VigilEnt Security Agent for Windows Detect service stops and must be manually restarted. (NETIQKB37674)

fact
VigilEnt Security Agent for Windows 4.0

symptom
VigilEnt Security Agent for Windows 'Detect' service stops and must be manually restarted. 

cause
The above issue occurs when a Microsoft Windows machine event log has a long object type larger than 64 characters in an event. This causes the IDMEF conversion to break and stop the Vigilent Security Agent for Windows Detect (Detect).  After receiving a request from the VigilEnt Intrusion Manager/VigilEnt Log Analyzer module,  Detect gathers all necessary events from the event logs and sends them to Vigilent Security Manager in IDMEF format. During the conversion to IDMEF, Detect uses mappings to map events to IDMEF.  It looks for the correct section in the mapping file using XSLT and occasionaly, object type based on the event id. While creating the search XSLT string, all the parameters were assumed to be a string no longer than 64 characters.  Therefore, only 64 characters were allocated.

fix

This issue is resolved in Vigilent Security Agent for Windows version 4.0 Service Pack 1 available for download at the location below.

• https://www.netiq.com/support/vsa/default.asp

Formerly known as NETIQKB37674