Version

Argent Advanced Technology – All Versions

Date

Tuesday, 23 Sep 2014

Summary

Customer reports that Argent for Compliance is not firing alerts for SYSLOG messages sent by their AIX servers

Technical Background

Due to a mistake in coding, the customer had configured their SYSLOG Rules to accept incoming messages only on Message Facility Local-6

In reality, the AIX servers were sending messages on Local-5

THIS IS A COMMON CAUSE OF ALERTS (CORRECTLY) NOT BEING FIRED BY ARGENT FOR COMPLIANCE SYSLOG PROCESSING

If Alerts are not being fired in Argent for Compliance for SYSLOGS — on any platform, not just AIX — the Levels are the first place to check

Click For Full Size

Resolution

Correct miscoding in the SYSLOG Rule to accept SYSLOG messages on Local-5 by checking the box for Local-5 Message Facility