EventTracker 7.2 – Release Notes

The EventTracker engineering team continues to monitor changes in operation management, enterprise applications, and regulation compliance standards. Version upgrades are made based on customer feedback and experience in the field, providing you the best solution possible.

EventTracker 7.2 (Build 69)

  • Severity, Facility, Format and properties options added to Syslog message forward action under alerts. (ET72U12-040, ET72U12-061)
  • Support in EventTracker Agent to monitor free disk space by specifying the amount in MB. (ET72U12-046)
  • Enhanced behavior rules for enterprise activity. (ET72U12-047)
Mcafee EPO mib precompiled in TrapTracker.
  • Collection Point sends cab files in chronological order. (ET72U12-042)
  • In EventVault UI, the list of cab files is sorted in order of the start time of the cab period. (ET72U12-043)
  • When the size of issAlertsDB.mdb reaches configured amount in MB (Default is 250 MB), it is backed up in a separate file named issAlertsDB_.mdb. (ET72U12-044)
  • The description of event id 3201 depends on the option selected for monitoring disk space.
  • The NCM events contain user name of the process that performed the network operation. If the user name for the process cannot be determined, then active user name is used.
  • If “max_trap_buffer_size” configuration is not present then using the default value 100,000 instead of 10,000.
  • Changed the prerequisites checking application to display the details even if all prerequisites are already installed.
  • Added “Retry” button in prerequisites checking application to avoid re-launching setup after installing the prerequisites.
  • Fix for the issue where index files are not getting purged during scheduled purging of archives. (ET72U12-043)
  • In EventVault UI, the filtering by port number does not work if the application is configured to load archives from database. (The key “LoadArchivesFromDB” in “tbl_config”). (ET72U12-043)
  • In EventVault UI, time range selection “Show older than” does not work if the application is configured to load archives from database. (The key “LoadArchivesFromDB” in”tbl_config”). (ET72U12-043)
  • Fix for the issue where alert notification database and receiver log files were getting over sized due to SQL failure. (ET72U12-044)
  • Fix for the issue where alert notification database is not getting updated sometimes. (ET72U12-052)
  • Fix for the issue where cab transfer transaction records are not getting purged. (ET72U12-058)
  • Fix for the Collection Point issue where Resend option is not sending the cabs. (ET72U12-058)
  • USB related logs should be available for Windows vista systems. (Bug #2767).
  • Receiver crashes sometimes while stopping the service.
  • Fix for the issue where agent configuration UI does not fetch license from server.
  • Fix for the issue where EventTracker agent fails to detect software installed under user profiles.
  • Fix for thread handle leaks in Scheduler.
  • Traffic Analyzer-When user Analyzing the traffic for All Cisco events from category, the generated report fails to show the Event id and event description. (Bug #3214).

EventTracker 7. 2 (Build 64)

  • New report “Exchange 2007 Mailbox Access by Non Owner” (ET72P12-034)
  • New option: Export system inventory information (ET72P11-032)
  • “ReadMe_Disclaimer.txt” is distributed along with the setup which includes the list of 3rd party executables and dynamic link libraries which do not contain valid signatures, file version and manifests. The file is located under\EventTracker folder.
  • Imperva DAM 8.5(Category ,Alerts and reports)
  • McAfee ePolicy Orchestrator v4.6(Category ,Alerts and reports)
  • McAfee Host Intrusion Prevention System v7(Category ,Alerts and reports)
  • “Exported user list” not being shown in the proper format after upgrade(Bug #3240)
  • Systems not being shown in the System Manager after upgrade(Bug #3235)
  • Alerts Configuration-McAfee related EPO, HIPS and Virus Scan, should not be active by default(bug#3236)
  • Favorites-Generated reports failing to show the records(Bug #3233)
  • Agent crash issue while LFM processes a huge log record. (ET72U12-038)
  • Direct Log Archiver fails to archive according to configured EventVault frequency. (ET72U12-036)
  • Entry “MaxVCPLimit” missing in the table tbl_Config after upgrade.(Bug#3234)
  • Adding systems to a custom group in StatusTracker. (ET72P11-030)
  • SNMP community string field wrongly enabled while adding a website.(Bug #3207)
  • EventTracker Archiver getting stuck while processing ec2 and mdb files while creating archives. (ET72P11-025)
  • EventTracker EventVault service was not getting started when FIPS is enabled. (ET72P11-027)
  • Event id 2043 is incorrectly generated by Behavior module. (ET72P11-031)
  • LFM: if creation date of the log file is unchanged, log rotation is not getting detected . (ET72P11-033)
  • Launch of the deployed Change Audit Agent is blocked. (Bug #3232)
  • VB EventVault: Run time error 3704 when user closes the Move Archives window (Bug #3182)

EventTracker 7.2 (Build 60)

  • Traffic Analyzer: New option to specify transfer mode.
  • Reports: New RSA SecurID reports for Authentication success & failure.
  • Windows Agent: Support to add USB exceptions using device identifier.
  • Direct Log Archiver: Support to recurs into folders.
  • Remedial Action: A vbscript can be used without a batch file as a custom action in alert configuration by giving the following command: “cscript.exe” “(CompletePathOfTheVBScript)”
  • StatusTracker: New option to add Website monitoring.
  • Windows Agent: If the agent configuration does not contain license server name, then first manager being reported to is considered as license server.
  • Manager Agent: The scheduled restart of SQL service at 23:45 hours can be disabled by creating the REG_DWORD type registry value “EnableScheduledRestart” with data “0” under the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Prism Microsystems\EventTracker\Agent”
  • In license server, the frequency at which it will try to connect and update license on all agents can be changed by changing the value of field “LicServ_ClientUpdateFreqMin” in table “tbl_config”. This value contains frequency in minutes. If the value is not present then default value of 240 minutes (4 hours) is used.
  • Behavior module will consider only real-time logs.
  • On installing or upgrading an agent from system manager, the license server details on the target system will be overwritten by the license server details used by the manager system’s agent.
  • If SQL Server service is not running, login is disabled with warning message
  • If “EventTracker Reporter” or “EventTracker Remoting” or “EventTracker Receiver” or “EventTracker Agent” services are not running, warning messages are displayed.
  • New option to retry connecting to SQL instance in case of connection failure from Prerequisites dialog.
  • Direct log Archiver appends time ticks to file name, if a file with the same name exists in the target path.
  • EventVault Manager screen – “Verify” button is moved above the grid.
  • Tool tip for the graphical symbols in Event-o-Meter screen has been provided.
  • Provided Partial words search in Analysis.
  • Fix issue with Change Audit, Last Changes screen sorting order.
  • Message text change when Authorize is clicked without selecting an item.
  • Message text change when Authorize is clicked without a comment.
  • Control Panel applet exits gracefully when windows is running under safe mode.
  • Changed label “Location” to “Directory” in Syslog FTP server tab of agent configuration UI.
  • Provided option in alert analysis page to refine based on acknowledgement.
  • Added option in Config Assessment reports to show the “Description” as a menu item. And on clicking of it a pop-up window displays the benchmark description.
  • Include the reason column when a Config assessment schedule is failed.
  • Performance Enhancement in EventVault Explorer. Refine results are shown as and when the data is found.
  • Option provided to delete a Correlation rule.
  • Manager:
    • Unable to add VCP and Syslog receivers.
    • Unable to add DLA extension in direct log archiver
    • Append Archives – Number of cabs selected is not completely visible
    • Run-Time error 91 on Syslog message option window.
    • Cab files are not getting extracted on collection master
    • Create Group on System Manager fails to add system through system type and ip subnet
    • Delete group in StatusTracker is not working as intended.
    • Netflow logs not processed if Direct Log Archiver purge frequency is set
    • Duplicate entry is allowed in Syslog message option window.
    • Agent Config UI does not prompt to save the changes if user selects the Close command from the Control menu.
    • List of applications is lost if user selects the Close command from the Control menu in “Monitor Apps” tab of Agent config UI.
    • Netflow dashboard not showing data on 64 bit machines.
    • Agent version is not getting updated in database.
    • Deploying agent from system manager fails with license error.
    • Agent configuration UI throws Subscript out of range error while adding multiple Syslog managers when there are no windows managers.
    • ‘SCAP Profile Editor’ should not exist in the VB control Panel.
    • Fix provided to delete systems from System Manager.
  • Direct Log Archiver (DLA):
    • Fails to process log files when creation date of file does not change.
    • Fails to process .EVT files on post vista systems.
    • Stuck on post vista systems while moving files to completed folder.
    • Filter list for deployed agents is not displayed correctly.
    • Scheduler does not try to start agent service if scheduler is running for more than 24 hours and Correlation Engine option is not installed.getting stuck when it fails to read the configuration.
  • Log File Monitor (LFM):
    • Fails to process files that contain “_” (underscore) character in its name.
    • Dialog does not show hidden folders in directory list.
    • Blank lines are also considered as log records.
    • Format Mismatch Error in search string option.
  • Windows Agent:
    • Crash when Kingston Data Traveler USB device is inserted in Vista or higher.
    • Allows adding more than five syslog manager(s).
    • Fails to send filtered events as Syslog text file via FTP if no DLA manager is configured.
    • Abrupt shutdown of EventTracker Agent while updating license cache.
    • Fails to translate the GUID in the description on post vista systems.
  • Log Search:
    • Log Search via Admin activity not working.
    • The data exported from log search fails to list event and log type.
  • Behavior:
    • Operation Behavior- Device id display name and Break up column Computer column name are not shown.
    • Regex specified in “Match in Description” and “Description exception” fields is not evaluated correctly.
    • Fails to insert admin activity data properly.
    • Matching for a custom rule in Behavior engine is improper.
  • EventVault Explorer:
    • Refine Criteria window shows only category based search irrespective of whatever searches selected by the user.
    • Performance enhancement of the correlation report
    • Tips option issue in EventVault Explorer.
    • EVE exceeds the max configuration allowed.
    • Count mismatch shown in search result page
    • Count mismatch when data is refined.
    • Problem with click on Tag cloud item.
    • Refine window showing in-correct refine data (showing data which was not searched for)
  • Install:
    • Installation fails if the SQL instance in not SQLEXPRESS
    • NTLM issues found in EventTracker Install Configuration & Update users list.
    • Event import utility (getallevt.exe) does not work on vista or above systems.

EventTracker 7.2 (Build 38)

  • Status tab for auto-discovery and monitoring of systems and applications/ports.
  • Ack and notes for incidents.
  • Visual correlation rules builder.
  • Run correlation rules as a report on archived data.
  • MS SQL 2008 R2 may be used as the internal configuration db.
  • New Compliance dashboard for at-a-glance status.
  • MSI packages for agent install.
  • New report to track all EventTracker configuration changes.
  • SCAP Benchmark Profile Editor.
  • DLA Extension feature to pre-process third party log files Support for awstats (Webserver log processing) and Linux Audit logs.
  • EventVault Explorer performance is greatly improved.
  • Licensing module at agent no longer requires Internet access; agents validate license from an existing.
  • Search indexing feature optimized for better performance disk usage.
  • Internal limit of 10 VCPs is removed.
  • Option to add an alert from existing event by right click.
  • Windows agent configuration is now modular and can be separately updated.
  • Categories can be displayed under any tab (no longer fixed).
  • Search index Keyword statistics can be sorted by occurrence or alphabetical.
  • Mapping of severity of VMware and Checkpoint events is now performed.
  • Windows agent upgrade process checks to prevent incompatible changes; version info is shown.
  • Agent Management Tool is enhanced for usability.
  • Change Audit agent is now configurable from web console.
  • Diagnostics dashlet has new option to stop/start/restart any service.
  • Report titles can be of any length now.
  • New custom data import feature for Systems/Groups.
  • Custom data feature for system selection in EventTracker Agent Management Tool.
  • VMware and Checkpoint events severity mapping is provided
  • Astaro Security Gateways(Category and Alerts)
  • Barracuda firewall (Category and Alerts)
  • Cisco WLAN Controller (Category and Alerts)
  • FortiAnalyzer (Category and Alerts)
  • Fortimail (Category and Alerts)
  • Cisco ACS TACACS+ (Category ,Alerts and reports)
  • Symantec Endpoint Protection (Category and Alerts)
  • Cisco Switch 3750 (Category and Alerts)
  • MS Exchange Server (Category and Alerts)
  • Cisco Firewall configuration changes (Category and Alerts)
  • USGCB Win7-x64 Energy
  • USGCB Win7-x86 Energy
  • Win 2003 Domain Controller STIG (MAC-1_Classified)
  • Win 2003 Domain Controller STIG (MAC-1_Public)
  • Win 2003 Domain Controller STIG (MAC-1_Sensitive)
  • Win 2003 Domain Controller STIG (MAC-2_Classified)
  • Win 2003 Domain Controller STIG (MAC-2_Public)
  • Win 2003 Domain Controller STIG (MAC-2_Sensitive)
  • Win 2003 Domain Controller STIG (MAC-3_Classified)
  • Win 2003 Domain Controller STIG (MAC-3_Public)
  • Win 2003 Domain Controller STIG (MAC-3_Sensitive)
  • Win 2003 Member Server STIG (MAC-1_Classified)
  • Win 2003 Member Server STIG (MAC-1_Public)
  • Win 2003 Member Server STIG (MAC-1_Sensitive)
  • Win 2003 Member Server STIG (MAC-2_Classified)
  • Win 2003 Member Server STIG (MAC-2_Public)
  • Win 2003 Member Server STIG (MAC-2_Sensitive)
  • Win 2003 Member Server STIG (MAC-3_Classified)
  • Win 2003 Member Server STIG (MAC-3_Public)
  • Win 2003 Member Server STIG (MAC-3_Sensitive)
  • Win 2008 Domain Controller STIG (MAC-1_Classified)
  • Win 2008 Domain Controller STIG (MAC-1_Public)
  • Win 2008 Domain Controller STIG (MAC-1_Sensitive)
  • Win 2008 Domain Controller STIG (MAC-2_Classified)
  • Win 2008 Domain Controller STIG (MAC-2_Public)
  • Win 2008 Domain Controller STIG (MAC-2_Sensitive)
  • Win 2008 Domain Controller STIG (MAC-3_Classified)
  • Win 2008 Domain Controller STIG (MAC-3_Public)
  • Win 2008 Domain Controller STIG (MAC-3_Sensitive)
  • Win 2008 Member Server STIG (MAC-1_Classified)
  • Win 2008 Member Server STIG (MAC-1_Public)
  • Win 2008 Member Server STIG (MAC-1_Sensitive)
  • Win 2008 Member Server STIG (MAC-2_Classified)
  • Win 2008 Member Server STIG (MAC-2_Public)
  • Win 2008 Member Server STIG (MAC-2_Sensitive)
  • Win 2008 Member Server STIG (MAC-3_Classified)
  • Win 2008 Member Server STIG (MAC-3_Public)
  • Win 2008 Member Server STIG (MAC-3_Sensitive)
  • DISA STIG IE8 (MAC-1_Classified)
  • DISA STIG IE8 (MAC-1_Public)
  • DISA STIG IE8 (MAC-1_Sensitive)
  • DISA STIG IE8 (MAC-2_Classified)
  • DISA STIG IE8 (MAC-2_Public)
  • DISA STIG IE8 (MAC-2_Sensitive)
  • DISA STIG IE8 (MAC-3_Classified)
  • DISA STIG IE8 (MAC-3_Public)
  • DISA STIG IE8 (MAC-3_Sensitive)
  • ET71P10-003 : Allow manual configuration in EventVault storage path.
  • ET71P11-004 : Remote Agent deployment failures due to password encryption mismatches, service logon failure.
  • ET71P10-005 : Netflow port configuration errors in Manager configuration page.
  • ET71P11-006 : Change Audit remote Agent deployment failures.
  • ET71P11-007 : CAB transfer failures due to missing Archive folders on CM.
  • ET71P11-008 : LogFileParser crash while processing Netflow logs.
  • ET71P11-010 : CAB transfer failures due to initialization failure of CP.
  • ET71P11-011 : Add/view of report notes issue in 64 bit systems.
  • ET71P11-012 : 64 bit msg translation issues (only zip file contains agent dll, message dlls folder)
  • ET71P11-013 : Displaying report/analysis configured for a CP.
  • ET71P11-014 : Incomplete log search results from EA logon failure activity.
  • ET71P11-015 : Error in alert dashboard when duplicate system names are displayed.
  • ET71P11-017 : EventTracker Diagnostics performance issues
  • ET71P11-018 : EventTracker Agent deployment failures due to password encryption issues.
  • ET71P11-020 : Invalid EventTracker links in RSS feeds.
  • ET71P11-021 : Alert notification cache purging issues.
  • ET71P11-025 : EventTracker Receiver buffer overflow issues.
  • ET71P11-026 : DLA mode support, task/severity map changes for VMware events.
  • ET71P11-030 : EventTracker Diagnostics locking cache files and causing EC file backlog.
  • ET71P11-031 : Error when special chars are entered during alert configuration.
  • ET71P11-032 : Leftover CAB files, EC2 files under Cache\ttw folder.
  • ET71P11-033 : Synchronization issues with Collection Point configuration database.
  • ET71P11-034 : Fetch complete list of EventTracker users from the active directory.
  • ET71P11-035 : Delay while opening EventVault GUI when more number of Archives available.
  • ET71P11-037 : Agent DLA file transfer failures and EventVault failures in processing left over CAB files.
  • ET71P11-039 : EventTracker Receiver high CPU usage while processing TCP connections.
  • ET71P11-041 : “Unknown error” issue while installing EventTracker Agent for systems whose name can not be resolved.
  • ET71P11-043 : Data mismatch in Netflow reports
  • ET71P11-044 : TCP connection issues due to incomplete message header during DLA file transfer.
  • ET71P11-045 : Some of the events were getting missed in DLA mode from vista agent.
  • ET71P11-048 : EventTracker Receiver buffer overflow issues when Alert Notification Status option is disabled.
  • ET71P11-049 : Event filters and exceptions are not getting evaluated properly.
  • ET71P11-050 : Windows DHCP server log files are not getting processed completely with LFM.
  • ET71P11-051 : Alert action is being performed even if the risk is less than the threshold value.
  • ET71P11-053 : Display of blank system tree while editing a report with “All systems” selected.
  • ET71P11-055 : EventTracker Agent deployment failures due to corrupt credentials.
  • ET71P11-058 : EventTracker Receiver issue where IP address is incorrectly resolved for some syslog sources.
  • ET71P11-060 : Recipients name is getting truncated in emails generated for alerts.
  • ET71P11-061 : Move archives failure issue in EventVault GUI.
  • ET71P11-063 : Change Audit Agent issue where comparing a policy causes the service to stop unexpectedly.
  • ET71P11-064 : EventTracker Agent memory leak while performing SID translation.
  • ET71P11-065 : Change Audit Agent issue where service fails to start on Windows 2000 system.
  • ET71P11-066 : Characters are getting truncated in emails generated for alerts when event description contains “=” character.
  • ET71P11-070 : Agent service stops while translating event description that contains large amount of insertion string.
  • ET71P11-071 : EventTracker Receiver memory leak in Forward as syslog alert action and improvements in performing alert notifications.
  • ET71P11-072 : Direct Log Archiver is truncating some events.
  • ET71P11-073 : “Invalid Pointer” error occurring while generating reports.
  • ET71P11-076 : Change Audit snapshot engine issue where it fails to detect changes in system directory of 64-bit operating system.
  • ET71P11-077 : EventTracker Receiver stops collecting events after 30 days if evaluation license is used.
  • ET71P11-079 : Direct Log Archiver is getting stuck on post vista systems while moving files to completed folder.
  • ET71P11-081 : Enterprise Activity engine fails to insert admin activity data properly.
  • ET71P11-082 : EventTracker Agent fails to translate the GUID in the description on post vista systems.