Version

Argent Advanced Technology 3.1A-1407-A and later

Date

Thursday, 7 Aug 2014

Summary

When archiving high volume SYSLOG data, Argent for Compliance might lose some data

This can happen frequently especially when archiving SYSLOG data from many network devices at the same time

The issue is addressed in Argent AT 3.1A-1407-T1

Technical Background

Argent for Compliance writes received SYSLOG messages to file system first before another worker thread reads and write to archiving database

The intermediate Work Order file may be overwritten due to insufficient file naming scheme

It is more likely to happen if SYSLOG volume is very high

Resolution

Upgrade to Argent AT 3.1A-1407-T1 or later