Argent for Compliance: Event Time And Time Recorded’
A common Customer question is “Why they have repeated sending alerts?”
An example of this is as follows:
“At 12:41 we were bombarded with old alerts from the Argent for Compliance in Remedy
Nothing had happened in the logfile for 4 hours and the event time is set correctly”
The reason behind this occurrence is that Event Time is the ACTUAL time the event occurred in the Event Logs while, the Time Recorded is the time in which the Event was picked up by the Argent Relator running the Argent Rule
A Relator may run at 1:00 and at 8:00
During the seven hour period, an event may be logged numerous times
At 8:00, these events will be RECORDED
This is the “Time Recorded”
The event time is simply the time the events were actually placed into the log
It is important to note that the number of alerts fired depends on the setting for COMBINE_ALERTS_ON_LOG_EVENT in the Argent for Compliance registry
If this value is set to a 0, then duplicate events will be recorded as one
If set to a 1, then a different alert will be fired for each event in the log