Created on 08-30-2021 06:16 AM Edited on 12-15-2021 07:17 AM By Anonymous
Description
When enabling features at the DC, it is possible to start generating event logs that are too big to fit the FSSO CA buffer for processing and due to this the Collector Agent can miss some user logon events when monitoring method 'Check Windows Security Event Logs' is utilized.
When event record is too big to fit the FSSO CA buffer, it will raise an error called ERROR_INSUFFICIENT_BUFFER and the Collector Agent will skip this record.
Scope
For FSSO Collector Agent.
Solution
Switch the polling method to use the WMI.
For more information about FSSO monitoring methods check related article.
Note.
This behavior is implemented since FSSO 5.0272 (in previous releases the FSSO processing get stuck).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.