KBI 311345 SNMP Traps Causing UNHANDLED Directory Growth


Argent AT 3.1A-1601-C and earlier


Thursday, 11 February 2016


Badly configured network or server devices set to send all SNMP Traps or Syslogs to the Argent Engines can cause bad performance and log growth in the UNHANDLED subdirectories of products Argent for Compliance and Argent for SNMP

Be aware, currently these directories are not maintained by the Argent Log Management System

Technical Background

Unhandled directory location:



As the name suggests the unhandled directory stores Logs for unhandled SNMP Trap and Syslog messages not captured by Rules/Relators, which means any message source not added to CMDB-X, Licenses and Monitoring Groups used in the Relator would log in the unhandled directory

Listening Port

162 – SNMP Trap (UDP)

514 – Syslog (UDP)

Note: The log files in the UNHANDLED directory are not maintained and can grow without proper maintenance

There is one log per day and this log file will grow and not rollover at a particular set size, therefore the files could grow large, greater than 2G


Development is working a solution to maintain these log files

Create a task to purge old log files