Validation Scripts: EventSentry will ship with dozens of security and health scripts that will detect insecure settings, compliance violations and misconfigurations on monitored hosts. Examples will include insecure protocols that should be disabled, A/V & firewall checks and much more.
Admin Search: ADMonitor users can now filter any Security & Compliance report (file access tracking, process tracking, etc.) to only show activity from domain admins.
Web Browser Extension Inventory: Get a searchable inventory of all installed browser extensions, or alerts when extensions are added or removed (supports Google Chrome, Mozilla Firefox and Microsoft Edge (Chromium-based).
Network Services NetFlow: Support for IPFIX
Tray Icon / App: Tray app that supports submitting notes including screen shots, a System Information dialog that shows uptime, hostname, ip address, CPU/Memory/Disk utilization, logged on users, top 3 processes based on current CPU and memory consumption and more.
EventSentry Help File in German
Web Reports: Import / Export Dashboards
Web Reports: Dashboard tile for images and web cam streams
Web Reports: Quickly run recent / popular search queries
Web Reports: Filter compliance searches to admin-only activity
Web Reports: Expanded Health Matrix options with detailed point system
Web Reports: Trigger report jobs based on the exact number of results
Collector-side thresholds extend the agent-side threshold capabilities and support detecting network-wide patterns like lateral movement
Additional capabilities to detect and prevent against new types of Ransomware infections, including variants that modify the boot sector.
Actual audit settings on a Windows host can sometimes deviate from group policy settings - due to conflicts, errors and so forth. A new Audit Policy Status page periodically inventories the current audit settings so you can verify the actual audit settings.
NIST 800-171 compliance reports
A new user activity tracking page makes seeing all activity by a user easier than ever!
Integrations
EventSentry agents can now be integrated with many open source and commercial log solutions with additional Syslog options - even custom JSON formatting is supported!
New Monitoring Features
The new software version check feature identifies outdated software on your network to help you reduce your attack surface. This new feature supplements the software inventory component.
UPS & Battery monitoring now inventories all attached UPS batteries as well as integrated batteries (laptops) regardless of the manufacturer
BIOS changes are now detected
Network Monitoring
Response Time page now includes packet loss percentage
NetFlow monitoring now supports calculating the bandwidth of an interface, including additional statistics such as packet count, bytes per packet and more.
Improved Features
A new navigation menu in the web reports enhances usability
Log file monitoring alerts (events) now include 3 lines before and after a line matched
Disk space alerts now include a list of the largest files and folders of a volume
Growl action now supports multiple recipients
Under the Hood
Web reports are now available in 64-bit and support running larger reports
Web reports utilize Java 8
The speed of all dashboards and other pages in the web reports has been dramatically improved
Managing the configuration through the collector is more reliable
NetFlow with support for NetFlow v1, v5, v9 & sFlow. NetFlow supports visualization, geolocation, alerts, correlation with workstation logon events to map flows to ActiveDirectory users, filtering and more
Web Reports - Notes & Documentation: Web reports users can submit notes to document infrastructure updates, maintenance, fixes and more. Documentation files can be uploaded and associated with hosts
Web Reports: Added ISO 27001:2013 compliance reports
Web Reports: New security features
Web Reports: New dashboard tiles
Web Reports: Treemap visualization available for most pages
Web Reports: Updated look and improved menu
Deployment: Agents using the collector can receive configuration and agent binary updates automatically through the collector without user intervention.
Deployment: MSI installers can now be created in a few seconds directly from the management console (requires free WiX Toolset)
Agent: A 64-bit agent is now available for 64-bit Windows
Agent: Removed limit and improved management of custom event logs
Agent: Support for chaining events
Agent / Collector: Emails containing IP addresses sent through collector can be enhanced to display geolocation and reverse lookup data inline.
Agent: Emails from security event log will automatically be enhanced with descriptions for many status and error codes
Agent: Database performance of delimited log files has been significantly improved
Agent: Insertion strings of events can be created or replaced using regular expressions
Agent: Install date of software is now available for most software even if it was installed before EventSentry
Agent: USB drives are now detected in real-time
Heartbeat Agent: Agent status is now retrieved directly from collector and/or database for faster and more efficient monitoring
Network Services: Database performance for Syslog component has been improved for MSSQL databases
Network Services: License count for network devices is now more accurately enforced
Database: Built-In database now uses PostgreSQL v9.6, optional upgrade path is available
Configuration: Improved out-of-the-box filter rules for less noise
Management Console: Ability to reset the configuration to post-installation defaults (new v3.3 installations only)
Management Console: Remote configuration can now removed when uninstalling an agent even when remote registry service is unavailable
Management Console: Version checks and update/patch downloads are now performed over TLS for enhanced security
Central collector service which enables a 3-tier architecture between an action (e.g. database, email server) and the EventSentry agents. Supports compression and secure data transmission via TLS encryption.
Management Console: Ability to import computers from a network (subnet) scan
Management Console / Remote Update: Record activity in log files
Management Console / Remote Update: Toggle fields in result list
Management Console: Export all configured filters to CSV file
Switch inventory with switch port to MAC/hostname mapping
Detection of highest supported USB version
Ability to reduce the size of security events in the database by removing common, static footers
Web Reports: Additional language support for French, Dutch, Spanish, Polish, Portuguese and Italian
Web Reports: Out-of-the-box compliance reports for PCI-DSS, FISMA, Sarbanes Oxley, HIPAA and GLBA
Web Reports: Improved & faster performance trend reporting with ability to display multiple trend charts on a single page
Web Reports: New Bulk assignment for easier report management
Web Reports: Report jobs can be saved to a folder
Web Reports: Improved host inventory page now shows switch port (if available), USB version and VM hosts (if available)
Web Reports: Health matrix displays computer notes
Event Log Monitoring: Day/Hour filter can be set to the "nth" weekday (e.g. 2nd Tuesday)
Event Log Monitoring: For Windows 2008 and later, processing performance has been optimized for higher throughput and lower CPU utilization
Process Tracking: Now collects process elevation level when UAC is enabled
Embedded scripts now verify temp file contents with checksum
Embedded scripts called from the applications scheduler now support command-line arguments
Hardware Inventory: On DELL & HP servers (when required manufacturer management tools are installed), collects fan speed, redundant power supply status, remote management card information, temperature information, detailed RAID information
Hardware Inventory: Retrieves warranty information for DELL, HP, IBM and Lenovo hardware
SNMP trap daemon is introduced and logs v1, v2c and v3 SNMP traps either to the event log or the database
Syslog daemon has been moved from the EventSentry agent into the "Network Services" service, together with the SNMP daemon. Stability as well as reliability have been improved in the new Syslog daemon
Performance (optional) as well as environment email alerts now include an attached chart which shows recent performance / environmental data
Management Console: Clicking a computer icon now displays a summary page
Event Log Monitoring: Insertion string matching can now match empty strings
Event Log Monitoring: Number of supported custom event logs has been increased to 30
Service Monitoring: A recurring alert can be configured when a service remains in the "Stopped" state
Hardware Inventory: Network adapter speed is now collected, and speed changes are logged to the event log
Hardware Inventory: Addition and removal of Removable drives (e.g. USB drives) are now detected and logged to the event log
Hardware Monitoring: The S.M.A.R.T. status of physical drives (when supported) is monitored
Disk Space Monitoring: Volumes linked to by junction points are now included when disk space alerts are evaluated / generated. Note: Disk space information in web reports does not yet take junction points into consideration
Process Monitoring: The number of required instances of a process can now be specified
Print Tracking: Print tracking now works with Vista and later operating systems
Network Logon Tracking: When capturing "Logon By Type" events, "Audit Success" can now be excluded
A new HTTP action submits events to web pages via http or https
The SMTP action dialog now includes a wizard to build email addresses for common email to SMS gateways
Additional variable support for the Process, Syslog and Snmp action
Heartbeat Agent: Improved detection of remote agent status
Removed: Microsoft Access is no longer officially supported, and no MS Access database is shipped with the installer
Bugfixes:
Hosts configured with multiple NICs that are added to the configuration with just the IP address, will properly determine their group membership
Print tracking works with Vista, Win7 and Windows 2008
Event Log Monitoring: Filtering capabilities have been improved to allow for insertion string matching, including the ability to interpret insertion strings as numbers, usernames or file names
Actions: SNMP action now supports v2c and v3 traps
Service Monitoring: Now collects service account as well as executable, in both alerts as well as reporting
Service Monitoring: Service history report now shows every service change per line, with easier readability
Process Tracking: Command line arguments of an active can now be collected
Logon Tracking: Group information is now collected
Software Monitoring: Uninstallation events now include same information as installation events
Software Monitoring: Windows updates are now collected on Vista, Windows 2008 and Windows 7, and more easily searchable in the web reports
Hardware Monitoring: IP addresses are now collected, and changes updated dynamically in the background
File Monitoring: Processing of a file's checksum can now be skipped if the size has not changed
Management Console: Authentication can now be set globally, in addition to being set on a per-group and per-computer level
Management Console: Computers in AD-linked groups can be sorted.
Management Console: Notes can now be added to computers
Environment monitoring: The minimum monitoring interval has been reduced to 5 minutes
Reporting: Health status of multiple computers can be displayed in a visual health matrix, scalable to display hundreds of computers in a single page
Reporting: The network status page now allows the customizations of performance counters as well as disks displayed
Reporting: Reports are more accessible, and can now be accessed from every page
Reporting: Most pages have been overhauled and improved for improved usability
Bugfixes:
Software Monitoring: Duplicate records of software is not longer shown in the software inventory
Compliance Tracking: Temp file was used even when its maximum size was set to 0 Mb
Network Status: This feature has been improved to avoid problems with computers missing, being displayed in the wrong group or not showing up at all
Disk space Monitoring: Alerts for low disk space are no longer generated when the total disk space is less than the alert (hard) limit to begin with
Hardware Inventory: Virtual machine detection, as well as Hyper-V detection has been improved for more reliability
2008-10-29
Version 2.9 released
SHA-256 Checksum:
Features:
Vista, Windows 2008 are monitored with new API
Event Log Backup feature supports .evtx files
Database Import Utility supports .evtx files
New NTP monitoring and synchronization feature
Event Log Filter Timers now support insertion strings for easier setup & more flexibility
Scripts can now be embedded into the <%PRODUCT%> configuration and referenced in applicationschedules & process actions
Actions: Jabber action supports chat rooms
Actions: Process action supports time-based termination and more event logging options
Actions: Fields in SMTP action can now be customized
Actions: In addition to controlling services, processes can be terminated (with support for insertion strings)
Actions: Certain actions can track their trigger history in database
Actions can now be enabled/disabled based on weekday and time of day
Compliance: Improved logon tracking to include domain role and indicate administrative logons
Compliance: Process tracking includes domain role
Heartbeat Monitor: Can now utilize credentials set on group or computer items
Heartbeat Monitor: Can notify you via email when the EventSentry agent is not running
Variables can now be assigned to computers in addition to global & groups
Service Monitoring: Events now distinguish between services and drivers
File Monitoring: Can detect alternate data streams (ADS)
Performance Monitoring: Added "between" condition and "divide by # of processors"
Software Monitoring: Monitors and records system uptime
Hardware Inventory: Detects more details about the OS (e.g. editions) as well as hardware
Management Console: Group-Level Inheritance can be blocked on a per-computer basis
Management Console: Remote update feature now uses threads for much faster update speeds
Management Console: Added "Quicktools" to execute any application against a remote computer
Web Reports: Extremely granular, built-In authentication has been added
Web Reports: Users can customize their settings in web reports without affecting global profile settings
Web Reports: Network Status includes switch to only show erroneous machines
Web Reports: Network Overview shows disk & performance alerts and event log trends
Web Reports: Network Overview shows overdue reports and most active machines
Web Reports: Computer Overview includes event log trend, overview and common errors
Web Reports: Report management has been improved
Web Reports: Reports support review as well as a report trigger history
Web Reports: Right-click menu for column headers allows toggling columns
Web Reports: Maintenance wizard supports deleting multiple computers at once, and much more
Web Reports: Database usage page shows storage details of database
Web Reports: Database can now be created and/or updated using the web reports
Web Reports: Print output has been significantly improved
Three completely redesigned widgets using the Yahoo Widget Engine
Bugfixes:
Several bug fixes in the database import utility for importing log files
Issues with filter times have been resolved
Filter test feature has been improved
Event Log Monitoring has been improved for better reliability
2007-09-06
Version 2.81 released
SHA-256 Checksum:
Features:
Database Setup Wizard now supports database connection strings and EventSentry Actions as a destination in addition to System DSNs
Nessus Import Utility and reporting now supports XML files from Nessus v3 as well
Web Reports: New "Network Status" overview page
New SMTP engine now supports TLS/SSL connections
Event Log Backup files can now be automatically compressed
Line delimiter can now be specified for non-delimited files as well
Actions now support a Limit feature
Management Console can automatically check for new versions and patches
Event Log Database Import utility is now called "Database Import Utility" and supports importing delimited and non-delimited log files
You can now specify a router for a Heartbeat-Enabled group to suppress duplicate alerts when a router goes down
Hardware inventory can now distinguish between logical and physical CPUs and show more detailed CPU information
Web Reports: Computer Overview page supports automatic iteration between computers
Web Reports: Weekly Logon Reports in Logon Tracking
Web Reports: Ability to email event records and copy event records to the clipboard
Web Reports: Calendar popup improved on newer browsers
Bugfixes:
Improved SQL queries drastically improve speed of most searches on the web reports
Detailed hardware inventory information (NIC, memory, etc.) would sometimes not be recorded correctly
Host names / IP addresses of remote Syslog hosts would not be included in events or the database if the IP address of the remote host could not be resolved
Resolved bug in environment monitoring dialog
Computers logging on to Citrix or Terminal Servers would show up in the "Computers" field of the Logon Tracking page
Active Directory Auto-Refresh: Computers that were removed from AD would not automatically be removed from the corresponding group
Web Reports: Improved Correlation between logon and process tracking
Web Reports: Several bug fixes in combination with MySQL, profile editor
2007-05-25
Version 2.8 released
SHA-256 Checksum:
Features:
Log File Monitoring allows you to monitor both non-delimited and delimited files. You can either consolidate content into the database or receive alerts based on text logged to the log files
File Monitoring allows you to be notified when files in a monitored directory are changed (includes checksum hashes), and you can either track changes in the database or receive alerts
Directory Monitoring alerts you when a monitored directory exceeds a preset size
Jabber notifications allow you to send IM notifications, e.g. using Google Talk!
The hardware inventory feature now includes detailed information about installed memory and available slots, installed network cards, optical drives and you can remotely power on computers using WakeOnLAN!
Logon Tracking now includes more detailed information such as remote IP address, session connections/disconnections and workstation unlocks
The heartbeat agent now supports recurring alerts
As always we also fixed minor bugs and optimized various aspects of the agent to continuously increase the availability of the agents
Two new wizards were added for the log file monitoring and for setting up thresholds
A filter test utility has been added that allows you to test events against your filter rules by simply right-clicking an event in the built-in event viewer
Insertion Strings of events can now be displayed in the subject of an email ($STR1, $STR2, ...)
System Health features now include an "Alerts" button to easily create filters for events logged by the respective feature
Package summary pages now include description of packages
Hardware inventory feature can generate alerts when memory, CPU count or number of installed drives change
Bugfixes:
Custom event log settings are now completely transferred to remote machines when pushing the configuration
Some events would not be transferred correctly with the SNMP action
2006-09-07
Version 2.72 released
SHA-256 Checksum:
Features:
Remote configuration updates do not require the Remote Registry Service anymore, but instead use the ADMIN$ share. A work-around without the ADMIN$ share exists
Remote update shows the total and average time it took to perform an action in the status bar
Event Log Backup Files (.evt) can be imported into the EventSentry database
An event browser lets you browse for all installed event log messages on a system
Two wizards where added to accomplish common tasks
Disk space alerts are now cleared after an alert, the volume name is also shown in alerts
Disk space web-reports can be filtered/grouped on the group level
Speed of performance charts was improved significantly
Expanded the "toggle" functionality to most search pages
A user-configured IP address will now be used on the web reports
Bugfixes:
Deleting a database target could incorrectly configure the notifications of existing health and tracking features, including notifications set on the package-level
Remote update would not work correctly when the EventSentry was not installed locally
Creating a new package and immediately configuring it to be global would not work
The automatic configuration backup feature would not correctly delete old files
A temperature-only sensor could not be configure for a position other than 1
The temperature and/or humidity sensor would not work correctly
Remotely connected event logs would sometimes not be restored correctly
Filters and folders with the same name would crash the GUI
The event log summary dialog would display incorrect data when connected to remote hosts
Finding Event IDs works correctly now
Creating multiple SNPP target notifications was not possible
Resolved problems with event reports on SQL Server 2005
Resolved problems with IP address lookup
Resolved problems with the performance reports
"Update Configuration" feature would not work for x64-bit target systems when the host machine would run Windows Server 2003
2006-07-06
Version 2.71 released
SHA-256 Checksum:
Features:
Filter Timers for event-log relation
Additional hardware sensors: Motion-, Smoke- and Water sensors
Nessus reporting support
Database purge utility (command-line based)
Installer now supports MySQL
Agent: New Shutdown/Reboot and Service Control target
Agent: Support for more runtime variables in SMTP Header/Footer
Heartbeat Monitoring: Ping tracking
Heartbeat Monitoring: Maintenance schedule can be accounted for in uptime statistics
Improved hardware inventory (now also detects serial numbers, model and graphic adapter/resolution)
Remote Update utility to automate remote update tasks
Improved dashboard
Ability to save the configuration as a HTML file
Maximum temp file size mechanism change
Various improvements in the web reports
Bugfixes:
Pushing the agent to a remote host running the x64 edition Windows Server 2003 would sometimes not work
Fixed problems with application scheduler that would not execute certain files properly
Fixed various small bugs in management console application
Fixed problem with certain threshold settings
Fixed bug with performance monitoring
Fixed XSS vulnerability in web reports
Fixed minor issues in database setup wizard
Fixed problem with event log backup assignments
Fixed problem when computers where added with FQDN instead of NetBIOS name
2006-02-09
Version 2.7 released
SHA-256 Checksum:
Features:
Management console now supports filter, health and tracking package for easier and more flexible administration
NETIKUS.NET offers standard filter and health packages that can be updated directly from the management console over the Internet
Performance monitoring to track performance information (e.g. CPU usage, memory usage) in a database and/or receive performance alerts via notifications (e.g. email)
Filter packages can be configured to be automatically active when one or more services are installed
Environment monitoring now supports temperature and humidity ranges and also clears previously issued alerts
Pager support for paging providers that support the SNPP protocol
Service monitoring now includes database support, allowing you to query service status, history and uptime through the web reports
Autorun Monitoring is now called "Software Monitoring"
Software inventory is now included as Software Monitoring now includes database support. This allows you to query installed applications and installation history through the web reports
Software monitoring also monitors the ActiveSetup registry key
3rd Party Application is now called "Application Scheduler" and supports running custom monitoring tasks in a recurring fashion, e.g. every 30 seconds.
Logon tracking monitors logon's and logoff's, enabling you to view detailed logon/logoff information about users through the web reports
Print tracking monitors all print jobs and allows you to see print job data and statistics through the web reports, including the ability to assign cost to print queues for invoicing
The threshold feature has been simplified and offers new features
The built-in event log viewer supports opening .evt files, you can also open .evt files directly from explorer
Remotely connected event logs can automatically be restored after restarting the management console
The remote update computer list can automatically be sorted
Heartbeat agent now supports maintenance schedules that can be set for individual computers and/or groups
Management console supports searching for filters and computers
Management console can automatically backup the entire configuration at preset intervals
The completely redesigned web reports now offer a dashboard, event log reports, a profile editor, a maintenance wizard and much more!
Bugfixes:
Reduced size of configuration in registry for faster remote updates
Increased agent stability
Fixed problems with moving and cutting/pasting filters
Several problems in the web reports have been fixed
Duplicate computers cannot be entered anymore and no longer cause problems with the heartbeat agent
2005-06-01
Version 2.6 released
SHA-256 Checksum:
Features:
SNMP Support (sending traps)
Monitoring of application installation/uninstallation
Monitoring of machine-based autorun registry keys and directories
Web reports now feature an uptime calculation page
Ping option for remote update can be toggled
System health options can now be set to block inheritance
Process Monitoring can be configured to start after X seconds
Various enhancements in the management application, including proxy server support for feedback and news feature
Added ping dependency in heartbeat monitoring
Added additional monitoring options in heartbeat monitoring
Added database backup feature (if database is temporarily unavailable) to heartbeat monitoring
Agents installed through remote update can now be uninstalled on target machines using "Add/Remove Programs"
Desktop target notification now supports remote hosts in addition to the local host
"Online Configuration Update" feature was improved for higher stability
Map IP address to alias in remote update
Changed MSI installer from Wise to InstallShield for higher stability and more future features
PHP web reports are no longer available
Bugfixes:
Some SIDs were not resolved to usernames correctly
Clicking on the "Computers" container would show a wrong path in an error message
Computers would randomely not show up in the web reports computer list
Saving the configuration would increase the memory usage on the agent, without freeing it (~200kb)
Some processes in "Process Tracking" would incorrectly show up as "still running" when they had exited
Bootscan feature of Process Tracking would not record all activity correctly
Recurring event filters would not work 100% correctly when a schedule would end exactly at midnight
SMTP Footer would not appear in Mini Emails
Under certain circumstances on very busy event logs (e.g. security event log on domain controllers) some event records would be skipped and not processed
The agent would crash under special circumstances when using the summary notification feature
When clearing an event log the agent would not continue to monitor this log
Fixed various issues with SP1 of Windows Server 2003
Various bug fixes in the management application
Various bug fixes in the agent
Fixed problems in combination with DEP (data execution prevention) in SP1 of Windows Server 2003
Various fixes in the installer, including ability to run installation on Windows NT 4.0
2005-01-26
Version 2.5 released
SHA-256 Checksum:
Features:
Temperature & Humidity monitoring with external device
Heartbeat monitoring of remote hosts (ES agent monitoring, PING and TCP port checks)
Local computername may now be added to remote update list
ODBC Target supports ODBC connection strings in addition to DSN names for easier deployment
"Audit Process Tracking" can now also be switched off through "Process Tracking" feature
Recurring event feature lets you define events that you expect to appear (such as a tape backup) during a certain time period, and become notified if they are not
Computer field added to event log filter properties
Event Log Backup feature now supports environment variables in file name
Event Log Full detection now also supports the ODBC, NET SEND, SYSLOG and DESKTOP targets
GUI: Event Log Viewer supports sorting
GUI: Remote Update results window allows for sorting
GUI: Remote Update also sends computer names
GUI: Remote Update "Computers" container supports sorting and drag/drop
GUI: Targets support drag/drop
GUI: Active Directory linked groups now show the actual computers under the "Computers" container and allow for authentication to be set on a per-host level
GUIDs in event log records are resolved to display name
Filter Source, Category and Users allow for multiple values, separated by comma
Filter Source, Category and Users support negation with exclamation mark
Binary data of events now also available in all notifications, GUI and web reports
Additional variable support for the FILE target
ASP and PHP Web reports now work with all supported databases (Access, MSSQL, MySQL, Oracle), the PHP web reports have been switched to use ODBC
A new Database Wizard now creates all tables, indexes and permissions automatically on MSSQL, MySQL and Oracle
The new MSI installer optionally creates a virtual IIS directory and/or sets up the MS SQL Server database automatically
SMTP target now supports an optional header and footer that can be added to every email
Service Monitoring: Included/Excluded services now support wildcards
Process Tracking: Included/Excluded processes now support wildcards
Bugfixes:
Database layout completely redesigned for faster web reporting
Event Log Scanning engine significantly improved
Memory Leak in filter processing removed
Absolute diskspace limits now work for values > 4Gb
Selecting a particular set of logical drives would not work
ASP Web pages corrected to support Access databases without restrictions
ASP Web pages corrected to support non-US date formats
Threshold feature incorrectly counting excluded events towards limits
Filtering of "Filter Text" would not work correctly when filter text attempted to match the last character of an event log record
Password for group (remote update) not saved correctly
GUI will not allow more than one instances anymore on computers running Terminal Services to avoid data corruption
GUI will not freeze while performing remote updates and switching to another application
Several bug fixes in ASP and PHP web reports
Unsupported characters were allowed in filter names, resulting in configuration corruption
2004-07-22
Version 2.43 released
SHA-256 Checksum:
Features:
Process Tracking records all process activity in a database and allows you to see a process history on all monitored hosts
Service monitoring can control services and maintain a set status. Failed services can now be automatically restarted
Disk Space Monitoring allows for more granular settings for warnings and database connections
Disk Space Monitoring will now recognize when new (fixed) disks are added or removed during runtime
Event Log Backup allows for backups of all event logs for faster configuration
Database table names can now be specified for each of the features requiring a database (ODBC target, disk space trend collection and detailed process tracking)
GUI: "Force News Update" reloads latest news
GUI: Filters can be commented
Bugfixes:
Critical handle leak in eventsenry_svc.exe (nonpaged pool leak)
Memory leak in NonPaged pool when using the TCP syslog target and remote syslog host is not accepting TCP connections
Launching applications with the "3rd Party Applications" feature might show error "Invalid access to memory location" and the application would not run.
An error with the summary notification feature could crash the application when a large amount of events (more than the configured maximum) were summarized.
Right-Click on SYSTEM event log in tray icon opens security log (no other logs are affected)
Other minor bugfixes in service and GUI
2004-06-07
Version 2.41 released
SHA-256 Checksum:
Features:
Added $HOSTNAME variable to event log backup feature
Bugfixes:
Warning messages in PHP interface removed
Wrong $DAY, $MONTH and $YEAR variables in event log backup feature
OLE DB error in index.asp file removed when using an MS Access database
2004-05-25
Version 2.4 released
SHA-256 Checksum:
Features:
Tree in navigation pane restructured for easier navigation, general usability improvements
Maximum groups, targets were increased
Active Directory Import (with "Link" feature) added
Up to 5 remote event logs can be added to navigation pane
Change detection added, GUI tries to determine whether changes were made and only prompts to save then
Only active group is sent to remote computers with remote update
One-Button remote agent installation
Tree status is now also saved/restored when connecting to remote computers
ODBC target has a test button now too
Mini-Emails can now be customized
Dial RAS connections before sending emails
This target has been optimized and should offer higher throughput
Custom variables are introduced, variable processing improved
Variable $EVENTMESSAGE for SMTP subject added
Automatically backup and clear event logs on a regular basis
Run command-line applications and log their output to the event log
Monitor memory consumption of processes to detect possible memory leaks
Monitor diskspace, including trend change detection
Trial Version & Full Version are now one product
Bugfixes:
Remote Update: Health settings of a group could be deleted when only updating filters
Service Monitoring would not save changes when adding services that don't exist on local machine
Feedback forms do not disappear when connection was unsuccessful
Renaming groups could yield random results
Filter processing has been optimized
Some boot time events could be ignored
Formatting of event log records has been corrected and improved
SMTP message now contain a Message ID
Memory leak in trial version resolved
2003-12-05
Version 2.3 released
SHA-256 Checksum:
Features:
EventSentry now monitors services
Small enhancements in the management interface
Filter Groups are now referred to as "Groups"
Filter Groups can be added/removed in Remote Update, System Health and Filters tree
PHP version of web interface added (ASP + PHP now supported)
Added links to eventid.net, google, etc. to web file
Syslog facility/level now mapped to event category for incoming syslog packets
Bugfixes:
Long date format problem in event viewer resolved
Rename problem in GUI resolved
Import Problem in GUI resolved
2003-11-05
Version 2.21 released
SHA-256 Checksum:
Features:
Syslog target now supports TCP in addition to UDP
Remote Update speed improved
Remote Update displays more informative error messages
Remote Update now supports different credentials
Added troubleshooting section in help file and GUI for every target
Numerous enhancements in the management application
Added EventSentry Quickstart Guide
Bugfixes:
Event records containing a single dot per line could cut off email
Potential problems in wildcard feature
Problem in built-in Event Log viewer with certain events resolved
2003-09-08
Version 2.2 released
SHA-256 Checksum:
Features:
(X)HTML emails are sent in multipart/alternative including a non-HTML version of the content. This is useful for email clients that are not capable of displaying HTML messages and for filtering (rules) in MS Outlook
Wildcard support for filters was added
The following additional variables for the SMTP target were included: $EVENTSOURCE, $EVENTCATEGORY, $EVENTTYPE, $EVENTID
The $HOSTNAME variable is now supported in the SMTP Sender email field
The built-in event log viewer allows you to query web sites to obtain information on a particular event
Installer features (Management package) improved
Bugfixes:
The syslog hostname (as logged & reported by the syslog daemon) was truncated
The welcome screen might show an invalid event log summary when connected to a remote machine
Day/Time summaries are sometimes not read correctly on the fly, a service restart is necessary
Changing the debug logging level requires a service restart
Various improvements in the management application
2003-08-18
Version 2.11 released
SHA-256 Checksum:
Features:
Customizable Welcome Screen shows important information such as event log summary and more
Display speed of the built-in event viewer was greatly improved
Invalid filter order is detected by management interface
Some menu options renamed for improved usability
Sample ASP pages for querying a ODBC database were added
On German Operating Systems EventSentry logs German messages to the event log
Bugfixes:
Service (agent) underwent a major security code review
Memory usage reduced and optimized
Exclude filters using more than one target would not exclude events properly
Drag & Drop would sometimes not work properly
Creating filters or targets would fail when clicking with mouse instead of hitting enter
Remote update would sometimes not connect to certain machines
Import wizard would only show ~250 computers
Size & positioning issues with desktop notification feature were corrected
Potential problems in the network target have been resolved
Problems with the summary notification have been resolved
2003-07-03
Version 2.1 released
SHA-256 Checksum:
Features:
Custom event logs can now be managed and monitored
Bugfixes:
Fixed problems in the built-in event viewer
Other minor fixes / optimizations
2003-06-18
Version 2.01 released
SHA-256 Checksum:
Features:
Added checkbox functionality for remote update
All filter groups can now be updated at once
Bugfixes:
Fixed problems in the remote update feature (including service installation)
Fixed problems in built-in event viewer
2003-06-05
Version 2.0 released
SHA-256 Checksum:
Features:
Added installer software
Completely redesigned the GUI (graphical user interface)
Filters can be assigned to multiple targets
Smtp target enhancements
Added network target (ala net send)
Added process target
Added sound target
Added desktop target
Bugfixes:
Permanent summary notification on Windows NT4 might not work due to missing %TEMP% variable
2003-03-11
Version 1.15 released
SHA-256 Checksum:
Features:
Summary features events are now stored through service restarts, filter option "Filter Text" is not case sensitive anymore
Bugfixes:
"Stop processing other filters" didn't work in combination with summary feature under some circumstances
Other minor bug fixes
2003-02-25
Version 1.14 released
SHA-256 Checksum:
Features:
Targets can now be enabled/disabled, multiple concurrent instances of the GUI are prevented
Bugfixes:
The "stop processing other filters" option didn't work correctly under some circumstances
Bootscan would report too many events under some circumstances
Using ODBC with a MS SQL Server would sometimes not write events to the database
Excluding filters for particular targets would under some circumstances not work
2003-02-10
Version 1.12 released
SHA-256 Checksum:
Features:
no new features
Bugfixes:
The filter summary dialog box is cleared/reset under some circumstances
A filter group update does not correctly set the active filter group on the target computer
Sending emails with certain mail servers would fail.
2003-02-04
Version 1.1 released
SHA-256 Checksum:
Features:
Introduced filter groups (see help for an explanation)
Added the parallel ASCII-printer target
Added email importance flags
Added/improved computerlist import/export
Added GUI tips
Bugfixes:
A special kind of eventlog entry could crash the service
Database DATETIME field was not used (text was used instead)
Eventlog entries would sometimes be ignored
Fixed GUI ALT-F4 issue
Other minor fixes in both GUI and service
2003-01-16
Version 1.03 released
SHA-256 Checksum:
Features:
Added the $HOSTNAME variable for the SMTP subject and FILE filename
Added HTML customization options
Bugfixes:
If an eventlog is configured to "overwrite events as needed" and events are being overwritten (because the eventlog is full) then EventSentry can stop monitoring this particular eventlog under certain circumstances. All customers are encouraged to update.
2002-12-22
Version 1.02 released
SHA-256 Checksum:
Bugfixes:
Under some circumstances the GUI could crash when performing any kind of batch update. The EventSentry service is not affected by this problem.
2002-12-19
Version 1.0 released
SHA-256 Checksum:
Bugfixes:
This is the initial public release of EventSentry.