Resolution
goal
How frequently are VSAU alerts sent to the SM consolidator?
goal
How often does the Security Manager Consolidator receive alerts from the VigilEnt Security Agent for Unix?
goal
Are the VSAU alerts in the SM Consolidator considered real-time information?
fact
VigilEnt Security Agent 4.x
fact
VigilEnt Security Agent 5.x
fix
Alerts are sent to the Security Manager consolidator by the VSAU immediately after they are generated and written to the
How frequently are VSAU alerts sent to the SM consolidator?
goal
How often does the Security Manager Consolidator receive alerts from the VigilEnt Security Agent for Unix?
goal
Are the VSAU alerts in the SM Consolidator considered real-time information?
fact
VigilEnt Security Agent 4.x
fact
VigilEnt Security Agent 5.x
fix
Alerts are sent to the Security Manager consolidator by the VSAU immediately after they are generated and written to the
./vsau/local/spool*alerts file on the agent. The agents sends the alerts to SM, and the alerts will arrive in a few seconds or less, which is considered real-time data. The only exception to this timing would occur during an event storm in which case the agent spools up The alerts go through the spool file until everything is sent. You could see a delay of 30 seconds or more during a severe enough event storm.Additional Information
Formerly known as NETIQKB46776