The first event destination configuration
1. Go to the Change Guardian Policy editor\settings\Event Destination\connection usage filter to see if it is set to "pn:"NetIQ Change Guardian" AND (sev:[0 TO 5])".
Note: This filter will send all Change Guardian server system events and agent audit events to whatever destination server is configured.
2. To stop sending Change Guardian agent audit events either uncheck the filter box to completely stop using the filter or change the filter to "pn:"NetIQ Change Guardian" AND (sev:[0 TO 1])".
Note: The 0 TO 1 setting will only send Change Guardian server system events.
The second event destination configuration
This setting should be left as is if you made the above change. Although it is a good idea to confirm the event destination for the policy associated with the incoming duplicate events. If there is no policy/policy set destination configured then there is also the possibility of a duplicate policy sending the same event. To confirm the policy event destination follow these steps.
1. Log in to the Policy Editor.
2. Click Policy Assignment.
3. Select an asset group or computer, and click Assign Policies.
4. Select a policy set or policy and click Advanced.