Softpedia >Windows >System >System Info >GFI EventsManager >  Changelog

GFI EventsManager Changelog

What's new in GFI EventsManager 2013 13.0.0 Build 20130116

Jan 29, 2013
  • Active network and server monitoring based on monitoring checks is now available and can function in conjunction with the log based monitoring system in order to provide a complete and thorough view of the status of your environment
  • The unique combination of active network and server monitoring through log-based network and server monitoring provides you not only with incident identification but also with a complete set of logs from the assets that failed, making problem investigation and solving much easier
  • Enhanced console security system helps complying with best practices recommendations that imply access to data on a “need-to-know” basis. Starting with this version, each GFI EventsManager user can be assigned a subset of computers that he/she manages and the console will only allow usage of the data coming from those configured computers while the user is logged in
  • New schema for parsing XML files, available by default, that enables monitoring of XML–based logs and configuration files
  • New schema for parsing DHCP text logs that enables monitoring of DHCP IP assignment
  • More flexibility for storing events: the new database system has been updated to include physical deletion of events for easier maintenance and collection to remote databases
  • Hashing of log data for protection against attempts at tampering with the logs coming from outside the product, enables enhanced log consolidation and security
  • New reports for J Sox and NERC CIP compliance

New in GFI EventsManager 11.0.0 Build 20110207 (Feb 25, 2011)

  • Oracle Audit Support:
  • Many companies use Oracle database servers and the activity on these servers need to be monitored for security or regulatory compliance purposes. GFI EventsManager 2011 can now process Oracle audit records for versions 9i, 10g, and 11g.
  • Export Events into Customizable HTML files:
  • With the new GFI EventsManager 2011, it is now possible to export events from the event browsers into HTML format, based on templates which can be customized. These templates make it possible to choose the columns for reporting and perform column mappings. The layout of the HTML template can also be customized by editing the corresponding .css file.

New in GFI EventsManager 11.0.0 Build 20110128 Beta (Feb 2, 2011)

  • NEW: Added Oracle audit support for Oracle 9i, 10g, and 11g.
  • NEW: Speed optimization on rules processing.
  • NEW: Custom HTML reports.
  • FIXED: EventsManager stops collecting Syslog and W3C events when SQL Audit was not enabled from the license.
  • FIXED: The service takes a long time to start.
  • FIXED: Errors when creating the database in some situations.
  • FIXED: Scheduled maintenance job start time changes while the maintenance job is running.

New in GFI EventsManager 9.0.0 Build 201005263 (May 28, 2010)

  • Auto-archive All Events into Files:
  • Due to the relatively large number of events that must be kept for investigation and compliance purposes, it takes no time for the events database to reach its maximum capacity. To alleviate this issue, GFI EventsManager now allows administrators to auto-archive all events into files in parallel with processing the events through rules with important events only being saved into the database.
  • Improved Dashboard:
  • The GFI EventsManager dashboard now includes a number of filtering-enabled charts to provide administrators with fast and easy access to the data they need as they go about their day. These include the top critical and high importance rules triggered within a certain period of time, the top 10 users who fail to log on or who log on during and outside working hours, service status across network, how many events are stored in the database per log type and a comprehensive graph based on Windows events that shows network connections at application and user level (available for Vista and newer Windows Oss only). The dashboard is highly customizable and can be zoomed individually in separate windows that can be automatically arranged on the desktop to show real time data about the most important events.
  • One-click Rule and Filter Creation:
  • You can now create processing rules and filters for Windows events by simply right-clicking on event details in the Events Browser Tool. New rules are automatically saved into a new rule set called User Rules and will have the least priority by default.
  • Password Recovery:
  • GFI EventsManager now enables a password reminder email to be sent to the administrator’s registration email address should they lose or forget it.
  • Detection of Windows Events that Refer to Administrators:
  • GFI EventsManager can now detect if a Windows event refers a user who is an administrator user, a feature that is required by certain regulations. GFI EventsManager checks the details of events and probes whether the user names or SIDs in question correspond to administrator users. The product can also track changes in rights assignment so that if a user becomes or stops being an administrator by the time an event has been generated, GFI EventsManager will report accordingly. To use this feature in domains, one must scan the domain controller before scanning other machine members.
  • Improved Reporting
  • The GFI EventsManager ReportPack now includes the following reports:
  • Users who deleted files - This report shows which files have been deleted and by which users.
  • Service status - This report shows the services that have been run, have failed to start or which stopped unexpectedly.
  • HTTP traffic monitoring - This report shows the web accesses by client IP and URL. This report will typically process information for W3C logs created by applications like Microsoft ISA Server or Web servers.
  • Other features include:
  • Optimized processing rules to better classify events and reduce the number of email alerts
  • Synchronization of the list of computers to be scanned with a text file
  • Auto-refreshing the information in browsers
  • The possibility to stop executing the queries in the browsers

New in GFI EventsManager 8.1 Build 20080702 (Oct 13, 2009)

  • NEW: Reminder-ware and eCommerce integration
  • NEW: DICR optimizations: (i) Improved quick start dialog (ii) Quick start guides for adding event sources, creating rule and working with database operation (iii) From the reporting page you can download and install the report pack as well as launch open it once it is installed (iv) Improved installation process
  • NEW: SNMP traps v2 alerting support
  • NEW: Support for passing field names as parameters in run command actions for rules
  • FIXED: ESM stops collecting Syslog and w3c events when SQL Audit was not enabled from the license
  • FIXED: Logging system was enhanced, it doesn’t create anymore empty files
  • FIXED: Import settings when the database contained null filters
  • FIXED: Installation kit on 64 bit systems, the dependencies were not detected correctly in all situations
  • FIXED: Added option in database operations for exporting data from main database or backup database
  • FIXED: Problem with encryption, on some machines encrypted data cannot be decrypted correctly
  • FIXED: Random crash in w3c collector
  • FIXED: Email alerts bug caused by invalid characters in xml
  • FIXED: Encryption now works when FIPS compliant algorithms are required
  • FIXED: Import of factory settings now works for changes on default items too
  • FIXED: Some MIB import issues related to presence of multiple new line characters
  • FIXED: Import issues related to database operations and alerting settings
  • FIXED: A crash in command line export tool
  • FIXED: Import of Application and service logs now works
  • FIXED: Problem with queries that contain “.”
  • FIXED: Problem with events category classification, settings were no longer retained after upgrade
  • FIXED: Some issues in MIB Importer and also added better error reporting
  • FIXED: The Process events – selected machines link from the Quick Launch Console did not work
  • FIXED: Reporting page - some UI updates
  • FIXED: Reporting page - Cancel button needed to be clicked twice to stop the downloads
  • FIXED: Changed the way Microsoft Visual C++ run-time files and operating system components required by EventsManager8 are installed. This will fix some random bug in installing these files.
  • FIXED: Some UI fixes regarding reminder-ware
  • FIXED: Some text were corrected

New in GFI EventsManager 8.0 Build 20080218 (Feb 27, 2008)

  • NEW: Extended support for various devices by adding SYSLOG rules for Juniper Networks devices
  • NEW: Select all SQL servers option from the �Add SQL servers� dialog
  • NEW: Export query results directly to CSV from event browsers
  • NEW: Possibility to filter on �Rule Name� in reports from Report Pack
  • NEW: Comprehensive sets of on SNMP traps and SQL Server Audit filters
  • NEW: All the data from SQL server audit columns appear in description panel
  • FIXED: Server name does not appear in Database Server Groups after restarting the application (Windows Vista)
  • FIXED: SQL Server Audit Browser -> Find Events -> Filter for "Date" column works incorrectly
  • FIXED: SQL Server Audit -> rule is triggered even if you set "Outside the normal operational time" (Window Vista)
  • FIXED: SQL Server Audit -> SQL Server Group Properties -> Operational Time -> for all collected events, the value for �In work hours� column is �NO� whether time intervals are marked or unmarked
  • FIXED: Rule -> A message appear when try to create a new action profile
  • FIXED: SQL Server Audit -> rule changes do not refresh in real time (Windows Vista)
  • FIXED: The shortcuts on the "logon information" window in the installation kit are not working
  • FIXED: SQL Audit rules -> Changing the security type does not work properly
  • FIXED: The number of events in SQL Audit Browser does not change if you right click -> "refresh" (Windows Vista)
  • FIXED: SQL Audit -> Not all events are collected (Windows Vista)
  • FIXED: SQL Server Audit -> events are collected with wrong credentials (inherited) on a SQL 2008 server (Windows Vista)
  • FIXED: The service does not start if the database server is not configured
  • FIXED: Jobs from Database Operations are not imported when upgrading from ESM 7.1 to ESM 8.0
  • FIXED: Cannot delete jobs from "Database Operation"
  • FIXED: From the Quick Start Dialog -> "Configure Event Sources" status appears "Not configured" even for SQL Servers that are added for Scanning
  • FIXED: SQL Server Audit -> events are not processed correctly if all the default processing rules are checked and inherited (Windows Vista)
  • FIXED: Syslog isn't on the global event count
  • FIXED: The last job from the database operations are not deleted
  • FIXED: physical date/time does not appear in some events in the same w3c log file (Windows Vista)
  • FIXED: SQL Server Audit -> Big delays between changes in configuration (Windows Vista)
  • FIXED: Windows Event Browser -> Find events -> Filters do not work
  • FIXED: When collecting w3c logs, collecting does not stop after the computer is disabled, and collects all the events from a certain w3c file (Windows Vista)
  • FIXED: SQL Audit - If you scan with rules no statistics appear on monitor
  • FIXED: SQL Server Audit -> Changes to default classification actions are not applied to rule processing until service is restarted (Windows Vista)
  • FIXED: The user interface does not start on Windows XP SP1
  • FIXED: SNMP Traps Messages -> Find Events >filter for "Date column" work incorrectly
  • FIXED: Windows Events Browser -> Different results for a query with the same condition in Security category and the all events section
  • FIXED: Database Operation -> A schedule job doesn't start automatically at specified hour
  • FIXED: Crash on network interruption
  • FIXED: All the data from SQL server audit columns should appear in Description panel
  • FIXED: ESM Instance changed isn't update at next scan
  • FIXED: When upgrading from ESM 7.1 to ESM8 email alerts doesn't work
  • FIXED: Schedule settings for Database Operation are not imported
  • FIXED: The refresh for custom logs queries in "Windows Events Browser" does not work when importing settings
  • FIXED: The user interface crashes in some situations
  • FIXED: Refresh does not work for events in "Event browsers" when importing settings
  • FIXED: Scheduled Database Operations do not disappear when importing configurations
  • FIXED: W3C events -> At collecting events, value for "In work hours" column is always "No"
  • FIXED: Emails not coming for EVT events gathered
  • FIXED: Export events gathered to a CSV file
  • FIXED: Some event fields are not exported correctly to a CSV file
  • FIXED: SQL Server Audit -> "Application name" is not stored correctly in the database on certain events (Windows Vista)
  • FIXED: W3C events -> Queries -> "Failed to connect the database" appears for a wrong value for "S-port" field
  • FIXED: W3C events Browser -> "There are no events in the current log� appears if try to sort via "CS-uri Stem" or 'CS-uri Query" columns
  • FIXED: Database operations are running every time I restart ESM service
  • FIXED: EnableDisable "Computers Groups" does not work
  • FIXED: Computer properties -> ESM crashes if check "Process using this rule set" and rule set aren't checked
  • FIXED: Problem with storing credentials for ESM users
  • FIXED: Component Configuration Quick Start -> Configure administrator account -> Status remains "Not configured" even Administrator account is configured
  • FIXED: SQL Audit -> events are not collected after system restart
  • FIXED: SNMP Traps -> Trap OID not displayed correctly in browser (Windows Vista)
  • FIXED: Sometimes SMS Alert properties are applied only after the service is restarted (Windows Vista)
  • FIXED: Saving filters in events browsers might trigger an error if the name of the filter is the same of another existing one even if it is on a different group

New in GFI EventsManager 8.0 Build 20080115 Beta 1 (Jan 19, 2008)

  • NEW: Ability to collect and process the events specific to Vista and Longhorn
  • NEW: Seamless integration of Vista/Longhorn events with the existing features like filters, rules, browsers and database operations
  • NEW: Support for processing SNMP traps version 1, 2 and 3
  • NEW: Standard MIB translation included
  • NEW: Support for processing SQL Server events through SQL Audit
  • NEW: Support for processing SNMP traps and SYSLOG messages on TCP
  • NEW: The console can now be accessed in read-only mode
  • NEW: Users and groups can be assigned read-only or full privileges to work with the configuration console
  • NEW: There is a new log file which records all the actions performed by the user in the configuration console
  • NEW: Various user interface elements have been optimized for better usage
  • NEW: Reports from the previous version have been updated to work with Windows Vista events as well
  • NEW: New generic Windows Events report with the possibility to filter on Event ID
  • NEW: Generic SNMP traps report
  • NEW: Generic report for SQL Server audit
  • NEW: Added tab page settings for SQL Audit groups

New in GFI EventsManager 7.1 Build 20070328 (Apr 20, 2007)

  • Improved reliability: This new add-on does not require a target SQL Server to be available during events data transfer since data is transferred from source to destination as a binary file. In addition the file export/import system is equipped with an algorithm which checks whether the data transfer has been successfully completed or not.
  • Database backup capabilities: The WAN Connector & Database Operations add-on allows users to:
  • Backup or move events to an offline database.
  • Export events data to compressed binary files. These binary files not only consume very little storage space but can also be optionally encrypted for security and legal compliancy reason.
  • Greater flexibility:
  • The WAN Connector & Database Operations add-on is not limited to one destination database backend. Users can export events to multiple binary files as well as specify the destination folder(s) where these files will be located.
  • The events data export and import functions are carried out in 2 distinct operations/sessions. After an export to file operation has been completed, users can choose to immediately proceed with the import operation or else schedule this activity for later.
  • The WAN Connector & Database Operations add-on allows the configuration of default/custom filters that define which data will be exported or imported from a backup file.
  • Wider compatibility: The WAN Connector & Database Operations add-on is no longer dependent on Data Transformation Services technology to transfer events data from a remote site to a central location. Events data is now exported to a compressed binary file, and can be converted/imported to any required/supported database format (not necessarily SQL Server format) at destination.
  • Higher savings:
  • Less Storage space � As opposed to a database, binary files require less physical storage space. The WAN Connector & Database Operations add-on allows user to exports events to a compressed binary file which reduces events data storage requirements by 98%.
  • Bandwidth � Since binary files are smaller in size than database files, less bandwidth is require to transfer events data over the WAN.

New in GFI EventsManager 7.0 Build 20061214 (Dec 16, 2006)

  • Support for SYSLOG messages and W3C format logs. This allows users to collect events from environments running both Windows and Linux operating systems as well as from all hardware and software that can generate Windows events, Syslog messages and W3C events. These including devices such as firewalls, routers, PABXs, access control systems, finger-print and biometric readers and more. NOTE: Work is presently underway to include support for custom Windows Event Logs in future builds.
  • Totally rebuilt user-interface which groups together configuration, monitoring, processing and browsing of events into a single user-friendly console!
  • Equal event processing abilities for all event sources supported.
  • Support for computer profiles, which allow grouping of computers and definition of log/event management at group level!
  • Simplified start-up configuration through the use of a Quick Start Dialog.
  • Highly improved speed for event collection!
  • Multithreaded event collection support.
  • Event processing dashboard, through which you can monitor your hardware and software activity network-wide.
  • Support for multiple monitoring views, which also include graphical representations of the event collection and processing status of GFI EventsManager.
  • Added support for new alerting options (multiple SMS engines, multiple email servers, definition of users and groups, etc.)
  • Ships with a state of the art reporting tool which uses GFI ReportCenter technology. This dedicated reporting tool includes a dedicated pack of reports � the GFI EventsManager ReportPack which includes reports specifically tailored to present the information collected by GFI EventsManager in a clear and printer friendly fashion.