Overview
The Audit Log might not have any events, or a few events, for a certain period of time accompanied by the following message appearing in the AureaMonitorAgent logs:
<event>
<date>YYYY/MM/DD HH:MM:SS.sss-TZ</date><severity>INFO</severity><reqid></reqid><thread>Actional Message Broker Dispatcher-1</thread><user>Superuser/Superuser</user><runid>1618871529691</runid><subsys>ANALYZER</subsys><logid>18c1fddc-0c42-4427-a456-cc58703b3802</logid><msgid>ANALYZER0106</msgid>
<msg>ANALYZER0106: The analyzer is dropping monitored flow events because events are
being generated at a faster rate than the analyzer is allowed to use when
sending them to the server to persist them. If this occurs regularly,
the Flow Monitor settings on this agent should be adjusted (reduce the interval,
send more events per batch).</msg>
</event>
Solution
This can be solved by navigating to http://host:4040/lgserver/admin/services/profile/profile_list.jsp
, clicking on the agent profile that is being used (ex: default_agent_profile) and under Advanced Tuning change the last option to Process All. This will enable processing all the events instead of dropping events in high traffic situations.
Testing
Once the configuration is done, all events after the change was made will be visible in the Audit Log.