Version: 5.6 (Build 58)
Feature Enhancements:
1. New event ID 4371 has been added to the System: Patches and hot fixes Category (All Categories -> Windows -> System: Patches and hot fixes).
2.EventVault Warehouse Manager - Option to view CAB files for the selected period of time.
3.“License Info” button has been added to the About EventTracker dialog box.
4.“License Usage” displays the count of licenses utilized and if the Agent could not identify the OS type of the managed systems, it is displayed against “OS type not identified”.
5. EventVault Warehouse Manager: New Button "Move" has been added to move the selected archives to a different location from default Archive path.
Bug Fixes:
1. Not able to configure agentless system through Agent Configuration.
2. Disk space usage trend graph.
3. RSS configuration getting deleted while modifying Alerts.
4. Report detail mismatch on Idle & listening suspicious activity report.
5. Data processing error while generating reports by selecting system groups.
6. Fresh install of EventTracker does not create the file evtrpt.ini until user runs a report from Advanced reports console.
7. EventTracker Manager does not update proper OS type of the Managed systems.
8. During DST change, Reporter does not give proper report.
9. During activation, Management console & Reporter console crashes and shows type mismatch, error 13.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.6 (Build 49)
Feature Enhancements:
1. Disk Space forecasting Report : A new feature which forecasts the disk space usage from all systems.
2. Capability to use UNC Path in EventVault (Configuration, Backup All Archives, Extract).
3. Category “*Security: User added” will now have only event ids - 624, 565 and 566. From the earlier version events 642, 627 & 628 have been removed.
4. Created a new category “*Security: User account enabled” , that contains event ID 626.
5. The Install includes the file named "User added & account enabled.iscat" that contains the changes in the Category "*Security: User added & User enabled"
6. "Cab file request" button added in Collection Master console. Now users can request a CAB file to be resent to the Collection Master.
7. Utility : for Merging new cabs from old archive to new Archive & update in the etwarindex.bin file.
8. Updated the Read me document.
9. The SNAM feature has a new option to Add installed processes and services using "Add Program" Browse button.
10. Changes in SNAM GUI, the user can now enable/disable processes on the trusted list.
11. Added new Compact DB in Maintenance tools for the AlertDB and Collection Point DB.
Bug Fixes:
1. Daylight Saving Time issues in Reports, Log volume analysis & Log analysis have been resolved .
2. Resolved issue in SQL Log monitoring using LFM. Changed the Log parser dll to v2.2.
3. Resolved the issue causing License usage count being displayed incorrectly.
4. Resolved an issue in RSS notification that caused failure if only the RSS notification were chosen. Previously the RSS notification worked only if it was enabled along with at least one other notification.
5. Resolved issue in LFM custom EVT feature that was failing for larger EVT files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.6 (Build 41)
Architectural Enhancement
EventTracker architecture now provides a new capability that is called Collection Point. The Collection Point feature is designed to enable multiple deployments of EventTracker to forward their respective log data to a central location from where reports can be generated. Details about this new feature and its usage can be read from this document
With the introduction of the Collection point architecture, the EventTracker Management Console now works in one of 3 modes, namely, the Standard mode, the Collection Point Console mode or the Collection Master Console mode. The Standard mode works exactly like the previous versions of EventTracker Manager. The other 2 modes work as follows:
1. Collection Point Console:
The Collection Point Console is an EventTracker Manager with the capability to transmit archives to 1 or more Collection Masters. It is best suited for hierarchical topologies where an EventTracker Collection Point Console transmits archives to one or more Collection Master’s.
Read this Document
2. Collection Master Console:
The Collection Master Console is an EventTracker Manager with capability to receive archives that are being transmitted from various Collection Point Consoles. It can also generate/schedule reports on a per site basis.
Read this Document
3. Reporting capability for all collection point sites:
In the Collection Master Console there is capability to generate/schedule reports for any of the Collection Point Consoles that is reporting to it.
New Features:
4. Suspicious Network Activity Monitoring:
The Suspicious Network Connection Monitoring feature has been added to the EventTracker Agent. The EventTracker Agent will now monitor all connections on the specific systems and map them to known threats. Whenever there are suspicious connections an event is raised that can be acted upon by the network administrator. There is a set of pre-defined trusted connections and the agent does not monitor the connections listed in this trusted list. An option is available to add/edit/delete from this pre-defined trusted connection list.
5. Suspicious Network Activity Report:
This is a new report that is added to the Reports Console that will report on the suspicious network activities.
6. Alert for Suspicious Network Activity:
A new alert has been added, that can alert when there is any suspicious network activity. This feature is available in the Manager Configuration menu of the EventTracker Manager Console.
7. About EventTracker option added to Control Panel:
The “About EventTracker” option is now available in the EventTracker Control Panel. It also displays the list of available features, license usage, patch information and system information.
8. Disk cost analysis:
A new feature is added into EventTracker where an approximate estimation of the cost is displayed before any major database action is initiated. By displaying this approximate estimation the attempt is to help the user to judge if the time taken / disk space used / memory used is within bounds of the planned activity. It is also helpful in avoiding accidental using up of system resources.
Bug fixes:
1. The remove client components option in System Manager was not updating the present list of reporting hosts/agent in ETReceiver service.
2. The Extended Summary reports were failing if the description of the event contained a single quote.
3. The Reports sometimes failed due to a synchronization problem i.e. two instances of the reporter picking up the same schedule, causing one to fail.
4. The AlertsDB table not being created during installation if the Alert DSN is present from the previous installation and this in turn caused the Receiver service to crash.
5. The Feature list used to show - "Logfile monitoring" feature as not available.
6. EtScheduler Service crashing while upgrading
7. Receiver service Rxer Trap Buffer Overflow issue, added "max_trap_buffer_size = 10000" entry in rxer ini file
8.Issdb is not uninstalling while Uninstalling the ETracker If StatusTracker or TrapTracker installed in the same system.
Other Enhancements:
1. Existing NCM category events severity & type changed to information events.
2. Changes in Compliance Reports category: - "all audit" events are removed.
3. New category EventTracker: Suspicious Network added. Its severity & type is Warning.
4. Changes in: *Security: All security events in Windows group.
5. Secondary License changes for supporting new feature 1.RSS alert 2. Collection Point
New categories available in Event Tracker folder:
1. Altiris Deployment Solution.iscat
2. Citrix.iscat
3. Crystal Enterprise.iscat
4. Oracle.iscat
5. Allsecurity.iscat
6. Logcheck.iscat
New alerts available in Event Tracker folder:
1. Suspicious Network Activity (NCM).iscat
2. Oracle.isalt
3. Crystal Enterprise.isalt
4. Citrix.isalt
5. Altiris Deployment Solution.isalt
6. Logcheck.isalt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.5 (Build 14)
Feature Enhancements:
1.New feature - Display Available License list in Help/License Usage menu (ETConsole).
2.License Activation changes to support IE .7
Changes in Activation:
If IE version is 7.0 and High security is enabled then, Message will be displayed asking the user to manually add the following sites to Trusted sites
a) http://*.prismmicrosys.com
b) http://*.eventlogmanager.com
User has to manually add these sites from IE 7 browser, Tools-Internet Options-Security Tab-Trusted Sites-Sites.
Bug Fixes:
1.Retaining SMTP Authentication information even after unchecking the SMTP Authentication.
2.Alerts not exporting properly in ET 5.5 Build 13.
3.Alerts not working properly when upgraded to 5.5 Build 13.
4.Receiver stops if the configuration file (evtrxer.ini) is missing in EventTracker folder.
5.Manage systems" button is disabled in the ET management console toolbar." in ET v 5.5 B 13.
6.Agent takes high cpu usage and stops responding.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.5 (Build 13)
Feature Enhancements:
1. Added capability to provide License with an expiry date. Product GUI's stop working after expiry date unless License is renewed.
2. RSS Alert feature is now configurable to any RSS feed.
Bug Fixes:
1.Veritas Report :- renamed as "Veritas Backup Exec for Windows."
2.Veritas Alerts: renamed as
a.)Veritas Backup Exec: Catalog error
b.)Veritas Backup Exec: Database maintenance failure
c.)Veritas Backup Exec: Device & media error
d.)Veritas Backup Exec: Job failed
e.)Veritas Backup Exec: Software update error 3. "Backup Exec alert.isalt" file renamed as "Veritas Backup Exec alert.isalt" , it is available in folder - Prism Microsystems\EventTracker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.5 (Build 12)
Feature Enhancements:
1. New notification method for Alert using RSS is available.
2. New compliance report group for Payment Card Industry (PCI) standard.
3. New report - Veritas Backup Exec for Windows.
4. Added the "Not" / "Exception" option in categories (i.e. category exception).
5. Added User field to alert email.
6. Added ability to monitor custom event logs to the Agent Log File Monitoring feature.
7. RSS configuration is moved to ETConsole from Report console.
8. Activation DLL : Adds 2 sites to Trusted Zone (1.prismmicrosys.com 2.
eventlogmanager.com).
9. Changed KB URL from from www.evtcatalog.com to kb.eventlogmanager.com.
10. Renamed the Computer tab as System tab in Alert Config GUI in ET Console.
11. Added 2 new categories & 2 new alerts for "Veritas" and "Backup Exec".
12. Installation changes made to create new roles tables and to import role information into these tables.
Bug Fixes:
1. EventTracker creates duplicate product folders in the C drive during installation.
2. Receiver config file (evtrxer.ini) sometimes not updated while running reports.
3. Receiver service crashes if event description exceeds 3.5 KB.
4. Receiver service keeps logging event 3202 informing that agent is not running.
5. EventTracker Agent crashes on Windows 2003 server with Exchange Server
2003 Service Pack 2.
6. Events filtered from view not forwarded to Correlation Engine.
7. System Manager emits "license exhausted" message even if licenses were available.
8. While editing view filters, the event id and the category fields are not editable; category configuration missing from the event view.
9. Unable to import/export Alerts.
10. Agent crashing on systems where IBM Tivoli is installed.
11. Agent shows User Name as N/A for the Event ID 3209/3208.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.4 (Build 27)
Feature Enhancements:
1. New - Alert Notification Analysis feature.
2. Improved - Alert Analysis feature works faster.
3. New - User Analysis feature provides daily reports on all user activity including administrator and non-privileged users. This requires the EventTracker Correlation Engine (Plug-in).
4. New - Feature to remove Unmanaged systems from System Manager.
5. New - alert category ( "File Replication Service staging area full" ). A file (containing this alert (FRS staging area full.isalt) is provided for importing this alert.
6. Added - events 3226 & 3227 into EventTracker: Network connections category.
Bug Fixes:
1. Custom alert not working.
2. "Overflow" error message can occur while running Log Volume Analysis.
3. Handle leak in evtmgr service.
4. Optional modules TrapTracker & WhatChanged cannot be opened from Control panel & Menu bar.
5. If the EventTracker Correlation engine is uninstalled, it affects the EventTracker Console installation on the same machine.
6. The Reports Console crashes when user tries to generate a report with groups.
7. Multiple instances of Maintenance tools should not be permitted if started through Control Panel.
8. If the View Filter window is maximised the “Filter Exception” button is stuck in the middle of the screen, blocking access to a other buttons.
9. Reports sort order issue - noticed the date time is not sorted in order.
10. When new category inserted, Correlator Service disconnects from Receiver service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.4 (Build 19)
Bug Fixes :
1. Fix for Resource Access Reports showing duplicate values in summary part.
2. Fix for Report Data Cache path configuration issue while upgrading ET from 5.3 to 5.4.
3. New feature - RSS Feed Configuration in report and RSS feed feature is available in ELC.
4. Fix for Report Issue- "ODBC error on crystal report"
5. Fix for Alert not working when Upgraded from 5.3 to 5.4
6. Fix for Daylight issue in EventVault Archive Integrity check
7. Change in Archive Integrity check- One Event from EventVault for Archive Integrity check.
8. Fix for - ET Client Properties utility not working.
9. Change in Agent- "TCP connection ESTABLISHED" changed as "Socket CREATED "
10. Change in - Support utility to send archiver log and scheduler logs.
11. EventTracker Event Id 3227, Socket Disconnected has to be changed to Socket Deleted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.4 (Build 17)
Feature Enhancements:
1. Event Analyzer enhancement : Capability to further refine the result set based on System,Event Id,Event Type,Log Type,User and Description.
(New name: Log Analysis )
2. Scheduling option in Event Traffic Analyzer( New name- Log Volume Analysis ).
3. Scheduling option for CAB file checksum verification 4. Analyzer exception.
5. View Filter exception.
6. Alerts Based on count.
7. Alerts Based on time.
8. Name resolution via NETBIOS
9. Linking Alerts & Alerts category .
10. New NCM Alerts in category group Suspicious Network Activity
(SpyWare,Ports: Spoof sites).
11. New NCM Ports into alert agent configuration (remote port = 85, 87,99,680,880,901,1027,1028.............. ).
12. System Group selection option in Alerts is available in this build.
13. Added new Categories : “Security: User added to group” and “Security:
User removed from group” into group Windows\ security\ user.
14. ETConsole Enhancement: New Master Cache concept, to view more events in Event Monitoring.Now internal Cache has capacity to hold 5000 events.
15. Performance improvements on summary report .
16. Enhanced Resource Access Reports by specific access types.
17. Option to generate report for events by Event id or description (custom selection) in Event Traffic Analyzer( New name- Log Volume Analysis).
18. Option to generate report for specific set of Windows events( 540,675,672, 673,680) in Event Traffic Analyzer( New name- Log Volume Analysis).
19. ETConsole Tool Bar changes:
a) Added button "Alert Analysis". Shows Alert Category events of the last 24 hours for all computers.
b) Added button "Log Volume Analysis". Shows log volume report based on Category, Event Id or Custom selection. Provides functionality to schedule reports on daily, twice daily or weekly basis. Reports can be sent via email.
c) Added button "EventVault"
d) Renamed button "Event Analysis" as "Log Analysis"
e) Renamed button "evtCatlog" as "Knowledge Base"
f) Removed button "Alert" button for configuring Alert.
g) Removed button "Edit Security Policy"
20. ETConsole Menu Changes:
a) Removed "Event History" from "View" menu.
b) Renamed menu item Configure->Configure Systems to
Configure->Configure Agents.
c) Removed "Event Analysis" from "Configure Menub
d) Added menu item "Analysis" with following sub menu
* Log Analysis
* Log Volume Analysis
* Alert Analysis
21. New group AntiVirus : Category- 1.McAfee VirusScan & 2.Symantec Antivirus
Bug Fixes :
1.Resolved the issue in console:
a)Event Count Mismatch
b)Unmatching events in Event monitoring
2.Resolved the issue: Cost Saving Analysis - ROI report has count mismatch.
3.Resolved the issue - Resource Access Reports : If path is too long then it is not displayed in report.
4.Resolved the issue - In System 32- Report keep logging into System 32.
5.Made Export/Import changes to support new Alerts feature (Based on count & time).
6.Resolved the issue: Entering a "0(zero)" for the third segment in the subnet, does not enable the "OK" button to "Search Computers" in the EventTracker System Manager.
7.Resolved the issue:ET Client Properties utility not working.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.3 (Build 17)
Feature Enhancements:
1. Event Traffic Analyzer: Added special analysis option for each one of these Windows events (Event ID – 680, 672, 673, 675 and 540); added feature to select Top (10, 20 ..) records to display.
2. New category "McAfee VirusScan" is added( All Categories/McAfee/McAfee VirusScan ) 3. If a non-windows system name is configured in a DNS, the FQDN is displayed on main console and System Manager.
Bug Fixes :
1. In Historical Reports the count of events should be independent of the size of Console Max events count.
2. PCRE string not working in Historical reports.
3. Default group events to appear in other groups in Management Console.
4. Message "Connection Not open" repeatedly appears in evtrxlog.txt.
5. In the Reports Console, the configuration path shown in the GUI always refers to ET install path. Report Data Cache path is now configured under the Archiver path.
6. Schedule Reports crash at 12PM.
7. Compliance Reports Chapter selection in ONDEMAND reports does not work in certain situations.
8. Agent service stopping when Hard disk is full; etaconfig.ini file becomes blank.
9. ET Agent - Log File Monitor (LFM) feature fixes a. LFM stops reading log files after 30 mins.
b. LFM based search fails when used with multiple search strings.
c. LFM Category does not correctly match events.
d. LFM matching can fail for non-text files.
10. Receiver service stopping when Hard disk is full, evtrxver.ini file becomes blank.
11. If a new index is re-created using Archive Indexer tool in the Control Panel, then archive indexer in EventVault Warehouse fails.
12. In Agent Management tool, the Username field does not accept "." char.
13. System Groups when added in schedule reports have a limit of 255 chars 14. Spelling correction in Alerts - (Old alert desc: "Excessive ping failures - serveral systems are not reachable". Changed alert Desc:
"Excessive ping failures - system(s) are not reachable”).
15. Historical reports causing a crash when Computer's selection exceeds more than 255 char.
16. Subscript out of range errors message in Console if there is no system group.
17. ETConsole : "New events not displayed when Category is selected"
18. Error message: "Fail to import alerts " from Import/Export while importing Alerts & filters.
19. GLBA Compliance reports for logon, logoff and logon failure events come up with “no matching records.
20. When the Reports Data Cache feature is enabled, when running a report, the estimated time seems to stay at zero even though elapsed time is greater than zero.
21. If User begins generation of an On Demand report and then locks the display with a login screensaver during processing, when the display is unlocked the Reports Console shows an empty report though counts are non-zero.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.3 (Build 6)
Feature Enhancements:
1. Event generator utility now has command line capability (and user documentation in Evtgen_Doc.pdf).
2. Added new Category "Shutdown" into the "All Categories\Windows" group.
3. Added 4 Alerts (1.Administrative log-on, 2.Administrative log-on failure, 3.Directory permission change & 4.System Shutdown).
4. ET Agent in GED (TCP) Mode, the EC files created on the Agent side are now restricted to a max size of 5MB.
5. Report generation time is minimized by keeping latest archive files in decompressed format. This option is configurable and the user can also specify the number of days upto which the data has to be retained in decompressed format.
6. Event Analyzer results can now be exported into Excel or Text format.
7. EventTracker Console now displays total events being received at the Receiver.
8. Multiple reports (4 scheduled & 1 manual report) can be executed at same time.
9. A New event ( Event ID 685 ) has been inserted into the category "*Security: Account Renames" under the "All Categories\Windows\Security" group.
Bug Fixes :
1. Agents crashing during installation on NT 4.0sp6a systems
2. Sometimes evtrxlog.txt is written into System32 folder
3. Repeated "Agent not running events" (ID 3202) falsely reported
4. Backslash not working in expression match's. More help is provided about the correct usage of special chars in substring matching (in Manage category, Alert, Report criteria and View Filter)
5. Regular Expression string match not working in Event Analyzer.
6. Huge data volume can cause Reporter module to hang
7. Extended Summary shows misleading event description
8. Ping configuration not honored for non-windows systems
9. When Agent is GED mode and the TCP socket is blocked (by intrusion detection software) the socket goes to CLOSE_WAIT state and is eventually "lost"
10.When a Compliance Report is scheduled, multiple chapters are not permitted to be selected
11.When the scheduled report configuration is updated (edit and save), the scheduled time is set incorrectly
12.When Daylights Savings Time begins, the reports scheduled for the next week run one hour earlier
13.Resource Access Success /Failure reports taking long time to generate
14.Report status not updated correctly in Report console
15.Maintenance tools - Scheduled report utility crashes in some situations
16.Export/Import utility crashes while importing an Alert with Custom action if description is empty
17.Report, DSN & Temp DB not cleaned up after report generation
18.Report - status of processed scheduled reports not updated immediately
19.Import/Export utility - after importing Alerts & Filters the Receiver Service is now restarted automatically to ensure that latest config data is picked up
20. Removed unnecessary "Enable event archiving" option from the configration setup during installation.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.2
Feature Enhancements:
1. License activation.
2. EventVault manager shows the number of event boxes.
3. Enhanced event generator utility.
4. All exes and dlls have been code signed.
5. SendMail utility included.
Agent :
6. Agent can now run in one of two modes namely, high performance mode or standard mode
7. Install/upgrade of high performance agent through System Manager.
8. Enable/Disable GUID/SID translation.
Report :
9. Schedule report utility is available in the maintenance tools.
10. New FISMA report added.
11. Resolved sort order issue in category detail reports event section.
12. Enhanced GUI of reports console - with the scheduled reports UI integrated.
Console :
13. Console CPU usage optimized.
14. Resolved spelling mistakes in alerts and categories.
15. Option to set analyzer view limit in Config Manager ( Default: 10,000 & Max 50,000)
Bug Fixes
1. Resolved issue in identifying memory usage if memory size > 4 GB.
2. Resolved incorrect disk space utilization issue.
3. Resolved issue where event 3202 says "Detected Service <EventTracker Agent> is not running" for Unix\Linux (Syslog).
4. Resolved issue in upgrade and uninstall of any non windows agent via System Manager.
5. Resolved issue in import-export of email configs in alerts.
6. Resolved issue in Log on/off reports.
7. Resolved Log File Monitoring issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.1
Performance and usability improvements:
1. SOX, HIPAA and GLBA compliance reports.
2. Management Console fixed for high CPU usage; "show severity" option provided to further reduce the CPU usage.
3. Bug fix in EventTracker Agent - Agent lost some events when the event log was cleared manually.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version: 5.0
Performance and usability improvements:
1. Executable files are now code signed.
2. Category groups have been added to The Management Console to allow for organization of categories in groups and be organized in n-level hierarchy.
3. Sarbanes-Oxley compliance related event categories and alerts have been added.
4. New filter options have been added to alerts.
5. A Cost Saving Analysis report can be generated from the Management Console.
6. A database size warning has been added to the Management Console to monitor the maximum size of the database and give a warning when the size is exceeded.
7. Unique filter warnings have been added to give a warning if filters are repeated.
8. The option to directly add event categories as alerts has been provided.
9. The Reports Console has been revamped to provide better usability.
10. New “On Demand” report option allows report settings to be saved and run by the user on an as-needed basis.
11. The Report Engine has been optimized for better performance.
12. A new report template with an Extended Summary chapter has been added to provide event ID based reports.
13. The System Manager now has a command line interface for installing/uninstalling EventTracker Agents on systems.
14. The ability to run offline event correlation on archived events has been added to the Event Traffic Analyzer tool.
15. The export and import utility has been improved to support the complete export and import of configuration settings for EventTracker.
16. Events import utility (getallevt.exe) has been modified to provide additional options.
17. An Event Generator test utility has been provided to generate sample events.
18. The agent is now multithreaded for improved event log processing speed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
