KBI 310833 Issue Addressed: Argent for Compliance Not Firing Events For SYSLOG Rules
Argent Advanced Technology 8.0A-1401-D and below
Thursday, 13 Feb 2014
Argent for Compliance does not fire events for matching SYSLOG messages when combining alerts for log event is enabled (registry COMBINE_ALERTS_ON_LOG_EVENT.
However, SYSLOG messages are archived correctly.
This is caused by a coding error
Upgrade to Argent AT 3.1A-1401-E or later.
For customers who cannot upgrade immediately, set registry ‘HKLM\Software\Argent\ARGENT_FOR_COMPLIANCE\COMBINE_ALERTS_ON_LOG_EVENT’ to zero.
However, customers should consider the side effects that Argent for Compliance will fire one alert for each matching log event with this registry key setting.