Version

Argent AT 3.1A-1601-C and earlier

Date

Thursday, 11 February 2016

Summary

Badly configured network or server devices set to send all SNMP Traps or Syslogs to the Argent Engines can cause bad performance and log growth in the UNHANDLED subdirectories of products Argent for Compliance and Argent for SNMP

Be aware, currently these directories are not maintained by the Argent Log Management System

Technical Background

Unhandled directory location:

<drive>:\Argent\ArgentForSNMP\UNHANDLED

As the name suggests the unhandled directory stores Logs for unhandled SNMP Trap and Syslog messages not captured by Rules/Relators, which means any message source not added to CMDB-X, Licenses and Monitoring Groups used in the Relator would log in the unhandled directory

Listening Port

There is one log per day and this log file will grow and not rollover at a particular set size, therefore the files could grow large, greater than 2G

Resolution

Development is working a solution to maintain these log files

Create a task to purge old log files