A new Service has been added to fully support the new EventLog of Windows Vista. Currently the Service is just called EventLog Monitor V2 and can only be configured and used on Windows Vista or Windows Longhorn Server. This new Service fully supports the new EventLog structure, the new Channels and so on. Please note that this is the initial release of the new EventLog Monitor, slight enhancements and changes will follow in future versions. Currently we fully support Serviced Channels only, which also includes all classic EventLogs. To gain support for fully reading the new Vista EventLog, we highly recommend to use the new Service.
Added Support for dropping control characters from the event log monitor event parameter insert strings and event categories.
Added full support for Windows Vista. Which includes enhancing the Installer and the EventReporter Service. If you use the x64 Version of Vista, you will have to use x64 Version of EventReporter to get the best EventLog reading support.
Forward Syslog Action
Added support for sending syslog messages in compressed form using zlib. Added support for syslog-transport-tls framing in the syslog sender when used with tcp and compression (the framing itself can not yet be forced)
Send SETP Action
Changed Errorreporting style. Previous for every failed connection try, an error Event was generated with Event ID 1005. Now there will only be ONE error on the first occurence of the connection problem. Once the connection is established again, a Success Event (Type Information) will be logged with ID 1012.
Added support for MSSQL Stored Procedures. You can now select between an INSERT and Call Statement, which is Microsoft specific for stored procedures. This means also this type of SQL statement will only work if MSSQL is used as database. If you select MSSQL Call Statement, the tablename field will automatically be used as stored procedure name. Make sure to sort the parameters in the right order, otherwise the Action will fail.
Added new Option in the General (Engine specific) Options to control the Rule Exception handling when a Rule processing fails.
– Fixed a bug in EventLog Monitor in the SID resolving facility. If an event had more than 1 SID to resolve, the resolved names became the same.
– Fixed a bug in the x64 build which could cause problems resolving sids in seldom cases.
Fixed a bug when Source replacement was enabled. Only the first Source was correctly replaced, but not the following sources.