Version

Argent AT 3.1A-1304-L or above

Date

28 Apr 2013

Summary

Argent for Compliance now filters the events first with an Event ID before composing the event log message.

This is especially significant for Rules that monitor Security Logs for a few Event IDs.

The security log for Domain Controllers can be massive, and composing Event Log messages is a resource-intensive task.

By filtering Event IDs first, the performance can be improved ten-fold.

The enhanced behavior is on by default.

While not recommended, this feature can be turned off by setting the registry HKLM\Software\Argent\ARGENT_FOR_COMPLIANCE\SLOW_READ_EVENT_LOG to 1.

Technical Background

N/A

Resolution

N/A