KBI 310194 Argent Console Hangs When Flooded With Alert Requests
Argent Advanced Technology All Versions
Date
29 Jul 2010
Summary
Customers may report not receiving Alerts in Argent Advanced Technology. Upon further investigation, one finds the Argent Console service is not listening on port 3079 (default port).
Technical Background
When the Argent Console service starts, it completes a number of housekeeping tasks prior to listening on its configured port (by default, 3079). These housekeeping tasks include:
- Archiving Events in the Console table
- Pruning the Argent Predictor Data
- Compressing the Service logs
- Compressing the Alert logs
- Failed to receive expected Alerts
- Unable to telnet to Argent Console server on port 3079
- Argent Console service CPU usage hovers around 25%
- Errors in Argent AT product Supervising Engine Logs: “Failed to contact Argent Console server…”
- Extremely large ARGSOFT_PENDING_EVENTS_BACKUP.DAT files
- Thousands of ALERT_*_LOG.TXT files
- 0-byte Alert Log Zip files
- Stop All Argent AT Services
- Delete the *_PENDING.DAT files from ArgentForSharePoint, ArgentForExchange, ArgentForVMware
- Manually ZIP or delete the ALERT_*_LOG.TXT files from the ArgentConsole\ALERT_LOG folder
- Change Production Relators running Event Log Error/Warning Rules to Test Mode
- Start Argent AT Services
It is this last step that can interfere with the startup of the Argent Console service.
When an Argent AT product Supervising Engine sends an Event Request to the Argent Console, if it cannot be fired immediately, it is cached in a file called ARGSOFT_PENDING_EVENTS_BACKUP.DAT, located in the relevant product folder (e.g. c:\Argent\ArgentForExchange\).
As the Argent Console processes Event Requests, they are logged to individual files under the ALERT_LOG folder of the Argent Console. During service startup, the service attempts to compress (ZIP) the Alert Logs. If there are too many (thousands) of Alert Log files to ZIP, the service will be unable to process them or continue starting up.
Symptoms include:
Screenshots
Thousands of ALERT_*_LOG.TXT Files
Extremely Large Pending Events Files
Root Cause
In Argent Advanced Technology products, there are pre-defined Rules to monitor the Windows Event Logs for Errors and Warnings. These Rules, unmodified, can cause a flood of Event Requests to the Argent Console:
Argent for SharePoint
Argent for Exchange
Resolution