Prefix ‘EVT_MGMT_‘ goes to subfolder ‘Management‘
• Prefix ‘EVT_POL_‘ goes to subfolder ‘Policy‘
• Prefix ‘EVT_APP_‘ goes to subfolder ‘Applications‘
• Prefix ‘EVT_OTH_‘ goes to subfolder ‘Other‘

Any name not matching the patterns goes to subfolder ‘Your Existing Rules‘, which actually means unassigned folder. Rules under this folder cannot be copied. Argent simply forced people to rename at that time.

Resolution

To workaround, say we need to copy a rule ‘EVT_DISK_PLUS_EMC‘. You can rename it to ‘EVT_OTHER_DISK_PLUS_EMC‘ first; switch away from Argent Data Consolidator; then switch back. You should see the rule shows up in folder ‘Other‘. Now you can copy the rule.