KBI 311353 Issue Addressed: Argent for Compliance Might Fire Alerts For Events That Happened In Maintenance Period After Maintenance Period Expires
Version
Argent Advanced Technology 3.1A-1601-C and earlier
Date
Thursday, 3 March 2016
Summary
Argent for Compliance Engine runs Log Rules and keeps the watermark of scanned Events
In next run, Engine resumes scanning from where it was left last time
If a server is put into maintenance for a period of time, the server won’t be checked during the maintenance period
So there will be no Alert being fired during the maintenance period
However, after the maintenance period expires, Engine will scan the logs since last check, which will include the maintenance period
As a result, Alerts might be fired for Events that happened in the maintenance period
The issue has been addressed in Argent AT 3.1A-1601-T4
Technical Background
The issue is caused by design error
Resolution
Upgrade to Argent AT 3.1A-1601-T4 or later