Does an agent lose cache data if it is restarted?

Alert Logic® log management Syslog agents do not wipe the cache (/var/alertlogic/lib/agent/cache/slc) if the agent service is restarted.

Log management Windows agents do not cache or buffer data to disk since they read from the Windows event log. However, it is possible to lose cache if there is a Windows event log buffer overflow occurring at the time of restart.

Alert Logic network IDS agents do not send traffic for analysis during restarts and will not capture traffic during the time of the restart. No events can be generated, and thus no new incidents will be generated.