KBI 311353 Issue Addressed: Argent for Compliance Might Fire Alerts For Events That Happened In Maintenance Period After Maintenance Period Expires

Version

Argent Advanced Technology 3.1A-1601-C and earlier

Date

Thursday, 3 March 2016

Summary

Argent for Compliance Engine runs Log Rules and keeps the watermark of scanned Events

In next run, Engine resumes scanning from where it was left last time

If a server is put into maintenance for a period of time, the server won’t be checked during the maintenance period

So there will be no Alert being fired during the maintenance period

However, after the maintenance period expires, Engine will scan the logs since last check, which will include the maintenance period

As a result, Alerts might be fired for Events that happened in the maintenance period

The issue has been addressed in Argent AT 3.1A-1601-T4

Technical Background

The issue is caused by design error

Resolution

Upgrade to Argent AT 3.1A-1601-T4 or later