Added new option to use the new Checksum method to verify if the LastRecord is still valid. This option can be set in each EventLogType. We also had to redesign the Client advanced options form, as all the options did not fit into it anymore. This option will prevent you from modifying the LastRecord value which means if you change the LastRecord value, the whole EventLog will be reprocessed!
Please note that this behaviour is by design and can not be avoided. So we recommend to use this feature only if you intend to double check if the nLastRecord value is valid.
Added a new property replacer option “csv”, exsample: %variable:::csv%. This option will create a valid CSV string, for example a string like this this is a “test”! becomes this “this is a “”test””!” where quotes are replaced with double quotes.
– Fixed a bug in the SIDCache which could lead to wrong resolved SID’s in EventLog messages with more the one SID. Usually the second resolved SID could be resolved wrong.
– A problem existed with the advanced option “Remove Control Characters from String Parameters”. Due the removal of control characters, compiling complex events messages (most likely high detailed security events) could result in garbage events. The Problem has been fixed by replacing (rather then removing) the control characters with spaces. Note that only ONE space will be used for a sequence of control characters.
– Fixed a bug which could lead to internal problems while compiling an EventLog Entry. This only happened in very seldom cases.
When using an UNC Path in the WriteFile Action with a path on a network share which did not exist before, the WriteFile Action failed to automatically create the pathes. This bug has been fixed now, the directories are created recursive on network shares (UNC Path) as needed.