EventTracker 7.3 – Release Notes

The EventTracker engineering team continues to monitor changes in operation management, enterprise applications, and regulation compliance standards. Version upgrades are made based on customer feedback and experience in the field, providing you the best solution possible.

EventTracker 7.3 (Build 59)

  • Feature for accepting wild cards in IP behavior filters. (ET73U12-043)
  • Chart control changed from Microsoft to Telerik RAD.
  • Option provided in EventTracker to change Application & Chart themes.
  • Log-out option is changed to be under user drop down menu.
  • New accordion control included in the incident dashboard and incident search. Full incident description is displayed on expanding this control.
  • Font changed from Tahoma->Titillium->Arial.
  • Performance improvement in evaluating user defined behavior rules.(Update ET73U12-050)
  • Reporter service launches multiple process for same report. (ET73U12-033)
  • While importing a filter the description was not imported. (ET73U12-037)
  • Fix for handling multiple user filters during report generation for post vista events. (ET73U12-039)
  • Add monitoring option in system manager for syslog, solaris, cisco devices. (ET73U12-041)
  • syslog systems are included in system report; changes in syslog license verification. (ET73U12-047)
  • On deactivating a behavior rule the time of deactivation is updated in activation time column.
  • ‘For all users’ option available in behavior rules has been removed.
  • UI issues with respect to behavior dashboard.
  • UK Regional settings-Date/Time is found in mm/dd format.
  • Validation in Search incidents duration.
  • Allow dashlet title to be changed in keyword dashboard.
  • Validate non-us date settings issue in log search.
  • TCP syslog receiver is considering only the last part of syslog message if it is received in multiple packets.
  • TCP syslog receiver is combining multiple syslog messages in one event.
  • TCP syslog receiver stops on receiving large syslog messages.
  • EventTracker agent fails to disable USB drive if it is being used by some other process. (Update ET73U12-049)
  • Agent service fails to start on some systems.(Update ET73U12-049)
  • Agent configuration UI fails to open on some systems.(Update ET73U12-049)
  • EventTracker agent fails to monitor 64-bit application install/uninstall.(Update ET73U12-049)
  • High CPU usage by ChangeAudit service if sending snapshot files to server fails. (Update ET73U12-031)
  • Enhanced Agent side filters to allow negating the results of description match.(Update ET73U12-032)
  • USB monitoring events are not getting written to windows event log if application fails to get SID of the user.(ET72U12-126)
  • Fix for database and thread handle leaks in EventVault service.

EventTracker 7.3 (Build 44)

  • Server 2012 certification, support for IIS 8 and IE 10.
  • Performance enhancements for database bulk insertion in EA engine.
  • Keyword dashlet performance improvement.
  • Backup and restore feature added in diagnostics applet. (Update ET73U12-005)
  • SQL service max memory default setting raised from 1GB to 2GB
  • Rxer process max memory default increased from 250MB to 1GB
  • Configurable display of the log counters in login & log search pages
  • Configurable Indexer dashboard period based on which the trend graph will be shown in keyword indexer graph.
  • Reading of the event log count login and log search page.
  • EventTracker Agent incorrectly generates event for software install under certain user profiles. (Update ET72U12-115)
  • EventTracker Agent does not write event to windows event log if it fails to get SID of the user. (Update ET72U12-115)
  • Receiver memory corruption when alert suppression is turned on.
  • Flex reports not visible for non admin user in compliance dashboard
  • Menu error when a child menu has permission and parent is disabled
  • Home page in shown hierarchical order when a non-admin user logs in with limited menu privileges.
  • Incorrect handling of file system redirection on 64 bit pre-vista operating systems. (Update ET72U12-115)
  • Collection Point/Collection Master log file size grows beyond 5 MB, if the log file has already been backed up.
  • Unable to restore the specific backup file. (Bug #3641)
  • Duplicate systems added during upgrade
  • Reporter engine now checks for cab indexed while generating a report.
  • Reporter Engine now consider the cache path while generating a report
  • User is allowed to save the email id, send only notification and send as attachment radio buttons even if send e-mail check box is disabled (Bug #3635)
  • In Log View the user is not able to select Real-time and Logview checkbox together (#3637)
  • Cannot populate the users after install.
  • Memory leak in vista agent if LFM processing fails for a file.
  • High CPU usage by agent if LFM processing fails for a file.
  • Receiver stops processing events if alert suppression is enabled. (Update ET73U12-007)
  • Behavior engine fails to detect admin activity for some users. (Update ET73U12-012)
  • Behavior engine does not evaluate the rule correctly if space is provided as terminator for processing rule.
  • Behavior engine does not evaluate the rule correctly if space is provided as separator or terminator for breakup rule.
  • Extraction of user name and domain from description which was not happening in all cases ()
  • Reporter service now considers unindexed cabs for processing (Update ET73U12-010)

EventTracker 7.3 (Build 34)

  • User privilege improvements to allow sub-menu items.
  • Grouping of token-values is now supported.
  • Provided bulk acknowledge options in the incident search page.
  • Auto backup of configuration can be scheduled via Diagnostics applet.
  • Link provided on the event count in behavior trend analysis page for log search.
  • Changed options in report wizard, event vault, log search, log view pages for system selection.
  • Support for vista event log backup. (Update ET72U12-110)
  • Using default value of 1024 MB for SQL memory threshold (used when the configuration key is absent).
  • Receiver crash when log level is set to ‘Information’.
  • SQL service monitoring does not work correctly if more than one instance of SQL is configured on the system.
  • Missing dll “Microsoft.SqlServer.BatchParser”.

EventTracker 7.3 (Build 28)

  • Archiver enhancements: configurable VCP cache path, separate program threads are generated to monitor each VCP cache If separate hard disk spindles are provided for each VCP, this can increase event per second handling by 300%.
  • Log File Monitor now supports for log4j, log4cxx, log4net and log4php format.
  • Incidents are assigned unique ticket numbers for tracking. New screens to search for incidents. This enhancement is especially useful for Managed Service Providers using EventTracker.
  • Security and Operations dashboards redesigned to leverage keyword indexing for significantly faster display and response.
  • New wizard to automatically detect tokens in message descriptions. This greatly simplifies development of flex reports.
  • Geo-location of IP addresses is now configurable. External IP addresses detected in logs are displayed on a Google earth map with zoom/pan and street view feature included.
  • Behavior dashlets now support drilldown for fast analysis .
  • USB blocking feature of EventTracker Windows agent can now be configured by device family or range of serial numbers with wildcard matching.
  • Behavior rule configuration supports evaluation on user defined intervals and either fixed or learnt thresholds; positive or negative swings are configurable. (ET72U12-047)
  • Status Tracker now supports scheduled discovery. New systems or applications can be detected and added for monitoring on daily or weekly schedule. New event ids 2053 and 2054 are generated after scheduled discovery.
  • StatusTracker now supports detection and monitoring of websites (in addition to systems and applications).
  • Support for perfmon reports via PAL, a powerful tool to automatically monitor thresholds for Windows Servers and applications such as IIS, Sharepoint, SQL Server, BizTalk, Exchange, and Active Directory. See pal.codeplex.com for more information.
  • Correlation rules may now launch a script directly as an action. Previously, they generated a new event which in turn could be configured to launch a script as a remedial action.
  • New utility to find/replace any email ids configured in alerts or reports.
  • Web interface is now skinnable; two themes are included; menu items are reorganized based on user feedback.
  • Agent Management utility is updated for large installations. (ET72U12-087)
    • Results can be exported to CSV file.
    • New option to delete systems.
    • New option to remove agent components.
  • Disk space usage thresholds monitored by the EventTracker Windows Agent are now configurable as either a fixed value or a percentage.
  • EventTracker Agent for Vista or higher now fully supports the .evtx log file backup option. (Update ET72U12-110)
  • Correlator Engine and Behavior modules now consider only realtime logs.
  • Severity, Facility and Format options added for syslog message forward action under alerts.
  • EventTracker system manager uses new StatusTracker discovery methods (includes ping, snmp, dns, netbios).
  • Message token value management is moved to the Admin menu for consistency.
  • New option for purging SQL transaction logs in Diagnostics.
  • Two default EventTracker Windows Agent configuration templates are included, one for server installs and another for workstations.The File Transfer option is unselected in the workstation template.
  • System Inventory information reported by Change Audit module can now be exported to XLS.
  • Copy and paste of password is disabled in the login & other web pages where password is accepted.
  • Support for Event Id 0 in filters and alerts – If an event definition in filters or alerts contains event id field as 0, then it is no longer treated as a wildcard and it will only match the event that has id as 0. For matching all the event ids, the field should be kept blank.
  • Updated configurations file to add 2054 for in filter exception list.
  • Alert suppression details are now included in the alert e-mail. (ET72U12-096)
  • A new event id 2052 is generated whenever alert suppression is done. (ET72U12-096)
  • Added column based sort options in EventVault UI. (ET72U12-095)
  • WinSCP and SCAP distribution is configurable while deploying ET agent.
  • Log Search results display now supports direct go to a specific page.
  • MSXML6 is installed only if absent, while deploying EventTracker Windows Agent through the system manager.
  • Added following “Audit Success” event ids in agent filter exception list.538,540,551,610,611,617,618,620,647,672,682, 683,685,687,689,690,691,692,693, 694,807,4634,4647,4688,4706,4707,4713,4714,4715, 4716,4742,4765,4778,4779, 4781,4782,4783,4784,4785,4786,4787,4788,4789,4790,4793,4794,4865,4866,4867,4907,4912
  • Hardening Guide For EventTracker Server.
  • EventTracker-Integrating McAfee ePolicy Orchestrator.
  • EventTracker: Removable Media Device Monitoring.
  • Configuring Session Timeout Settings in IIS.
  • EventTracker-Integrating Imperva SecureSphere.
  • EventTracker-Monitoring Exchange Server.
  • EventTracker-Monitoring Sharepoint Server.
  • EventTracker-Agent on Non-English systems.
  • EventTracker-Backup and Restore Guide.
  • EventTracker-Collection Point Tool.
  • EventTracker-Virtual Appliance Quick Start Guide.
  • EventTracker-Text messaging using Textbelt API.
  • RSA Secure Id (Categories and Alerts)
  • Integrating PAL with DLA Extension
  • Check Point Provider-1 R75 firewall and IPS(Categories, Alerts, Misc Reports)
  • LOG binder SP (Categories, Alerts, Flex Reports)
  • Microsoft TMG(Categories, Alerts)
  • Microsoft UAG(Categories, Alerts)
  • McAfee IntruShield IPS(Categories, Alerts, Flex Reports)
  • Palo Alto Firewall (Categories, Alerts)
  • Sonic Wall Aventail SSL VPN(Categories, Alerts)
  • Aruba OS (Aruba Mobility Controller) (Categories & Alerts)
  • Raritan CommandCenter Secure Gateway. (Categories & Alerts)
  • VMware vSphere Tasks and Alarms Flex reports.
  • Updated EventTracker Admin audit event category
  • New category and alerts : No events received in last 24 hour
  • New category : Resource scheduled discovery completed
  • New category : Resource scheduled discovery invoked
  • Updated VMware ESX: User authentication failed category and Alert rule set.
  • Windows Time service(Categories, Alerts)
  • F5 BIG-IP LTM (Categories, Alerts)
  • Corrected case from “Syslog” to “syslog” in agent configuration interface.
  • The ‘Select SQL Instance’ dropdown in Prerequisite screen is shown only when there are multiple instances of SQL installed.
  • Delayed launch of the reports processor. (ET72U12-039)
  • Error while importing multi-site reports. (ET72U12-041)
  • Adding DLA system name when EVT/EVTX files are configured in manager DLA. (ET72U12-073)
  • Performance enhancements in EventTracker Agent for log file monitoring. (ET72U12-076)
  • EventVault backup and move options retain the folder structure. (ET72U12-082)
  • Direct Log Archiver does not handle EVT/EVTX files that contain multiple system names. (ET72U12-083)
  • Fix for issue where deploying EventTracker Agent reports incorrect status. (ET72U12-091)
  • Sometimes the user name for event id 3248 contains junk characters. (ET72U12-094)
  • Incorrect alert suppression details. (ET72U12-096)
  • Deleting the archive record if cab file is not found while purging. (ET72U12-102)
  • Implemented timeout for processing system manager requests. (ET72U12-103)
  • High memory usage by alerter service. (ET72U12-105)
  • TrapTracker Receiver high memory usage while processing trap. (ET72U12-106)
  • Agent crash issue while processing some .NET 4.0 events. (ET72U12-109)
  • Maintaining the rows per page and page number after entering notes in the scheduled/queued reports page.
  • Change Policy Dashboard in Change Audit fails to list the details of changes detected when 64-bit SQL Server is used. (ET72U12-089)
  • Wrong display of version in the system report. (ET72U12-092)
  • Allow zero as “Drop rate” while configuring netflow.
  • Retain at least one Admin user for the EventTracker application.
  • Fix to display the images in the HTML reports generated or managed by EventTracker application.

Note: Updates numbered as ET72U12-NNN may be applied to v7.2 installations.