Softpedia >Windows >Network Tools >Network Monitoring >EventLog Analyzer >  Changelog

EventLog Analyzer Changelog

What's new in EventLog Analyzer 12.4.3 Build 12460

May 7, 2024
  • Features:
  • Dark web monitoring:
  • You can now scan the deep and dark web continuously for leaked credentials and personal information associated with your organization, employees, and third-party vendors in EventLog Analyzer through our partnership with Constella Intelligence.
  • You can identify if your domains or other digital assets have been compromised in supply chain breaches through real-time alerts and investigate and respond to threats quickly and efficiently.
  • Integration with ManageEngine's EDR, Endpoint Central:
  • EventLog Analyzer now integrates seamlessly with ManageEngine Endpoint Central, fortifying your endpoint security posture. This integration enables you to:
  • Leverage advanced correlation rules and custom alert profiles to detect potential exploits targeting vulnerabilities and misconfigurations.
  • Detect privilege escalation and lateral movement attempts, zero-day vulnerability exploitation, and more.
  • Mitigate threats efficiently by approving and deploying patches directly through new incident workflow actions.

New in EventLog Analyzer 12.4.3 Build 12440 (Apr 14, 2024)

  • Enhancements:
  • Precise reports of technicians' activities have been improved to provide precise and concise reports of their actions. In addition to resource name and action, new fields include a descriptive text message, user IP address, edit country, and status. You will also be able to view the old and new values in case an update is made.
  • The internal flow has been modified to improve security. Furthermore, a product clean up has been conducted with the intention of eliminating unused libraries and files. This also contributes to the reduction of overall installation size.
  • Fixes:
  • The following issues in IIS server log collection have been fixed.
  • Previously, any modifications to the log location or file patterns in the IIS server did not reflect in EventLog Analyzer. This issue has been resolved, and all changes will be auto-updated in EventLog Analyzer.
  • For IIS Servers added under Other Devices, the issue in collecting logs via WMI has been fixed. Additionally, users will now have the option to provide their WMI credentials or Admin credentials for WMI and site log collection.
  • An issue in collecting ETW log format has been fixed. Opting for "Both Log file and ETW" while Configuring IIS Server will now ensure the logs are collected.

New in EventLog Analyzer 12.4.3 Build 12437 (Apr 4, 2024)

  • Issue Fix:
  • An issue with the Transport Layer Security (TLS) version dropdown in the mail settings page has been fixed.

New in EventLog Analyzer 12.4.3 Build 12435 (Mar 25, 2024)

  • Custom Log Format:
  • Users can now create custom log formats entailing multiple parsing rules. These log formats, along with their respective parsing rules, can be applied to any new or custom log sources that are added as syslog or via file import. This will streamline how users manage parsing rules for various log source types in the network.
  • Enhancements:
  • Custom log parsing:
  • Custom log parsing rule editing support provided. Users can edit the regex pattern, enable or disable rule, and modify fields.
  • Support for Duo Security Web v4 SDK:
  • Duo Security Web v4 SDK (Universal Prompt) support is given in Two-Factor Authentication. You can now configure Duo Security using Web v4 SDK as a secondary authentication factor to verify users when they log in to EventLog Analyzer. Duo security has announced end-of-life for Web v2 SDK on 30 March, 2024. We recommend all users to configure Web v4 SDK immediately.
  • Product Security:
  • Tomcat has been upgraded from 9.0.82 to 9.0.83. Tomcat's session timeout issue has been fixed in this upgrade.

New in EventLog Analyzer 12.2.4 Build 12414 (Feb 29, 2024)

  • Features:
  • Incident Workbench:
  • EventLog Analyzer now introduces an exclusive threat investigation console for advanced contextual analytics with multiple integrations. This console is called the 'Incident Workbench' and can be invoked from multiple dashboards of EventLog Analyzer. The features include the following:
  • User behavior analytics and activity overview
  • This analysis is offered through the integration of UEBA from Log360 suite
  • Process analytics
  • This analysis consists of process spawning with parent-child process trees available in multiple graphical formats.
  • Threat analytics
  • This analysis is offered through the integration of EventLog Analyzer's Advanced Threat Analytics for in-depth risk analysis of IPs, URLs, and Domains. Along with the threat analysis available under Log360 Cloud Threat Analytics, the integration of VirusTotal, one of the largest live threat feeds, is also introduced in this release and will be available in the Incident Workbench
  • Users can add upto 20 analytical tabs in a single instance of the Incident Workbench and can save it to Incidents as Threat Evidences.
  • Device summary:
  • EventLog Analyzers now introduces an analytical console to view the overall device summary events. This console can be invoked from multiple dashboards of EventLog Analyzer. Users can find event summary for the selected period, top active users, file monitoring events, device severity events, alerts summary, and activity overview for the applications configured in the device.
  • Enhancements:
  • Correlation rule package:
  • EventLog Analyzer now adds 50+ new predefined correlation rules complementing the new features released to level up threat detection. This new package includes rules for detecting suspicious process spawning, use of prevalent attacker tools like Mimikatz and Metasploit, and living off the land mechanisms with the exploitation of native binary tools and utilities.
  • ADMP workflow actions
  • EventLog Analyzer's workflow profile builder now supports Active Directory actions using ManageEngine ADManager Plus Integration. Users can take remedial actions using the pre-built workflow profiles to perform actions like enabling or disabling users and computers, resting user passwords, adding users to groups, and deleting users and computers.

New in EventLog Analyzer 12.2.4 Build 12430 (Feb 20, 2024)

  • Features:
  • Incident Workbench:
  • EventLog Analyzer now introduces an exclusive threat investigation console for advanced contextual analytics with multiple integrations. This console is called the 'Incident Workbench' and can be invoked from multiple dashboards of EventLog Analyzer. The features include the following:
  • User behavior analytics and activity overview
  • This analysis is offered through the integration of UEBA from Log360 suite
  • Process analytics
  • This analysis consists of process spawning with parent-child process trees available in multiple graphical formats.
  • Threat analytics
  • This analysis is offered through the integration of EventLog Analyzer's Advanced Threat Analytics for in-depth risk analysis of IPs, URLs, and Domains. Along with the threat analysis available under Log360 Cloud Threat Analytics, the integration of VirusTotal, one of the largest live threat feeds, is also introduced in this release and will be available in the Incident Workbench
  • Users can add upto 20 analytical tabs in a single instance of the Incident Workbench and can save it to Incidents as Threat Evidences.
  • Device summary:
  • EventLog Analyzers now introduces an analytical console to view the overall device summary events. This console can be invoked from multiple dashboards of EventLog Analyzer. Users can find event summary for the selected period, top active users, file monitoring events, device severity events, alerts summary, and activity overview for the applications configured in the device.
  • Enhancements:
  • Correlation rule package:
  • EventLog Analyzer now adds 50+ new predefined correlation rules complementing the new features released to level up threat detection. This new package includes rules for detecting suspicious process spawning, use of prevalent attacker tools like Mimikatz and Metasploit, and living off the land mechanisms with the exploitation of native binary tools and utilities.
  • ADMP workflow actions:
  • EventLog Analyzer's workflow profile builder now supports Active Directory actions using ManageEngine ADManager Plus Integration. Users can take remedial actions using the pre-built workflow profiles to perform actions like enabling or disabling users and computers, resting user passwords, adding users to groups, and deleting users and computers.

New in EventLog Analyzer 12.2.4 Build 12420 (Feb 16, 2024)

  • New Features:
  • Database settings:
  • Auto backup: You can schedule database backups through the user interface, and can restore the database as needed. Therefore, in the event of data loss or system failures, you can easily restore the databases and ensure business continuity.
  • Database migration
  • Database migration is supported in various ways, including from PostgreSQL to MS SQL, MS SQL to external PostgreSQL, MySQL to PostgreSQL, and MySQL to MS SQL. Migrating from an external database to the built-in PostgreSQL database is also supported now. For this migration, please contact the support team.
  • For this kindly contact the support team.
  • This capability will enable you to adapt and scale the infrastructure as per your needs, thus reducing operational costs and improving performance.
  • Password Policy:
  • In the Password Policy tab, you can now enforce password change requirements and restrict the reuse of passwords.
  • This enhances the data security levels for users, and reduces the risk of systems being compromised.
  • Issue Fixes:
  • An issue in importing ADSelfService Plus logs under ManageEngine applications has been fixed.

New in EventLog Analyzer 12.2.4 Build 12411 (Feb 7, 2024)

  • Enhancements:
  • HTTP Request action in Workflow builder now supports Headers. Headers can be used to pass additional information such as authorization tokens and content type specifications such as XML or JSON. This will help security teams to send HTTP requests to a wider range of targets while improving HTTP Request the flexibility and functionality.
  • Issue Fixes:
  • A log collection issue with respect to syslog headers while collecting syslog from Dell Switches has been fixed.
  • An issue that led to unarchived UNIX device logs being populated under Search, but not under Reports, has been fixed.
  • An issue with alerts not being triggered for devices added or moved to newly created device groups has been fixed.
  • The issue in generating scheduled All Devices reports has been fixed.
  • The following issues in log parsing have been fixed.
  • An issue in parsing IP fields from Sophos XG WAF logs has been fixed. You can now find the logs under Web filter reports.
  • An issue in parsing Mac address and IP address fields from DHCP log sources has been fixed.
  • An issue in parsing Trend Micro Cloud log format has been fixed.
  • An issue in parsing RFC-3339 format based Unix logs has been fixed.

New in EventLog Analyzer 12.2.4 Build 12400 (Dec 14, 2023)

  • Enhancements:
  • The public key certificate used for service pack upgrades has been updated. This will enable seamless application of upcoming service packs.

New in EventLog Analyzer 12.2.4 Build 12336 (Nov 29, 2023)

  • Integration with ManageEngine ITOM solutions:
  • EventLog Analyzer now supports log collection and report generation for the application logs(Access and Debug logs) for solutions from our ITOM suite such as OpManager, OpManager Plus and OpManager MSP.
  • Threat feeds integration:
  • EventLog Analyzer now offers Quick Deploy Servers to easily integrate and enhance the threat feeds.
  • Supported threat feed vendors:
  • AlienVault OTX
  • Cyware
  • IBM X-Force
  • Kaspersky Threat Intelligence
  • PulseDive
  • Sectrio
  • SecAlliance-ThreatMatch
  • EventLog Analyzer now supports custom STIX/TAXII servers.
  • Supported versions: STIX 1.x and STIX 2.x
  • ML based automation for alerts threshold:
  • EventLog Analyzer now offers smart threshold option for advanced alert configuration. This feature uses ML algorithms to analyze the usual occurrence of events and automatically determine the threshold values to trigger alerts. Compared to the manual option, the smart threshold option helps optimize the functioning of alerts by consistently reducing the false positives and steering towards improving the true positive triggers.
  • Enhancements:
  • Product Security:
  • In new Windows installations, user access permissions for the product's root folder has been modified. It can now be accessed only by the user who installed it, and the users in the administrators group with approved permanent access. This will provide enhanced security. Check out this document to learn more.
  • JSON Library used in the product has been upgraded to the latest version (json-20231013), thereby preventing a potential vulnerability (CVE-2023-5072).
  • The Tomcat version bundled within the product has been upgraded to 9.0.82 for enhanced security and performance.

New in EventLog Analyzer 12.2.4 Build 12331 (Nov 6, 2023)

  • Issue Fixes:
  • The issue in parsing Allowed and Denied Traffic reports from Meraki firewall sources has been fixed.
  • The issue with alerts not being triggered for custom parsed fields has been fixed. Users can now receive alerts from alert profiles built using custom fields.

New in EventLog Analyzer 12.2.4 Build 12330 (Oct 30, 2023)

  • New features:
  • Device and group-based log archival: You can now configure device(s)/group(s)-based log archival by creating multiple policies. This will help manage log storage more efficiently.
  • Log archival tool: You can use this tool to perform the following archival-related tasks from within the EventLog Analyzer UI:
  • Update archive path: The new location of the archived files can be updated when the archives are relocated from one location to another. This will help determine the quantity of archive files moved from a certain location, and whether or not the files were entirely transferred.
  • Update archive status: The integrity status of the archive file will be promptly verified and updated by clicking the refresh button located on the "Archive Data - Update Paths" page. This will make it simpler to assess if the archive files location is accurate or not.
  • Add missing archive entries: When the file is physically present but not reflected in the UI, the missing archive records can be added to the product. Reports can be generated only when the files are present in the UI. Thus, you can load the archives and generate the reports by adding the entries to the UI.
  • Rebuild elastic search indexes from archive: The archive logs will be directly indexed in the Elasticsearch. This will be helpful when the index logs need to be restored right away due to corruption or loss.
  • Enhancement:
  • Mail Server:
  • Mail Server authentication now supports OAuth and API protocols.
  • Introduced compatibility for Azure cloud source for China and US.

New in EventLog Analyzer 12.2.4 Build 12328 (Oct 20, 2023)

  • New feature:
  • New out-of-the-box compliance reports: Audit ready and out-of-the-box compliance reports are now available for the following compliance standards:
  • Qatar Cybersecurity Framework (QCF)
  • Trusted Information Security Assessment Exchange (TISAX)
  • Saudi Arabian Monetary Authority (SAMA)
  • Kingdom of Saudi Arabia Essential Cybersecurity Controls (KSA-ECC)
  • Saudi Arabia's Personal Data Protection Law (PDPL)
  • Criminal Justice Data Communications Network (CJDN)
  • United Arab Emirates National Electronic Security Authority (UAE-NESA)
  • Systems and Organization Controls 2 (SOC 2)
  • General Law for the Protection of Personal Data (LGPD)
  • These out-of-the-box compliance reports will help monitor the security posture of the network, and stay compliant to the respective compliance mandates.

New in EventLog Analyzer 12.2.4 Build 12326 (Oct 10, 2023)

  • A critical issue in log collection sync, which lead to the duplicate collection of Windows log whenever the ELA server restarted, has been fixed.

New in EventLog Analyzer 12.2.4 Build 12325 (Oct 2, 2023)

  • Issue Fixes:
  • Issue in showing Schedule Frequency Date Format under Edit Compliance Schedule has been fixed. Users can schedule on an hourly, daily, weekly and monthly basis and set the time frequency accordingly.
  • Issue in updating the Device Display Name field in the alerts page has been fixed. Users can now see the updated Device Display Name for the corresponding Alerts in the alerts page.
  • Parsing issues in the CISCO System Events report group has been resolved.
  • Parsing issues in the following Mitre ATT&CK reports have been resolved: - USB Device Plugged Report under Hardware Additions.
  • Enhancements:
  • JSON format has been added to Log Forwarding standards. JSON is more concise and lightweight, making parsing and log ingestion faster.
  • Host IP address macro has been added in alert notification mail. Users who receive alert emails will now have greater visibility.

New in EventLog Analyzer 12.2.4 Build 12324 (Sep 26, 2023)

  • Enhancements:
  • Retention setting for technician audit can now be configured in Retention Settings page.
  • The correlation performance has been enhanced to lower the detection latency.
  • Issue Fix:
  • The issue in editing, enabling, and sharing custom reports has been fixed.

New in EventLog Analyzer 12.2.4 Build 12322 (Aug 26, 2023)

  • Features:
  • Introduced the capability to integrate and monitor application logs from other ManageEngine (ME) applications, including ADManager Plus, ADAudit Plus, and ADSelfService Plus, via EventLog Analyzer.
  • Introduced support for Fortiweb logs.
  • Enhancements:
  • Resolved server output growth issues.
  • Fixed agent installation issues in Windows Server 2008.
  • Resolved false positive NodeDown notification issues. If integrated with Log360, NodeDown notifications might not work properly if Log360 isn't updated to its latest version.
  • Hot Fixes:
  • Parsing issues in Cisco Firepower FTD and PMP logs have been fixed.
  • Parsing issues in the following report types have been resolved:
  • Fortinet VPN session reports
  • MSSQL index reports
  • Barracuda VPN reports
  • Palo Alto VPN reports
  • CheckPoint firewall denied connection reports

New in EventLog Analyzer 12.2.4 Build 12321 (Aug 7, 2023)

  • Enhancements:
  • Get to know the compliance mandates that EventLog Analyzer adheres to in the Support tab.

New in EventLog Analyzer 12.2.4 Build 12320 (Jul 31, 2023)

  • Enhancements:
  • Elasticsearch will now automatically restart if it crashes.
  • Internal memory performance has been enhanced.
  • Backup data for the default threat server in air-gapped systems has been updated with the latest data.
  • Switching between disk-based threat storage and in-memory threat storage can now be done from the User Interface itself.
  • Minimum reputation score for Advanced Threat Analytics threat data can now be modified by the user.

New in EventLog Analyzer 12.2.4 Build 12320 (Jul 31, 2023)

  • Enhancements:
  • Elasticsearch will now automatically restart if it crashes.
  • Internal memory performance has been enhanced.
  • Backup data for the default threat server in air-gapped systems has been updated with the latest data.
  • Switching between disk-based threat storage and in-memory threat storage can now be done from the User Interface itself.
  • Minimum reputation score for Advanced Threat Analytics threat data can now be modified by the user.

New in EventLog Analyzer 12.2.4 Build 12306 (Jul 22, 2023)

  • Feature:
  • Default support for standard syslog protocol in Sophos format has been added.
  • Issue Fixes:
  • Deleted devices in Active Directory will not be shown in the Device Picker pop-up.
  • The synchronisation problem between EventLog Analyzer and Log360, caused by integrating Data Security Plus with Log360, has now been resolved.

New in EventLog Analyzer 12.2.4 Build 12304 (Jul 3, 2023)

  • Issues fixed:
  • This release fixes the log collector collapse reported due to the collection of logs with a future time stamp.
  • The performance issues due to real-time log collection have also been fixed.

New in EventLog Analyzer 12.2.4 Build 12303 (Jun 22, 2023)

  • Enhancements:
  • Minor enhancements in the EventLog Analyzer Dashboard and Reports GUI.
  • Collect Configuration Change Logs option has been added under IIS Servers tab in the Application Source Management page.
  • Configure manually option has been added for adding sites under IIS Servers tab in the Application Source Management page.
  • Issue fixes:
  • Hyper-V, IIS server, ESXI, Checkpoint, Huawei, SAP ERP, Juniper and MySQL log parsing issues have been fixed.
  • Minor fixes in the EventLog Analyzer Dashboard and Reports GUI.
  • Note: The enhancements and fixes for the Distributed Edition are the same as that of the Standalone edition.

New in EventLog Analyzer 12.2.4 Build 12302 (Jun 19, 2023)

  • This release fixes the TFA authentication bypass security vulnerability.

New in EventLog Analyzer 12.2.4 Build 12301 (Jun 16, 2023)

  • IP-based Access Restriction:
  • Users can now allow and restrict access to EventLog Analyzer on their premises for specific IP addresses or a range of IP addresses. Exceptions can be made to allow API calls and product URLs.

New in EventLog Analyzer 12.2.4 Build 12300 (May 20, 2023)

  • Features:
  • Ticketing Tool Status:
  • EventLog Analyzer now supports the following ticketing tools:
  • On-demand - ManageEngine ServiceDeskPlus Cloud, ManageEngine AlarmsOne, Jira ServiceDesk Cloud and Freshservice Cloud
  • On-premise - ManageEngine ServiceDeskPlus MSP
  • Users can view the ticket details and the live status fetched from the configured ticketing tools in the EventLog Analyzer Alerts page.
  • Use our help guide and learn how to configure the ticketing tools.
  • Delete/Update Alerts in Bulk:
  • Delete alerts or update alerts based on the selected criteria in bulk without any count limit.
  • Issue Fixes:
  • SSL Ciphers have been upgraded to support Forward Secrecy.

New in EventLog Analyzer 12.2.4 Build 12292 (May 17, 2023)

  • Issue fixes:
  • The issue where the Log Collector crashes when attempting to fetch Windows event logs with future timestamps has been resolved.
  • An issue that caused an empty search response when employing a 'contains' filter has been resolved.
  • The disassociation of agents that occurred during registration has been corrected.
  • Enhancements:
  • The option to archive tamper check will be removed upon reopening the current file to eliminate false positive archive tampering alerts.
  • The 72 hour log collection restriction when EventLog Analyzer is down and later resumed has been removed as customers prefer to collect all logs from the last message timestamp.

New in EventLog Analyzer 12.2.4 Build 12291 (May 6, 2023)

  • The out of memory issue has been fixed in larger environments.

New in EventLog Analyzer 12.2.4 Build 12290 (May 3, 2023)

  • New feature:
  • Enhanced threat detection and investigation analytics: Consolidated and intuitive analytical dashboard for MITRE ATT&CK matrix that displays the top used techniques, tactics, impacted systems, and more for quicker threat detection and investigation.

New in EventLog Analyzer 12.2.4 Build 12282 (Mar 25, 2023)

  • Fixes:
  • Log collector crash in the log collection filter module has been fixed.
  • The data load delay issue in the alert page has been fixed.

New in EventLog Analyzer 12.2.4 Build 12281 (Mar 13, 2023)

  • Enhancements:
  • Product will now automatically increase the heap allocated (when not sufficient) for Elasticsearch.
  • Support for ThreatFox domains in default threat server.
  • The version of Tomcat bundled with the product has been upgraded to 9.0.65.
  • The version of 7zip bundled with the product has been upgraded to 21.6.

New in EventLog Analyzer 12.2.4 Build 12280 (Feb 20, 2023)

  • EventLog Analyzer now supports AWS Cloud source logs.

New in EventLog Analyzer 12.2.4 Build 12275 (Feb 13, 2023)

  • Issue Fixes:
  • 'Wrapper in use' error that occurred while upgrading PPM has been fixed.

New in EventLog Analyzer 12.2.4 Build 12274 (Feb 3, 2023)

  • Eventlog Analyzer now monitors the data folder(s) of Search Engine (Elasticsearch) and will automatically stop indexing if the drive where the indexed data is stored, has only 5GB of disk space left. It will automatically start indexing once the drive is free.

New in EventLog Analyzer 12.2.4 Build 12273 (Jan 17, 2023)

  • Fixes:
  • The issue with enabling inherited devices from managed servers has been fixed.
  • Issues related to the IIS server site status have been fixed.
  • The hidden option to reload the domain object in the admin server has been resolved.
  • The graph data issue with the Sonicwall VPN login failed report has been fixed.
  • The issue with corrupt configuration files caused by a full disk has been fixed.
  • Issues in exporting devices from the log source page have been fixed.
  • The issue in adding domain users to the admin server has been fixed.
  • Agent upgrades can be performed manually without uninstalling and reinstalling.
  • The parsing issue in the Fortinet firewall logon session report has been fixed.
  • The parsing issue with the name field for EventID 4624 has been fixed.
  • Enhancements:
  • Transmission protocol conversion in Juniper logs has been introduced.
  • Huawei reports will now have Added Rule Name field.
  • MSSQL reports will now include Added Time field.
  • Changing the timezone in the system will now reflect in the product once you login to the account.

New in EventLog Analyzer 12.2.4 Build 12272 (Jan 9, 2023)

  • Issue fixes:
  • Synchronization issue with default threat and IP GeoSync has been fixed.

New in EventLog Analyzer 12.2.4 Build 12271 (Dec 30, 2022)

  • Issue fixes:
  • The issue in loading Log360's dashboard widgets in builds subsequent to 12242 has been fixed.

New in EventLog Analyzer 12.2.4 Build 12270 (Dec 16, 2022)

  • Features:
  • An Incident Overview dashboard has been introduced to provide insights on the status of incidents.
  • EventLog Analyzer now supports RestAPI to enable users of other applications to access and search for events from within its console.

New in EventLog Analyzer 12.2.4 Build 12261 (Dec 9, 2022)

  • Issue fixes:
  • An upgrade issue in 12260 has been fixed.
  • A bug in the File Integrity Monitoring feature in build 12260 has been fixed.
  • Issues related to manually installing agents with the Windows MSI file have been fixed.

New in EventLog Analyzer 12.2.4 Build 12260 (Dec 2, 2022)

  • Features:
  • Real-time log collection - Windows logs can now be collected in real time via agent-based and agent-less log collection.
  • Resource utilization - Users can monitor disk usage, log flow, RAM usage and CPU usage in EventLog Analyzer.
  • Connection Settings -
  • The Connection Settings page has been enhanced for better user experience.
  • Users can customize TLS and cipher versions for EventLog Analyzer if they choose a HTTPS application port.
  • The web server port where EventLog Analyzer is accessible in the browser, or EventLog Analyzer's internal ports such as UDP, TCP used for listening for syslogs can now be bound to a specific IP address.
  • Mail Settings - TLS version selection for mail server configuration is now supported.
  • Log Level Settings - Users can specify server log retention period in Eventlog Analyzer.
  • Active directory Device Cleanup -
  • Inventory Synchronization: When Windows devices are renamed in Active Directory, the updated names will also be reflected in EventLog Analyzer. When Windows devices are deleted from Active Directory, they will be shown as decommissioned devices in EventLog Analyzer.
  • Workflow Firewall Actions - EventLog Analyzer's workflow profile builder now supports Fortigate, PaloAlto Networks, SophosXG, and Barracuda firewalls. Users can take remedial actions such as adding deny access rules to these firewalls using pre-built workflow profiles.
  • Enhancements:
  • Log collection filter user interface has been enhanced to improve its usability.
  • Password and username can be simultaneously updated for multiple devices.
  • The IP address can be updated by refreshing all devices or selected devices in EventLog Analyzer.

New in EventLog Analyzer 12.2.4 Build 12251 (Nov 16, 2022)

  • New features:
  • In-app push notifications for security releases and vulnerability fixes have been introduced.
  • Issue fixes:
  • This release includes a fix for the reflected XSS in error page

New in EventLog Analyzer 12.2.4 Build 12242 (Oct 21, 2022)

  • The security vulnerability while using RemCom has now been fixed.

New in EventLog Analyzer 12.1.6 Build 12166 (Aug 17, 2021)

  • Fix :
  • EventLog Analyzer was not loading properly when accessed from Log360's apps pane. This issue was observed in builds released post 12160 and 5220 of EventLog Analyzer and Log360 respectively. It has now been fixed.
  • Note: The enhancements and fixes for the Distributed Edition are the same as that of the Standalone edition.

New in EventLog Analyzer 8.5 Build 8050 (Apr 26, 2013)

  • New Features:
  • File Integrity Monitoring (FIM) - Monitor the change activities of files and folders in a host
  • Enhancements:
  • The search results can be exported to CSV and PDF format reports
  • Server machine resources are checked and the user is warned for issues, before applying Service Pack
  • Log archiving process has been fine tuned. Now the file creations will be 12 hours or 250 MB file size limit and zip file creation will be 4 days or 8 files whichever is earlier
  • Cached logs processing made seamless
  • Out of memory error handling of EventLog Analyzer server have been made efficient. If memory consumption exceeds 80% (configurable) the logs are saved and if it exceeds 100%, server is restarted
  • Low disk space email alert to Administrator users and log collection will be stopped if the disk space is less than one GB
  • UI Enhancements:
  • Left pane width of the UI can be adjusted
  • 'Verify Login' screen, of Add Host feature, is enhanced with error messages and troubleshooting tips
  • Bug Fixes:
  • Running Update Manager as Admin user to apply Service Pack issue is fixed
  • Hosts searched for a selected profile
  • displayed the hosts in all the profiles. Fixed the issue
  • Fixed the issue of Security Events graph failed to load in Dashboard on certain instances
  • Fixed the issue of Compliance graph drill down failed to display the events on certain instances
  • If search is carried out on a single host, the result was displayed from all the hosts. Fixed the issue
  • Alert message in Email/ UI got truncated due to the presence '

New in EventLog Analyzer 8.0 Build 8000 (Dec 19, 2012)

  • New Features:
  • Log Search
  • Universal Log Parsing and Indexing (ULPI) using Log Field Extraction
  • Customizable dashboard widgets provide better visibility into network events, security events, event trend and event alerts
  • EventLog Analyzer users can now be imported from Active Directory groups
  • Viewing and scheduling 'User Based Reports' now support wild-card '*' characters for selecting users
  • Customized 'User Activity Reports' can now be edited from the 'My Reports' section of Reports tab
  • Added FTP Active Mode support for log file import
  • You can now revert the changes made during rebranding of EventLog Analyzer client
  • Additional standalone utility to index data (.dat file)
  • Enhancements:
  • Improved flexibility and functionality
  • Support for customizable dashboard views with drag and drop facility
  • Enhanced user experience provides better visibility into network user activities, policy violations, network anomalies, and network threats
  • Other Enhancements:
  • Improved the speed of Alerts display in the Alerts tab
  • Enhanced the alert email notification content and subject with 'Event ID' field
  • Enhanced the alert email notification content with 'Display Name' of the Host instead of 'DNS Name'

New in EventLog Analyzer 6.0 (Dec 10, 2009)

  • Performance tuning - unwanted sql loop (for distinct source/type) in custom report removed
  • Incorrect criteria shown on editing the Database Filter (only for MSSQL)
  • No Data Available message shown in PDF removed
  • Compliance report not generated if all the sub reports are selected
  • Large number of HOSTID and HOSTNAME in URL is removed
  • Custom report with range of event id
  • Password can be edited with a length of 5-20 characters
  • Test mail can be send to email id with '.' character in name
  • If SQL Server database connection is busy, able to regain the connection
  • Delete Archive in MSSQL installation
  • Log collection stops if 'Log contains' exceeds 250 characters in Alert Profile/Database Filters
  • Issue in new alerts generation
  • Check for getting process id string - limit exceed cause crash issue
  • Unnecessary refreshing of archive file page, when loading archive files
  • Memory leak issue in cisco/snare log parsing
  • Connection issue in linux installations (MSSQL changes)
  • Alert insertion issue when message has quote
  • Display Vs Hostname conflict in importing application log
  • Issue in condition matching and-or criteria for application log reports
  • Log message (application log) cleanup (newline/tab) before indexing
  • Issue in getting/update audit id in agent
  • Snare bug fix for alerts and filters when header is not set
  • Daylight Saving Time flag change issue
  • Memory leak when bad snare messages were received
  • Snare syslog forwarder support - hostname in log to be used
  • Windows server info and timestamp on startup
  • User deletion will result in reports deletion - issue in recreating the report
  • Guest User has the option to view all user audits (including admin)
  • Custom Report - group selection issue - indexOf selects all groups starts with char