Information: Forum is in read-only mode
For details and other support options see

[closed] EventReporter 9.0 (Build 288) RB - 2007-08-01

Support, Questions and Discussions on EventReporter

Moderator: alorbach

Google Ads

[closed] EventReporter 9.0 (Build 288) RB - 2007-08-01

Postby alorbach » Fri Mar 16, 2007 4:24 pm


The Rolling Beta program is open, features and bugfixes will be added continuously.
The changelog below helps you to keep track on the changes.
Feel free to test this new rolling beta version, if you are experiencing any problems,
kindly let us know via support email ( or this forum.

A note on Win32 and x64 Edition
EventReporter is available for 2 platforms. Since Build 287, bot Editions are unified in one Setup file, this includes the win32 platform and the x64 platform. If you had win32 installed before, your installation will be upgraded to x64 automatically without loss of any configurations.

:arrow: Download of the Win32 rolling beta
:arrow: EventReporter 9.0 Rolling Beta Manual

Below the change since version 8.3:

:!: 2007-08-01 / build 288
:arrow: Features/Enhancements
- Filter Engine: Added new special Filter called "FileExists", this filter kindly checks if a file does exist or not.
- EventLog Monitor: Added an advanced option for better Thirdparty EventLog support. It is used to set default buffer for EventLog entries. For thirdparty eventlog implementations like NetApp, we recommend a higher default buffer of at least 65536 bytes. To avoid missunderstanding, this new feature _DOES NOT_ limit the maximum size of EventLog messages in any kind!
- EventLog Monitor: Added an option to force using local eventlog message libraries instead of the remote machines ones. Somethimes local event sources are more reliable, or required for Thirdparty EventLog implementations.
- Forward Syslog Action: Added a new major feature into this Action, Diskqueue. This new option is only available for TCP based Syslog. Whenever a connection to a remote syslog server failes, the action starts caching the syslog messages in a local temp file. The folder for these files can be configured. You do not need to worry about multiple Actions using this feature, the filenames are generated using a unique GUID which is automatically generated for each Action. Once the Syslog target becomes available again, the cached messages are being sent automatically. If you restart the Service while the Syslog Cache was active, it cannot be checked during service startup if the Syslog target is available now. Once the action is called again, the check is done and if the syslog target is available, the messages are being sent. The size of this cache is only limited by the disk size. Files are splitted by 10MB by default, but this can also be configured. The maximum supported file size is 2GB.

:!: 2007-07-09 / build 287
:arrow: Features/Enhancements
- Setup: The Win32 and x64 edition are now unified in one installation package! This means ONE Setup, both editions - automatically detected during the installation. So if you install EventReporter on a Win32 based System, the Win32 Version of the Service will be installed. If you install EventReporteron a x64 based system, the x64 Version of the service will be installed.

:!: 2007-06-28 / build 285
:arrow: Features/Enhancements
- Property Engine: Added property replacer option "compsp", to compress spaces inside a property
- Core Engine: Enhanced performance of debuglogging and added more debug outputs into certain areas of the EventReporter Service.
- Core Engine: Implemented advanced memory management which is available on Windows XP/2003 and higher. This will speeds up overall processing in general depending on your Services and Actions.

:arrow: Bugfixes
- EventLog Monitor: ActiveDirectory GUID resolution now is set to true by default when we process the security log (and only than). This matches configuration program behaviour.
- Rule Engine: Fixed a bug that could cause the product to become unresponsive after an error in an action.
- Property Engine: Fixed a bug which could leed to invalid detections of search strings.

:!: 2007-05-23 / build 284
:arrow: Features/Enhancements
- Property Engine: Added new property $NOW, which is the local time in the format YYYY-MM-DD HH.MM.SS. Note that "." is used instead of ":" in the timestamp to make this value suitable for filename-generation.
- EventLog Monitor: The EventLog can now be automatically cleared (either after n number of polling cycles or after a specified hour). It also possible to backup the eventlog before deleting it. Please note that an empty log may also be saved just after a clear. So far, applies to Event Log Monitor V1 only.

:!: 2007-05-07 / build 283
:arrow: Bugfixes
- Syslog Action: Fixed a bug where a UDP socket send returned with "WSAEMSGSIZE (10040) Message too long" when an oversize packet was tried to be sent. The message is now simply trunscated, there is no other option available to handle such cases.

:!: 2007-04-25 / build 281
:arrow: Features/Enhancements
- Send Syslog/Setp Action: It is now possible to configure a service name for the port instead of a number only. This service name will be used to make a port lookup in the system services file. This feature was added by a customer request.
- Core / Command Line: Added a new command line option -o. This MUST be specified together with -r and MUST be immediately after -r (as the second option). If specified, the service does a single run of InforSources supporting that property and then terminates. So far, only the event log monitor supports this option.
:arrow: Bugfixes
- EventLog Monitor (SID Cache): A bug which could occur when a SID could not sucessfully resolved could lead to unexpected internal EventLog Monitor Service interruptions. This bug has been removed now.

:!: 2007-04-11 / build 280
:arrow: Bugfixes
- EventLog Monitor: Fixed a bug which caused an internal shutdown of the Eventlog Monitor when more than one Eventressource was used. This bug was introduced due the changes in Build 279

:!: 2007-03-16 / build 279
:arrow: Features/Enhancements
- EventLog Monitor: Added support for Resolving ActiveDirectory Schema GUID's as some Security Events on Domain Controllers have them. For Example Event 565, which usually has a lot of these Schema GUID's! The GUID's are internally cached to speed up EventLog processing operations.
- Forward Syslog Action: Added support for sending multiple messages over a persistent syslog/TCP connection. This is especially useful when talking to syslog-ng, but also if rsyslog is used on the remote end.
- Forward Syslog Action: Added capability to force -transport-tls like octet-counted framing for syslog/TCP connections

:arrow: Bugfixes
- SendEmail/Syslog Action: This is for Actions using TCP (So applies only if the Syslog Action was configured with TCP). A Send/Receive TimeOut of 30 seconds has beend added into into these actions to avoid possible lockdowns of a service.
- PortProbe If the hostname was to long, this could cause the portprobe to fail interally if the portprobe failed resolving the DNS Name.
Site Admin
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Google Ads

Return to EventReporter

Who is online

Users browsing this forum: No registered users and 0 guests