KBI 311345 SNMP Traps Causing UNHANDLED Directory Growth
Version
Argent AT 3.1A-1601-C and earlier
Date
Thursday, 11 February 2016
Summary
Badly configured network or server devices set to send all SNMP Traps or Syslogs to the Argent Engines can cause bad performance and log growth in the UNHANDLED subdirectories of products Argent for Compliance and Argent for SNMP
Be aware, currently these directories are not maintained by the Argent Log Management System
Technical Background
Unhandled directory location:
<drive>:\Argent\ArgentForCompliance\UNHANDLED
<drive>:\Argent\ArgentForSNMP\UNHANDLED
As the name suggests the unhandled directory stores Logs for unhandled SNMP Trap and Syslog messages not captured by Rules/Relators, which means any message source not added to CMDB-X, Licenses and Monitoring Groups used in the Relator would log in the unhandled directory
Listening Port
162 – SNMP Trap (UDP)
514 – Syslog (UDP)
Note: The log files in the UNHANDLED directory are not maintained and can grow without proper maintenance
There is one log per day and this log file will grow and not rollover at a particular set size, therefore the files could grow large, greater than 2G
Resolution
Development is working a solution to maintain these log files
Create a task to purge old log files