– Added support for sending multiple messages over a persistent syslog/TCP connection.
– Added capability to force -transport-tls like octet-counted framing for syslog/TCP connections.
– Added a new major feature into this Action, Diskqueue. This new option is only available for TCP based Syslog. Whenever a connection to a remote syslog server failes, the action starts caching the syslog messages in a local temp file. The folder for these files can be configured. You do not need to worry about multiple Actions using this feature, the filenames are generated using a unique GUID which is automatically generated for each Action. Once the Syslog target becomes available again, the cached messages are being sent automatically. If you restart the Service while the Syslog Cache was active, it cannot be checked during service startup if the Syslog target is available now. Once the action is called again, the check is done and if the syslog target is available, the messages are being sent. The size of this cache is only limited by the disk size. Files are splitted by 10MB by default, but this can also be configured. The maximum supported file size is 2GB.
TCP Based Actions (Forward Syslog, Send Email)
Added a Send/Receive TimeOut of 30 seconds into these actions to avoid possible lockdowns of a service. So applies only if the Syslog Action was configured with TCP.
– Added support for Resolving ActiveDirectory Schema GUID’s as some Security Events on Domain Controllers have them. For Example Event 565, which usually has a lot of these Schema GUID’s! The GUID’s are internally cached to speed up EventLog processing operations.
– The EventLog can now be automatically cleared (either after n number of polling cycles or after a specified hour). It also possible to backup the eventlog before deleting it. Please note that an empty log may also be saved just after a clear. So far, applies to Event Log Monitor V1 only.
– Added an option to force using local eventlog message libraries instead of the remote machines ones. Somethimes local event sources are more reliable, or required for Thirdparty EventLog implementations.
– Added an advanced option for better Thirdparty EventLog support. It is used to set default buffer for EventLog entries. For thirdparty eventlog implementations like NetApp, we recommend a higher default buffer of at least 65536 bytes. To avoid missunderstanding, this new feature _DOES NOT_ limit the maximum size of EventLog messages in any kind!
– Added support to process automatically Backup LogFiles. For more Information about these Backupfiles read KB312571: The event log stops logging events before reaching the maximum log size. If the AutoBackupLogFiles is configured in the registry, Windows will automatically create EventLog Backupfiles once the configured size is reached. The EventLog Monitor will find these files and process them.
Core / Command Line
Added a new command line option -o. This MUST be specified together with -r and MUST be immediately after -r (as the second option). If specified, the service does a single run of InforSources supporting that property and then terminates. So far, only the event log monitor supports this option.
Forward Syslog/Setp Action
It is now possible to configure a service name for the port instead of a number only. This service name will be used to make a port lookup in the system services file. This feature was added by a customer request.
The Win32 and x64 edition are now unified in one installation package! This means ONE Setup, both editions – automatically detected during the installation. So if you install MonitorWare Agent on a Win32 based System, the Win32 Version of the Service will be installed. If you install MonitorWare Agent on a x64 based system, the x64 Version of the service will be installed.
Added new special Filter called “FileExists”, this filter kindly checks if a file does exist or not.
Fixed a bug which trunscated message to zero when EUC-JP Encoding was enabled for output. This problem occured in the FileWrite and Forward Syslog Action, and possibly in other Actions as well.