The following is a list of issues known to exist with Gathering at the time of Quest release: InTrust 9.5.
If at the moment you attempt to gather Microsoft Proxy Server log this log contains event data in different formats, then gathering process will not work correctly.
Audit data is gathered from every instance of an object contained in the InTrust site. If a computer is included into a site, for example, as an IP address and as an FQDN name, it will be processed twice.
If you gather IIS/ISA Server text logs with the Time data field disabled for logging, some events may be lost. To avoid event losses, don't disable the Time field in the logging options on IIS/ISA Servers you are going to collect logs from.
Make sure not to create gathering policies with identical names. InTrust allows you to do so, but this will result in unpredictable problems in the product's operation.
If you receive the following error message in the task session results:
The session terminated unexpectedly.
while the individual job sessions under this task are marked as successful, check if the system time is synchronized between the InTrust Server and the SQL Server that hosts the InTrust configuration database.
When the agent on a computer in some InTrust site becomes lost, InTrust cannot receive information about the type of that computer in order to check if processing it exceeds the installed license. As a result, any further attempt to gather audit log data from that computer may fail with a misleading error message 'License is exceeded'.
Time stamp for events collected with a Data Source of the Custom Text Log type may be displayed incorrectly in InTrust Repository Viewer if these events were logged before the system time adjustment for daylight savings but collected after the time switch. In the Audit database, event time is saved correctly and this problem does not affect in InTrust reports.
When events from the IIS log are collected with the Ignore events older than / before ... option enabled, a warning about some events having been ignored is not logged to the results of the gathering job session as it is for gathering jobs that collect events from other logs with this option enabled.
If an InTrust Server is included in a site with automatic agent deployment disabled, a message about skipped agent installation is generated for the InTrust Server computer, and no gathering or monitoring policies that apply to the site are applied to it. As a workaround, consider including the InTrust Server computer into a site with automatic agent deployment enabled and running some gathering job for that site at least once. Then you may move it back to the original InTrust site since the policies will work for it as expected.
When you set up an InTrust Site to filter for Domain Controllers with InTrust for Active Directory service running, InTrust also enumerates all machines that have the InTrust for Active Directory Administration Tools installed. When a gathering job configured to collect events from InTrust for AD log is run for this Site, the following warning is logged for every enumerated computer that does not have InTrust for Active Directory service running:
The specified log does not exist.
InTrust agents cannot correctly gather events from custom text logs and Solaris BSM log files of more than 2GB in size.