EventSentry Help v5.1

Version 3.4.1    September 2017

Windows Monitoring

oAdditional capabilities to detect and prevent against new types of Ransomware infections, including variants that modify the boot sector.

oNew software version check identifies outdated software on your network to help you reduce your attack surface. This new feature supplements EventSentry’s software inventory component.

oDisk space alerts now include a list of the largest files and folders of a volume

oUPS & Battery monitoring now inventories all attached UPS batteries as well as integrated batteries (laptops) regardless of the manufacturer

oEffective audit settings on a Windows host can sometimes deviate from group policy settings - due to conflicts, errors and so forth. A new Audit Policy Status page periodically inventories the current audit settings so you can verify the actual audit settings.

Network Monitoring

oNetFlow monitoring now supports calculating the bandwidth of an interface, including additional statistics such as packet count, bytes per packet and more.

oPing response time now provides packet loss stats

Integrations

oEventSentry agents can now be integrated with many open source and commercial log solutions with additional Syslog options - even custom JSON formatting is supported!

Web Reports

oNow available in 64-bit and support larger reports and increased performance

oNew user activity tracking page makes seeing all activity by a user as easy as never before!

Version 3.3.1    December 2016

NetFlow

oNetFlow with support for NetFlow v1, v5, v9 & sFlow. NetFlow supports visualization, geolocation, alerts, correlation with workstation logon events to map flows to ActiveDirectory users, filtering and more

Web Reports

oNotes & Documentation: Web reports users can submit notes to document infrastructure updates, maintenance, fixes and more. Documentation files can be uploaded and associated with hosts

oAdded ISO 27001:2013 compliance reports

oNew security features

oNew dashboard tiles

oTreemap visualization available for most pages

oUpdated look and improved menu

Management Console

oDeployment: Agents using the collector can receive configuration and agent binary updates automatically through the collector without user intervention.

oDeployment: MSI installers can now be created in a few seconds directly from the management console (requires free WiX Toolset)

oAbility to reset the configuration to post-installation defaults (new v3.3 installations only)

oRemote configuration can now removed when uninstalling an agent even when remote registry service is unavailable

oVersion checks and update/patch downloads are now performed over TLS for enhanced security

Agent

o64-bit agent is now available for 64-bit Windows

oRemoved limit and improved management of custom event logs

oSupport for chaining events

oAgent / Collector: Emails containing IP addresses sent through collector can be enhanced to display geolocation and reverse lookup data inline.

oEmails from security event log will automatically be enhanced with descriptions for many status and error codes

oDatabase performance of delimited log files has been significantly improved

oInsertion strings of events can be created or replaced using regular expressions

oInstall date of software is now available for most software even if it was installed before EventSentry

oUSB drives are now detected in real-time

Other

oHeartbeat Agent: Agent status is now retrieved directly from collector and/or database for faster and more efficient monitoring

oNetwork Services: Database performance for Syslog component has been improved for MSSQL databases

oNetwork Services: License count for network devices is now more accurately enforced

oDatabase: Built-In database now uses PostgreSQL v9.6, optional upgrade path is available

oConfiguration: Improved out-of-the-box filter rules for less noise

Version 3.2.1    February 2016

Collector

•Central collector service which enables a 3-tier architecture between an action (e.g. database, email server) and the EventSentry agents

•Supports compression and secure data transmission via TLS encryption

General

•Management Console: Ability to import computers from a network (subnet) scan

•Management Console / Remote Update: Record activity in log files

•Management Console / Remote Update: Toggle fields in result list

•Management Console: Export all configured filters to CSV file

•Switch inventory with switch port to MAC/hostname mapping

•Detection of highest supported USB version

Web Reports

•Additional language support for French, Spanish, Polish, Portuguese and Italian

•Out-of-the-box compliance reports for PCI-DSS, FISMA, Sarbanes Oxley, HIPAA and GLBA

•Improved & faster performance trend reporting with ability to display multiple trend charts on a single page

•New Bulk assignment for easier report management

•Report jobs can be saved to a folder

•Improved host inventory page now shows switch port (if available), USB version and VM hosts (if available)

•Health matrix displays computer notes

•Improved usability throughout

•Improved connection pool support

Version 3.1.1    December 2014

Windows & General Monitoring

•Task Scheduler inventory and change detection

•Large File enumeration

•Inventory of virtual machines (Hyper-V & ESXi)

•HTTP action now supports POST/PUT for better interoperability with web-based APIs

•Disk space monitoring now supports multiple disk space packages assigned to a single host

•Improved remote update / host management, especially of Non-Windows hosts in management console

Heartbeat & SNMP Monitoring

•Process Monitoring support for SNMP-enabled hosts

•Improved router functionality, configure routers based on IP subnet

•Status change detection and uptime calculation is more reliable

•Overall stability improvements in the heartbeat agent

Web Reports

•Support for multiple dashboards, including automatic iteration between dashboards

•Dashboards can be shared

•Support for graphical gauges (Clock, meter, number, bullet)

•New heat-map tile for uniquely visualizing log, syslog and performance data

•New generic search tile supports embedding data from any feature in dashboard

•Support for TV mode and dark/light theme in dashboard

•Various tweaks and improvements to existing dashboard tiles

Version 3.0.1    December 2013

New Web Reports

•Scheduled Jobs: Receive reports via email

•PDF & JSON Output

•UTC Support

•Cross-platform: Supports Windows, Linux and OS X

•Complex queries for all features

•Full API

•Easier installation & setup

•Better dashboards

•Better summary pages

•Do no longer require Flash

•Access control with LDAP integration

Network Monitoring (Heartbeat Agent)

•Poll SNMP counters (integrates with performance monitoring)

•Retrieve disk space information from SNMP-enabled hosts

•Retrieve basic system & hardware information from SNMP-enabled hosts

•Retrieve uptime from SNMP-enabled hosts

Windows Monitoring

•Log file monitoring supports sub folders

•Compliance "Logon By Type" tracking can exclude logons by computer accounts

•Event Log filters can override email subject & message body

•Packages can by dynamically assigned based on platform (32bit vs 64bit)

•Threshold filters can utilize insertion strings

•Disk space prediction feature (predicts when disk will be full)

•Identify reasons why hosts were shut down or rebooted

•Desktop notification supports Growl

•Network notification supports remote desktop services

•Application scheduler support process isolation

•New email format "HTML Modern"

Other

•New management console features ribbon & visual improvements

•New authentication manager

•Many common tasks have been simplified

•Improved built-in event viewer for Application & Services Logs

•ARP daemon detects & tracks new MAC addresses and MAC to IP mappings

Version 2.93    June 2012

New Features:

•New installer for a better installation and upgrade experience

•Now includes a built-in (PostgreSQL) database

•Added support for PostgreSQL 9.x

•ODBC drivers for PostgreSQL and MySQL are now installed automatically (when needed)

•New installation includes performance monitoring packages for Exchange Server and others

•Preliminary support for Windows 8 and Windows Server 2012

•Support for USB-only temperature & humidity sensors

•Introducing the Configuration Assistant, which supersedes the database setup wizard, and introduces additional functionality

•Heartbeat monitoring can now scan hosts in parallel using multiple threads

•Heartbeat monitoring: Maintenance schedule can be set to the "nth" weekday (e.g. 2nd Tuesday)

•Performance Monitoring supports floating point counter values

•Performance Monitoring can log counter data to multiple databases

•Performance Monitoring can combine values from two different counters

•Performance Monitoring can detect leaks in performance counters

•Performance Monitoring can suppress alerts based on past values

•Performance Monitoring alerts are more verbose and include additional information, including counter descriptions

•Process Monitoring: Supports wildcards and can evaluate the command line of a process

•Event Log Backups: Better alerts and alerts now include SHA checksum of .evt(x) files

•Event Log Monitoring: Content filter supports perl regular expression syntax

•Event Log Monitoring: Day/Hour filter can be set to the "nth" weekday (e.g. 2nd Tuesday)

•Event Log Monitoring: For Windows 2008 and later, processing performance has been optimized for higher throughput and lower CPU utilization

•Process Tracking: Now collects process elevation level when UAC is enabled

•Embedded scripts now verify temp file contents with checksum

•Embedded scripts called from the applications scheduler now support command-line arguments

•Hardware Inventory: On DELL & HP servers (when required manufacturer management tools are installed), collects fan speed, redundant power supply status, remote management card information, temperature information, detailed RAID information

•Hardware Inventory: Retrieves warranty information for DELL, HP, IBM and Lenovo hardware

•Hardware Inventory: Retrieves configured UAC level

•Actions: Filter notes can now be posted to HTTP action

•Management Console: Saving configuration is about 10 times faster

•Management Console: Added better keyboard and mouse scroll wheel navigation for better user experience and section 508 compliance

•Management Console: Status of all local EventSentry services is now monitored in the background

•Management Console: Environment monitoring dialog now shows serial ports with descriptions

•Web Reports: Performance Status and Heartbeat Status pages load significantly faster

•IIS: IIS no longer has to be switched to 32-bit mode on 64-bit systems

Bug Fixes:

•Added support for 64-bit event numbers (Vista and later)

•Audit policies for compliance tracking features are now set correctly on Vista and later systems

•Resolved problems in various features when Japanese file names were processed

•Computer names exceeding the maximum NetBIOS length of 15 characters are now properly stored in the database

•Event message text is now properly formatted before submitting to SNPP (Pager) server

•Software Inventory: Internet Explorer is now properly detected on Vista and later

•Software Inventory: Patches are new enumerated even when TrustedInstaller.exe is active

•Event Log Backup: Resolved small memory leak

•Heartbeat Monitoring: Improved reliability

•Heartbeat Monitoring: Resolved memory leaks

•Environment Monitoring: Location is now included in alerts

•Performance Monitoring: Performance Status and other related pages (including network status, mobile apps) now load significantly faster

•Fixed bugs in Console Logon Tracking

•Agent startup speed has been improved when service monitoring is enabled

•File Access Tracking: Fixed issue on Windows 2008 and later

•Network Services: Japanese Syslog messages and SNMP traps are now correctly logged to the event log and database

Version 2.92     April 2011

New Features:

•SNMP trap daemon is introduced and logs v1, v2c and v3 SNMP traps either to the event log or the database

•Syslog daemon has been moved from the EventSentry agent into the "Network Services" service, together with the SNMP daemon. Stability as well as reliability have been improved in the new Syslog daemon

•Performance (optional) as well as environment email alerts now include an attached chart which shows recent performance / environmental data

•Management Console: Clicking a computer icon now displays a summary page

•Event Log Monitoring: Insertion string matching can now match empty strings

•Event Log Monitoring: Number of supported custom event logs has been increased to 30

•Service Monitoring: A recurring alert can be configured when a service remains in the "Stopped" state

•Hardware Inventory: Network adapter speed is now collected, and speed changes are logged to the event log

•Hardware Inventory: Addition and removal of Removable drives (e.g. USB drives) are now detected and logged to the event log

•Hardware Monitoring: The S.M.A.R.T. status of physical drives (when supported) is monitored.

•Disk Space Monitoring: Volumes linked to by junction points are now included when disk space alerts are evaluated / generated. Note: Disk space information in web reports does not yet take junction points into consideration

•Process Monitoring: The number of required instances of a process can now be specified

•Print Tracking: Print tracking now works with Vista and later operating systems

•Network Logon Tracking: When capturing "Logon By Type" events, "Audit Success" can now be excluded

•A new HTTP action submits events to web pages via http or https

•The SMTP action dialog now includes a wizard to build email addresses for common email to SMS gateways

•Additional variable support for the Process, Syslog and Snmp action

•Heartbeat Agent: Improved detection of remote agent status

•Removed: Microsoft Access is no longer officially supported, and no MS Access database is shipped with the installer

Bug Fixes:

All bug fixes since the initial 2.91 release have been incorporated into version 2.92, additionally:

•Hosts configured with multiple NICs that are added to the configuration with just the IP address, will properly determine their group membership.

•Print tracking works with Vista, Win7 and Windows 2008

Version 2.91     November 2009

New Features:

•Event Log Monitoring: Filtering capabilities have been improved to allow for insertion string matching, including the ability to interpret insertion strings as numbers, usernames or file names

•Actions: SNMP action now supports v2c and v3 traps

•Service Monitoring: Now collects service account as well as executable, in both alerts as well as reporting

•Service Monitoring: Service history report now shows every service change per line, with easier readability

•Process Tracking: Command line arguments of an active can now be collected

•Logon Tracking: Group information is now collected

•Software Monitoring: Uninstallation events now include same information as installation events

•Software Monitoring: Windows updates are now collected on Vista, Windows 2008 and Windows 7, and more easily searchable in the web reports

•Hardware Monitoring: IP addresses are now collected, and changes updated dynamically in the background

•File Monitoring: Processing of a file's checksum can now be skipped if the size has not changed

•Management Console: Authentication can now be set globally, in addition to being set on a per-group and per-computer level

•Management Console: Computers in AD-linked groups can be sorted.

•Management Console: Notes can now be added to computers

•Environment monitoring: The minimum monitoring interval has been reduced to 5 minutes

•Reporting: Health status of multiple computers can be displayed in a visual health matrix, scalable to display hundreds of computers in a single page

•Reporting: The network status page now allows the customizations of performance counters as well as disks displayed

•Reporting: Reports are more accessible, and can now be accessed from every page

•Reporting: Most pages have been overhauled and improved for improved usability

Performance Enhancements:

•Event Log Monitoring: Filter processing has been improved, resulting in a lower CPU usage

•Checksum generation (File Monitoring, File Access Tracking) has been improved resulting in lower CPU usage

Bug Fixes:

All bug fixes since the initial 2.90 release have been incorporated into version 2.91.

•Software Monitoring: Duplicate records of software is not longer shown in the software inventory

•Compliance Tracking: Temp file was used even when its maximum size was set to 0 Mb

•Network Status: This feature has been improved to avoid problems with computers missing, being displayed in the wrong group or not showing up at all

•Disk space Monitoring: Alerts for low disk space are no longer generated when the total disk space is less than the alert (hard) limit to begin with

•Hardware Inventory: Virtual machine detection, as well as Hyper-V detection has been improved for more reliability

Version 2.90     October 2008

New Features:

•Vista, Windows 2008 are monitored with new API

•Event Log Backup feature supports .evtx files

•Database Import Utility supports .evtx files

•New NTP monitoring and synchronization feature

•Event Log Filter Timers now support insertion strings for easier setup & more flexibility

•Scripts can now be embedded into the EventSentry configuration and referenced in application schedules & process actions

•Actions: Jabber action supports chat rooms

•Actions: Process action supports time-based termination and more event logging options

•Actions: Fields in SMTP action can now be customized

•Actions: In addition to controlling services, processes can be terminated (with support for insertion strings)

•Actions: Certain actions can track their trigger history in database

•Actions can now be enabled/disabled based on weekday and time of day

•Compliance: New File Access Tracking feature

•Compliance: Account Management Tracking

•Compliance: Successful & Failed network logon tracking

•Compliance: Audit, Domain & Kerberos policy tracking

•Compliance: Trust Relationship tracking

•Compliance: User & Logon Right change tracking

•Compliance: Improved logon tracking to include domain role and indicate administrative logons

•Compliance: Process tracking includes domain role

•Variables can now be assigned to computers in addition to global & groups

•Service Monitoring: Events now distinguish between services and drivers

•File Monitoring: Can detect alternate data streams (ADS)

•Performance Monitoring: Added "between" condition and "divide by # of processors"

•Software Monitoring: Monitors and records system uptime

•Hardware Inventory: Detects more details about the OS (e.g. editions) as well as hardware

•Management Console: Group-Level Inheritance can be blocked on a per-computer basis

•Management Console: Remote update feature now uses threads for much faster update speeds

•Management Console: Added "Quicktools" to execute any application against a remote computer

•Heartbeat Monitor: Can now utilize credentials set on group or computer items

•Heartbeat Monitor: Can notify you via email when the EventSentry agent is not running

•Web Reports: Extremely granular, built-In authentication has been added

•Web Reports: Users can customize their settings in web reports without affecting global profile settings

•Web Reports: Network Status includes switch to only show erroneous machines

•Web Reports: Network Overview shows disk & performance alerts and event log trends

•Web Reports: Network Overview shows overdue reports and most active machines

•Web Reports: Computer Overview includes event log trend, overview and common errors

•Web Reports: Report management has been improved

•Web Reports: Reports support review as well as a report trigger history

•Web Reports: Right-click menu for column headers allows toggling columns

•Web Reports: Maintenance wizard supports deleting multiple computers at once, and much more

•Web Reports: Database usage page shows storage details of database

•Web Reports: Database can now be created and/or updated using the web reports

•Web Reports: Print output has been significantly improved

•Three completely redesigned widgets using the Yahoo Widget Engine

Bug Fixes:

•Several bug fixes in the database import utility for importing log files

•Issues with filter times have been resolved

•Filter test feature has been improved

•Event Log Monitoring has been improved for better reliability

Version 2.81     September 2007

New Features:

•Database Setup Wizard now supports database connection strings and EventSentry Actions as a destination in addition to System DSNs

•Nessus Import Utility and reporting now supports XML files from Nessus v3 as well

•Web Reports: New "Network Status" overview page

•New SMTP engine now supports TLS/SSL connections

•Event Log Backup files can now be automatically compressed

•Line delimiter can now be specified for non-delimited files as well

•Actions now support a limit feature

•Management Console can automatically check for new versions and patches

•Event Log Database Import utility is now called "Database Import Utility" and supports importing delimited and non-delimited log files

•You can now specify a router for a Heartbeat-Enabled group to suppress duplicate alerts when a router goes down

•Hardware inventory can now distinguish between logical and physical CPUs and show more detailed CPU information

•Web Reports: Computer Overview page supports automatic iteration between computers

•Web Reports: Weekly Logon Reports in Logon Tracking

•Web Reports: Ability to email event records and copy event records to the clipboard

•Web Reports: Calendar popup improved on newer browsers

Bug Fixes:

•Improved SQL queries drastically improve speed of most searches on the web reports

•Detailed hardware inventory information (NIC, memory, etc.) would sometimes not be recorded correctly

•Host names / IP addresses of remote Syslog hosts would not be included in events or the database if the IP address of the remote host could not be resolved

•Resolved bug in environment monitoring dialog

•Computers logging on to Citrix or Terminal Servers would show up in the "Computers" field of the Logon Tracking page

•Active Directory Auto-Refresh: Computers that were removed from AD would not automatically be removed from the corresponding group

•Web Reports: Improved Correlation between logon and process tracking

•Web Reports: Several bug fixes in combination with MySQL, profile editor

Version 2.80     May 2007

New Features:

•Log File Monitoring allows you to monitor both non-delimited and delimited files. You can either consolidate content into the database or receive alerts based on text logged to the log files

•File Monitoring allows you to be notified when files in a monitored directory are changed (includes checksum hashes), and you can either track changes in the database or receive alerts

•Directory Monitoring alerts you when a monitored directory exceeds a preset size

•Jabber notifications allow you to send IM notifications, e.g. using Google Talk!

•The hardware inventory feature now includes detailed information about installed memory and available slots, installed network cards, optical drives and you can remotely power on computers using WakeOnLAN!

•Logon Tracking now includes more detailed information such as remote IP address, session connections/disconnections and workstation unlocks

•The heartbeat agent now supports recurring alerts

•As always we also fixed minor bugs and optimized various aspects of the agent to continuously increase the availability of the agents

•Two new wizards were added for the log file monitoring and for setting up thresholds

•A “filter test” utility has been added that allows you to test events against your filter rules by simply right-clicking an event in the built-in event viewer

•Insertion Strings of events can now be displayed in the subject of an email ($STR1, $STR2, ...)

•System Health features now include an "Alerts" button to easily create filters for events logged by the respective feature

•Package summary pages now include description of packages

•Hardware inventory feature can generate alerts when memory, CPU count or number of installed drives change

Bug Fixes:

•Custom event log settings are now completely transferred to remote machines when pushing the configuration

•Some events would not be transferred correctly with the SNMP action

•On 64-bit systems, EventSentry now shows 32-bit and 64-bit installed software

Version 2.72     8th September 2006

New Features:

•Remote configuration updates do not require the Remote Registry Service anymore, but instead use the ADMIN$ share. A work-around without the ADMIN$ share exists

•Remote update shows the total and average time it took to perform an action

•Event Log Backup Files  (.evt) can be imported into the EventSentry database

•Event Message Browser lets you view and test all installed event messages

•Two wizards where added to accomplish common tasks

•Disk space alerts are now cleared after an alert, the volume name is also shown in alerts

•Disk space web-reports can be filtered/grouped on the group level

•Speed of performance charts was improved significantly

•Expanded the "toggle" functionality to most search pages

•A user-configured IP address will now be used on the web reports

Bug Fixes:

•Deleting a database action could incorrectly configure the notifications of existing health and tracking features, including notifications set on the package-level

•Remote update would not work correctly when the EventSentry was not installed locally

•Creating a new package and immediately configuring it to be global would not work

•The automatic configuration backup feature would not correctly delete old files

•A temperature-only sensor could not be configure for a position other than 1

•The temperature and/or humidity sensor would not work correctly

•Remotely connected event logs would sometimes not be restored correctly

•Filters and folders with the same name would crash the GUI

•The event log summary dialog would display incorrect data when connected to remote hosts

•Finding Event IDs works correctly now

•Creating multiple SNPP action notifications was not possible

•Resolved problems with event reports on SQL Server 2005

•Resolved problems with IP address lookup

•Resolved problems with the performance reports

Version 2.71     6th July 2006

New Features:

•Filter Timers for event-log relation

•Additional hardware sensors: Motion-, Smoke- and Water sensors

•Nessus reporting support

•Database purge utility (command-line based)

•Installer now supports MySQL

•Agent: New Shutdown/Reboot and Service Control action

•Agent: Support for more runtime variables in SMTP Header/Footer

•Heartbeat Monitoring: Ping tracking

•Heartbeat Monitoring: Maintenance schedule can be accounted for in uptime statistics

•Improved hardware inventory (now also detects serial numbers, model and graphic adapter/resolution)

•Remote Update utility to automate remote update tasks

•Improved dashboard

•Ability to save the configuration as a HTML file

•Maximum temp file size mechanism change

•Various improvements in the web reports

Bug Fixes:

•Pushing the agent to a remote host running the x64 edition Windows Server 2003 would sometimes not work

•Fixed problems with application scheduler that would not execute certain files properly

•Fixed various small bugs in management console application

•Fixed problem with certain threshold settings

•Fixed bug with performance monitoring

•Fixed XSS vulnerability in web reports

•Fixed minor issues in database setup wizard

•Fixed problem with event log backup assignments

•Fixed problem when computers where added with FQDN instead of NetBIOS name

Version 2.70     9th February 2006

New Features:

•Management console now supports filter, health and tracking package for easier and more flexible administration

•NETIKUS.NET offers standard filter and health packages that can be updated directly from the management console over the Internet

•Performance monitoring to track performance information (e.g. CPU usage, memory usage) in a database and/or receive performance alerts via notifications (e.g. email)

•Filter packages can be configured to be automatically active when one or more services are installed

•Environment monitoring now supports temperature and humidity ranges and also clears previously issued alerts

•Pager support for paging providers that support the SNPP protocol

•Service monitoring now includes database support, allowing you to query service status, history and uptime through the web reports

•Autorun Monitoring is now called "Software Monitoring"

•Software inventory is now included as Software Monitoring now includes database support. This allows you to query installed applications and installation history through the web reports.

•Software monitoring also monitors the ActiveSetup registry key

•3rd Party Application is now called "Application Scheduler" and supports running custom monitoring tasks in a recurring fashion, e.g. every 30 seconds.

•Logon tracking monitors logon's and logoff's, enabling you to view detailed logon/logoff information about users through the web reports

•Print tracking monitors all print jobs and allows you to see print job data and statistics through the web reports, including the ability to assign cost to print queues for invoicing

•The threshold feature has been simplified and offers new features

•The built-in event log viewer supports opening .evt files, you can also open .evt files directly from explorer

•Remotely connected event logs can automatically be restored after restarting the management console

•The remote update computer list can automatically be sorted

•Heartbeat agent now supports maintenance schedules that can be set for individual computers and/or groups

•Management console supports searching for filters and computers

•Management console can automatically backup the entire configuration at preset intervals

•The completely redesigned web reports now offer a dashboard, event log reports, a profile editor, a maintenance wizard and much more!

Bug Fixes:

•Reduced size of configuration in registry for faster remote updates

•Increased agent stability

•Fixed problems with moving and cutting/pasting filters

•Several problems in the web reports have been fixed

•Duplicate computers cannot be entered anymore and no longer cause problems with the heartbeat agent

Version 2.60     1st June 2005

New Features:

•SNMP Support (sending traps)

•Monitoring of application installation/uninstallation

•Monitoring of machine-based autorun registry keys and directories

•Web reports now feature an uptime calculation page

•Ping option for remote update can be toggled

•System health options can now be set to block inheritance

•Process Monitoring can be configured to start after X seconds

•Various enhancements in the management application, including proxy server support for feedback and news feature

•Added ping dependency in heartbeat monitoring

•Added additional monitoring options in heartbeat monitoring

•Added database backup feature (if database is temporarily unavailable) to heartbeat monitoring

•Agents installed through remote update can now be uninstalled on target machines using "Add/Remove Programs"

•Desktop action notification now supports remote hosts in addition to the local host

•"Online Configuration Update" feature was improved for higher stability

•Map IP address to alias in remote update

•Changed MSI installer from Wise to InstallShield for higher stability and more future features

Bug Fixes:

•Some SIDs were not resolved to usernames correctly

•Clicking on the "Computers" container would show a wrong path in an error message

•Computers would randomely not show up in the web reports computer list

•Saving the configuration would increase the memory usage on the agent, without freeing it (~200kb)

•Some processes in "Process Tracking" would incorrectly show up as "still running" when they had exited

•Bootscan feature of Process Tracking would not record all activity correctly

•Recurring event filters would not work 100% correctly when a schedule would end exactly at midnight

•SMTP Footer would not appear in Mini Emails

•Under certain circumstances on very busy event logs (e.g. security event log on domain controllers) some event records would be skipped and not processed by EventSentry.

•The EventSentry agent would crash under special circumstances when using the summary notification feature.

•When clearing an event log the EventSentry agent would not continue to monitor this log.

•Fixed various issues with SP1 of Windows Server 2003

•Various bug fixes in the management application

•Various bug fixes in the EventSentry agent

•Fixed problems in combination with DEP (data execution prevention) in SP1 of Windows Server 2003

Version 2.50     26th January 2005

New Features:

•Temperature & Humidity monitoring with external device

•Heartbeat monitoring of remote hosts (ES agent monitoring, PING and TCP port checks)

•Local computername may now be added to remote update list

•ODBC Target supports ODBC connection strings in addition to DSN names for easier deployment

•"Audit Process Tracking" can now also be switched off through "Process Tracking" feature

•Recurring event feature lets you define events that you expect to appear (such as a tape backup) during a certain time period, and become notified if they are not

•Computer field added to event log filter properties

•Event Log Backup feature now supports environment variables in file name

•Event Log Full detection now also supports the ODBC, NET SEND, SYSLOG and DESKTOP actions

•GUI: Event Log Viewer supports sorting

•GUI: Remote Update results window allows for sorting

•GUI: Remote Update also sends computer names

•GUI: Remote Update "Computers" container supports sorting and drag/drop

•GUI: Targets support drag/drop

•GUI: Active Directory linked groups now show the actual computers under the "Computers" container and allow for  authentication to be set on a per-host level

•GUIDs in event log records are resolved to display name

•Filter Source, Category and Users allow for multiple values, separated by comma

•Filter Source, Category and Users support negation with exclamation mark

•Binary data of events now also available in all notifications, GUI and web reports

•Additional variable support for the FILE action

•ASP and PHP Web reports now work with all supported databases (Access, MSSQL, MySQL, Oracle), the PHP web reports have been switched to use ODBC

•A new Database Wizard now creates all tables, indexes and permissions automatically on MSSQL, MySQL and Oracle

•The new MSI installer optionally creates a virtual IIS directory and/or sets up the MS SQL Server database automatically

•SMTP action now supports an optional header and footer that can be added to every email

•Service Monitoring: Included/Excluded services now support wildcards

•Process Tracking: Included/Excluded processes now support wildcards

Bug Fixes:

•Database layout completely redesigned for faster web reporting

•Event Log Scanning engine significantly improved

•Memory Leak in filter processing removed

•Absolute diskspace limits now work for values > 4Gb

•Selecting a particular set of logical drives would not work

•ASP Web pages corrected to support Access databases without restrictions

•ASP Web pages corrected to support non-US date formats

•Threshold feature incorrectly counting excluded events towards limits

•Filtering of "Filter Text" would not work correctly when filter text attempted to match the last character of an event log record

•Password for group (remote update) not saved correctly

•GUI will not allow more than one instances anymore on computers running Terminal Services to avoid data corruption

•GUI will not freeze while performing remote updates and switching to another application

•Several bug fixes in ASP and PHP web reports

•Unsupported characters were allowed in filter names, resulting in configuration corruption

Version 2.43     22nd July 2004

New Features:

•Process Tracking records all process activity in a database and allows you to see a process history on all monitored hosts

•Service monitoring can control services and maintain a set status. Failed services can now be automatically restarted

•Disk Space Monitoring allows for more granular settings for warnings and database connections

•Disk Space Monitoring will now recognize when new (fixed) disks are added or removed during runtime

•Event Log Backup allows for backups of all event logs for faster configuration

•Database table names can now be specified for each of the features requiring a database (ODBC action, disk space trend collection and detailed process tracking)

•GUI: "Force News Update" reloads latest news

•GUI: Filters can be commented

Bug Fixes:

•Handle leak in eventsenry_svc.exe.

•Memory leak in NonPaged pool when using the TCP syslog action and remote syslog host is not accepting TCP connections

•Launching applications with the "3rd Party Applications" feature might show error "Invalid access to memory location" and the application would not run.

•An error with the summary notification feature could crash the application when a large amount of events (more than the configured maximum) were summarized.

•Right-Click on SYSTEM event log in tray icon opens security log (no other logs are affected)

Version 2.41     7th June 2004

New Features:

•Added $HOSTNAME variable to event log backup feature

Bug Fixes:

•Warning messages in PHP interface removed

•Wrong $DAY, $MONTH and $YEAR variables in event log backup feature

•OLE DB error in index.asp file removed when using an MS Access database

Version 2.40     25th May 2004

Version 1.x Compatability mode will no longer be supported starting with Version 2.40 of EventSentry. If you are still running 1.x agents in your network then you will need to upgrade them to version 2.40.

New Features:

•GUI: Tree in navigation pane restructured for easier navigation, general usability improvements

•GUI: Maximum groups, actions were increased

•GUI: Active Directory Import (with "Link" feature) added

•GUI: Up to 5 remote event logs can be added to navigation pane

•GUI: Change detection added, GUI tries to determine whether changes were made and only prompts to save then

•GUI: Event Log Viewer filter added (filter for errors, warnings, information, audit success & failure)

•GUI: Only active group is sent to remote computers with remote update

•GUI: One-Button remote agent installation

•GUI: Tree status is now also saved/restored when connecting to remote computers

•GUI: ODBC action has a test button now too

•SMTP Target: Mini-Emails can now be customized

•SMTP Target: Dial RAS connections before sending emails

•SYSLOG Target: This action has been optimized and should offer higher throughput

•Custom variables are introduced, variable processing improved

•Variable $EVENTMESSAGE for SMTP subject added

•Automatically backup and clear event logs on a regular basis

•Run command-line applications and log their output to the event log

•Monitor memory consumption of processes to detect possible memory leaks

•Monitor diskspace, including trend change detection

•Trial Version & Full Version are now one product

Bug Fixes:

•GUI: Remote Update: Health settings of a group could be deleted when only updating filters

•GUI: Service Monitoring would not save changes when adding services that don't exist on local machine

•GUI: Feedback forms do not disappear when connection was unsuccessful

•GUI: Renaming groups could yield random results

•SERVICE: Filter processing has been optimized

•SERVICE: Some boot time events could be ignored

•SERVICE: Formatting of event log records has been corrected and improved

•SERVICE: SMTP message now contain a Message ID

Removed Features:

•1.x Compatability Mode was removed. If you are upgrading from version 1.x then you will need to upgrade to version 2.30 first to preserve existing filters.

Version 2.30     3rd December 2003

New Features:

•EventSentry now monitors services

•Small enhancements in the management interface

•Filter Groups are now referred to as "Groups"

•Filter Groups can be added/removed in Remote Update, System Health and Filters tree

•PHP version of web interface added (ASP + PHP now supported)

•Added links to eventid.net, google, etc. to web files

•Sylog facility/level now mapped to event category for incoming syslog packets

Bug Fixes:

•Long date format problem in event viewer resolved

•Rename problem in GUI resolved

•Import Problem in GUI resolved

Version 2.21     5th November 2003

New Features:

•Syslog target now supports TCP in addition to UDP

•Remote Update speed improved

•Remote Update displays more informative error messages

•Remote Update now supports different credentials

•Added troubleshooting section in help file and GUI for every target

•Numerous enhancements in the management application

•Added EventSentry Quickstart Guide

Bug Fixes:

•Event records containing a single dot per line could cut off email

•Potential problems in wildcard feature

•Problem in built-in Event Log viewer with certain events resolved

Version 2.20     8th September 2003

New Features:

•(X)HTML emails are sent in multi part/alternative including a non-HTML version of the content. This is useful for email clients that are not capable of displaying HTML messages and for filtering (rules) in MS Outlook

•Wildcard support for filters was added

•The following additional variables for the SMTP target were included: $EVENTSOURCE, $EVENTCATEGORY, $EVENTTYPE, $EVENTID

•The $HOSTNAME variable is now supported in the SMTP Sender email field

•The built-in event log viewer allows you to query web sites to obtain information on a particular event

•Installer features (Management package) improved

Bug Fixes:

•The syslog hostname (as logged & reported by the syslog daemon) was truncated

•The welcome screen might show an invalid event log summary when connected to a remote machine

•Day/Time summaries are sometimes not read correctly on the fly, a service restart is necessary

•Changing the debug logging level requires a service restart

•Various improvements in the management application

Version 2.11     18th August 2003

New Features:

•A customizable Welcome Screen shows important information such as EventSentry news, event log summary and more

•Display speed of the built-in event viewer was greatly improved

•Invalid filter order is detected by management interface

•For better usability some menu options were renamed

•Sample ASP pages for querying an ODBC database were added

•On German Operating Systems EventSentry logs German messages to the event log

Bug Fixes:

•The service (agent) underwent a major security code review

•Memory usage was reduced and optimized

•Exclude filters using more than one target would not exclude events properly

•Drag & Drop would sometimes not work properly

•Creating filters or targets would fail when clicking with mouse instead of hitting enter

•Remote Update would sometimes not connect to certain machines

•Import Wizard would only import ~250 computers

•Size & positioning issues with desktop notification feature were corrected

•Potential problems in the network target have been resolved

•Problems with the summary notification have been resolved

Version 2.10     3rd July 2003

New Features:

•Custom event logs can now be managed and monitored

Bug Fixes:

•Fixed problems in the built-in event viewer and other minor problems

Version 2.01     18th June 2003

New Features:        

•Added check box functionality for remote update

•All groups can now be updated at once

Bug Fixes:

•Fixed problems in the remote update feature (including service installation)

•Fixed problems in built-in Event Viewer

Version 2.00     5th June 2003

New Features:

•Added installer software

•Completely redesigned the management interface (GUI)

•Filters can be assigned to multiple targets

•Smtp target enhancements

•Added network target (ala net send)

•Added process target

•Added sound target

•Added desktop target

Bug Fix:

•Permanent summary notification on Windows NT4 might not work due to missing %TEMP% variable

Version 1.15     11th March 2003

New Features:        

•Summary features events are now stored throughout service restarts

•Filter option "Filter Text" is not case sensitive anymore

Bug Fixes:

•"Stop processing other filters" didn't work in combination with summary feature under some circumstances

•Other minor bug fixes

Version 1.14     25th February 2003

New Features:        

•Targets can now be enabled/disabled

•Multiple concurrent instances of the GUI are prevented

Bug Fixes:

•The "stop processing other filters" option didn't work correctly under some circumstances

•Bootscan would report too many events under some circumstances

•Using ODBC with a MS SQL Server would sometimes not write events to the database

•Excluding filters for particular targets would under some circumstances not work

Version 1.12     10th February 2003

Bug Fixes:

•The filter summary dialog box is cleared/reset under some circumstances

•A filter group update does not correctly set the active filter group on the target computer

•Sending emails with certain mail servers would fail

Version 1.10     4th February 2003

New Features:

•Introduced filter groups (see help for an explanation)

•Added the parallel ASCII-printer target

•Added email importance flags

•Added/improved computer list import/export

•Added GUI tips

Bug Fixes:

•A special kind of event log entry could crash the service

•Database DATETIME field was not used (text was used instead)

•Event log entries would sometimes be ignored

•Fixed GUI ALT-F4 issue.

•Other minor fixes in both GUI and service

Version 1.03      16th January 2003

New Features:

•Added the $HOSTNAME variable for the SMTP subject and FILE filename, added HTML customization options.

Bug Fix:

•If an event log is configured to "overwrite events as needed" and events are being overwritten (because the event log is full) then EventSentry can stop monitoring this particular event log under certain circumstances.

Version 1.02     22nd December 2002

Bug Fix:

•Under some circumstances the GUI could crash when performing any kind of batch update.

•The EventSentry service is not affected by this problem.

Version 1.00     19th December 2002

This was the initial public release of EventSentry.