To prevent the above warning Agent Side Backup can be enabled:
- To ensure the integrity of event data from the specified data source, you can create agent-side log backup. This will help you to protect data from losses that may occur due to accidental or malicious log cleanup on the target machine. Log backup can be created for the most frequently used data sources (for example, Windows Event logs).
- Agent-side log backup uses a compression method similar to that used in InTrust repositories. On average, the contents of the event cache are compressed to 1/15th their original size.
- Agent-side cache is always used to process data from monitoring-only data sources. For the data sources used in both gathering and monitoring processes, you can select whether to create agent-side log backup.
To configure agent-side log backup
1. Schedule the InTrust task that will process the selected data source.
2. Open the properties of the data source under the gathering policy.
3. Select the Enable log backup and use it to gather events option:
The Clear the backup after gathering check box is automatically selected together with the Enable log backup and use it to gather events option.
If a data source is used by more than one task and the agent-log backup feature is enabled for the data source, deselect the Clear the backup after gathering check box to avoid data loss.
4. Click OK to save the settings and close the dialog; commit the changes.
5. Restart the InTrust Server services to push out the changes to the agents.
CAUTION: After you enable agent-side log backup, the log will be cleared the next time it is gathered. Subsequent gathering sessions do not clear the log.