KBI 310833 Issue Addressed: Argent for Compliance Not Firing Events For SYSLOG Rules
Version
Argent Advanced Technology 8.0A-1401-D and below
Date
Thursday, 13 Feb 2014
Summary
Argent for Compliance does not fire events for matching SYSLOG messages when combining alerts for log event is enabled (registry COMBINE_ALERTS_ON_LOG_EVENT.
However, SYSLOG messages are archived correctly.
Technical Background
This is caused by a coding error
Resolution
Upgrade to Argent AT 3.1A-1401-E or later.
For customers who cannot upgrade immediately, set registry ‘HKLM\Software\Argent\ARGENT_FOR_COMPLIANCE\COMBINE_ALERTS_ON_LOG_EVENT’ to zero.
However, customers should consider the side effects that Argent for Compliance will fire one alert for each matching log event with this registry key setting.