Readme File Corner Bowl Log Manager 2011 Thu, 19 Jan 2012 21:38:02 MST Copyright (c) 2002-2012 Corner Bowl Software Corporation. All Rights Reserved. This document provides late-breaking or other information that supplements the software documentation. --------------------------------------------------------------------------- Build Notes --------------------------------------------------------------------------- --------------------------------------------------------------------------- Build 11.0.0.87 - Thu, 19 Jan 2012 21:35:18 MST Fixed list view bug added auto db create functions --------------------------------------------------------------------------- Recently we introduced a bug into the list view control which rendered the custom column popup box useless. This bug has been fixed. Previously when setting up SQL Server or MySQL users were required to create the database manually. The software now automatically creates the database if it does not exist. Please note this function requires sa or root access to the database. --------------------------------------------------------------------------- Build 11.0.0.86 - Sun, 15 Jan 2012 12:58:01 MST Made minor user interface enhancements --------------------------------------------------------------------------- Previously when using the Actions Manager or Filters Manager the currently selected object was not assigned to the combo-box which was associated with the opening of the form. This was quite annoying and required the user to manually select a newly created filter or selected filter within the combo-box. The object is now automatically selected within the combo-box. --------------------------------------------------------------------------- Build 11.0.0.85 - Wed, 11 Jan 2012 13:50:21 MST Added truncate now function --------------------------------------------------------------------------- Users can now notify the service to truncate any configured consolidated log via the Properties or Log Management Wizard. From the Log Retention Policy tab or Entry Retention Polices page click the 'Queue the service to Truncate Now' button. --------------------------------------------------------------------------- Build 11.0.0.84 - Wed, 04 Jan 2012 13:20:26 MST Fixed filter criteria copy bugs --------------------------------------------------------------------------- Previously users were unable to copy text log filter criteria to another filter. This bug has been fixed. Previously when appending complex filter criteria to another complex filter the closing parenthesis was not created. This bug has been fixed. Previously the Event Log and syslog real-time email alerts did not contain the filter name in the header. The HTML template files have been updated to include the filter within the header. Previously when viewing the Syslog Properties dialog and the log repository was off line the configuration pages did not populate. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.83 - Wed, 14 Dec 2011 15:50:04 MST Fixed Schedule Distributor bugs and updated Start Process action --------------------------------------------------------------------------- Previously there were several bugs in the schedule distributor algorithm as well as the user interface. These bugs have been fixed. The Start Process action now includes the option to set the maximum execution count when the command-line has a variable tag such as {HOST} or {MESSAGE}. The default and previous value was 20. Users can increase the value to as high as 0xFFFF however a value of 2000 should never be exceeded. --------------------------------------------------------------------------- Build 11.0.0.82 - Mon, 24 Oct 2011 11:06:49 MDT Added WMI Quota Configuration Function --------------------------------------------------------------------------- In an effort to enable users to quickly resolve WMI Quota Violation errors users can now increase WMI Quota settings via the Options dialog of Log Manager. Previously when attempting to view the Windows Event Log Properties page within the Event Log Properties dialog from a Server 2003 computer to a Server 2008 computer the application would thrown an "Operation is not supported on this platform" error. This bug has been fixed. The Troubleshooting section of the help file has been significantly updated. --------------------------------------------------------------------------- Build 11.0.0.81 - Wed, 19 Oct 2011 10:18:24 MDT Made some minor updates to the help file --------------------------------------------------------------------------- Quite a while a go several menu items were renamed however the help documentation and tutorials where not updated to reflect the changes. The help and tutorials have now been updated. --------------------------------------------------------------------------- Build 11.0.0.80 - Thu, 22 Sep 2011 13:02:04 MDT Fixed error report data management bug --------------------------------------------------------------------------- Previously when truncating or archiving a log within the log repository if an error was thrown the Error Report did show the sub-component that failed. The Error Report now shows the truncate/archive function failed followed by the error. --------------------------------------------------------------------------- Build 11.0.0.79 - Tue, 20 Sep 2011 13:12:06 MDT Significantly improved text log consolidation speed --------------------------------------------------------------------------- Previously text log consolidation was inefficiently consolidating entries. The algorithm has been updated to resolve these issue. --------------------------------------------------------------------------- Build 11.0.0.78 - Wed, 07 Sep 2011 14:08:45 MDT Added event log download workaround --------------------------------------------------------------------------- Previously if a remote server returned an Event Log entry outside the requested date/time range the download would immediately stop if consolidating to the file system or post consolidation filters were assigned. The software now works around this WMI bug. --------------------------------------------------------------------------- Build 11.0.0.77 - Mon, 29 Aug 2011 09:15:23 MDT Added filters.dat redirect option --------------------------------------------------------------------------- Users can now share filter configurations between installations. To enable sharing search your application data directory for a file called filters.dat. On Windows Server 2008 this is typically c:\programdata\CornerBowl\Log Manager\filters.dat. Create a new file called filters.dat.redirect. Open the new file in a text editor such as notepad and type the UNC path that contains the target location. For example, \\servername\c$\Log Manager. Save the file then restart both the Corner Bowl Log Manager service and user interface. --------------------------------------------------------------------------- Build 11.0.0.76 - Fri, 12 Aug 2011 14:28:30 MDT Fixed more Windows 7 display bugs --------------------------------------------------------------------------- Upon further review we found several dialogs that did not properly draw when running Windows 7 with the display set to 125%. These bugs have been resolved. --------------------------------------------------------------------------- Build 11.0.0.75 - Thu, 11 Aug 2011 03:32:09 MDT Added a new Event Log view --------------------------------------------------------------------------- Previously the Event Log viewer was limited to a minimum of one day per page. When attempting to view large logs such as those on 2008 domain controllers where 100s of thousands of entries are generated each day this caused the view to display very slowly. A new view has been added so users can page through 10000 entries at a time. Previously the Manual Event Log Management Output window displayed a new tree node every 1000 entries that were downloaded. When downloading large logs the tree view would become virtually impossible to read. When appropriate the tree view now replaces the similar nodes with the latest stats. Previously on Windows 7 if a user changed the display to 125% some of the wizards did not display correctly. These bugs have been fixed. --------------------------------------------------------------------------- Build 11.0.0.74 - Thu, 04 Aug 2011 10:15:00 MDT Added File -> Open .elf support and fixed a log repository file system bug --------------------------------------------------------------------------- Users can now open any Event Log Repository file (.elf) from the File menu item. Previously when setting a computers clock back in time and saving Event Logs to the Log Repository using Corner Bowl's file format entries may have been stored out of order specifically when the next download contained entries written prior to and after the clock change. --------------------------------------------------------------------------- Build 11.0.0.73 - Fri, 22 Jul 2011 10:10:19 MDT Fixed state file bug --------------------------------------------------------------------------- Previously if a state file was created with no content the both the service and user interface would throw an IO error while reading the file. We are continuing to look into how a zero byte state file could be created however the software now properly handles the error situation. --------------------------------------------------------------------------- Build 11.0.0.72 - Mon, 18 Jul 2011 15:06:12 MDT Fixed text log monitor configuration bug --------------------------------------------------------------------------- Previously on certain systems when adding a new text log monitor to a computer which already contains another text log monitor, all pre-existing text log monitors were removed. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.71 - Wed, 13 Jul 2011 10:30:13 MDT Fixed Error Report Bug --------------------------------------------------------------------------- Previously if error notification was disabled the errors were not propagated to the Error Report. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.70 - Tue, 12 Jul 2011 15:29:02 MDT Added 2 tutorials to the help file and fixed a code signing bug --------------------------------------------------------------------------- 2 new tutorials have been added to the help file. Previously when installing this software or rebooting the server, the service may have failed to start on some systems. We thought we had fully resolved this issue by removing the code signature from the service binary however it appears all dependent dlls must also be unsigned. This issue has been worked around. --------------------------------------------------------------------------- Build 11.0.0.69 - Tue, 05 Jul 2011 08:58:14 MDT Made minor changes to help file --------------------------------------------------------------------------- Several updates have been made to the troubleshooting section within the help file. --------------------------------------------------------------------------- Build 11.0.0.68 - Tue, 28 Jun 2011 10:35:30 MDT Fixed unicode text log monitor bug --------------------------------------------------------------------------- Previously when monitoring Unicode text log files such as SQL Server's Error log the file was incorrectly opened in UTF8 format. The initial read works as expected, however subsequent reads fail. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.67 - Mon, 27 Jun 2011 11:32:32 MDT Fixed a Server 2008 R2 installation bug --------------------------------------------------------------------------- Previously when installing to Server 2008 R2 if the Application Server Role was not installed the service would fail to start and the installation would fail. The installation now checks for the existence of the Application Server Role when installed to Server 2008 R2 or higher. --------------------------------------------------------------------------- Build 11.0.0.66 - Fri, 24 Jun 2011 14:53:02 MDT Fixed log consolidation bug --------------------------------------------------------------------------- Previously when saving large log entries there was a very small window which could cause the consolidation to fail. This error occurred when the message exceeded the maximum column size. In this case the message was escaped prior to truncating the message. If the last character within the truncated message was an escaped character such as ' the insert would fail. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.64 - Thu, 23 Jun 2011 15:10:20 MDT Made several UI enhancements to the complex filter configuration dialogs --------------------------------------------------------------------------- Previously adding groups and moving criteria was extremely difficult when attempting to create complex filter criteria. The user interface has been updated so criteria can be moved into child groups. A button has been added enabling the selected criteria to be wrapped within a group. The logical and Not operators can now be changed by selecting the target group, changing the logical or Not operands then clicking Apply. Finally when the dialog is closed if a criteria has been created but not applied the criteria is automatically applied. --------------------------------------------------------------------------- Build 11.0.0.63 - Tue, 21 Jun 2011 21:35:54 MDT Fixed start process UI bug --------------------------------------------------------------------------- Previously when browsing for the file to remote execute when configuring a start process action an error was thrown. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.61 - Sun, 19 Jun 2011 11:52:23 MDT Added function to open .log and .txt files without creating a monitor --------------------------------------------------------------------------- Previously users were required to create a log monitor anytime they wanted to open and review a log file. The user interface has been modified so users can now open a text log file from the File -> Open menu item. When opened users are prompted to specify the entry pattern recognition rules. Once specified the file is opened for review. Users can now open .log and .txt files from within Windows Explorer. From Windows Explorer, right click on the log file and select Open With. Navigate to 'c:\program files\corner bowl software\log manager' then select cblmui.exe. --------------------------------------------------------------------------- Build 11.0.0.60 - Fri, 17 Jun 2011 10:40:03 MDT Fixed XML output bug --------------------------------------------------------------------------- Previously when exporting Failed Logon or Success Logon reports to XML several attributes contained spaces within the name which caused a validation error. This bug has been fixed. Previously when right clicking on an archived consolidated log and selecting Properties -> Consolidated Log, the properties displayed were for the primary consolidated log. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.59 - Thu, 16 Jun 2011 11:19:30 MDT Add on-demand print option for all Security Event Log reports --------------------------------------------------------------------------- All Security Event Log Reports can now be exported and printed on-demand. In an effort to remove noise from the service log file we removed the 'previous download is already running' message from Event Log consolidation algorithm. The message will appear when run in verbose mode. The Event Log consolidation algorithm was also updated to reduce the download status output from every 250 messages to every 1000 messages. --------------------------------------------------------------------------- Build 11.0.0.58 - Fri, 10 Jun 2011 06:21:41 MDT Fixed installation bug --------------------------------------------------------------------------- Previously the service may have failed to start after a reboot if the Cryptographic Service was slow to start. According to Microsoft this occurs because the service binary is digitally signed. The solution Microsoft has provided to the community is to exclude code signing from all Windows Services. The service binary is no longer signed. --------------------------------------------------------------------------- Build 11.0.0.57 - Thu, 09 Jun 2011 22:04:34 MDT --------------------------------------------------------------------------- Made several significant performance enhancements Previously the download algorithm always sorted the entries prior to executing post consolidation filters. This often caused out of memory error to get thrown. With minor modifications we were able to remove the sort requirement to after the entries are filtered. Entries are still sorted, however, if using the file system to store entries. Assuming a non-blank filter this format should significantly reduce the download overhead. Several Server 2008, Windows 7 and Vista Security Log Entries are now parsed prior to saving them. Once parsed extra generic informational data that resides at the bottom of the entry is removed. Our testing showed a net effect of approximately a 40% savings in required disk space and a slightly faster consolidation speed. The list view controls we use throughout the software did not properly redraw the embedded scrollbars when the control was not visible and the application was resized. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.56 - Thu, 02 Jun 2011 12:07:04 MDT Fixed text log directory monitor UI bug --------------------------------------------------------------------------- Previously the idle file monitor page with the text log directory monitor wizard had the incorrect header strings. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.55 - Wed, 01 Jun 2011 11:22:01 MDT Fixed auto clear error bug --------------------------------------------------------------------------- Previously configured error alert suppression did not properly clear when the monitor was scheduled to run at a frequency faster than the auto clear frequency. This caused alerts to continually be suppressed. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.54 - Thu, 26 May 2011 00:21:02 MDT Added host importer --------------------------------------------------------------------------- Users can now import a lists of hosts from either a text or CSV file and assign Event Log, Syslog, Text Log and Text Log Directory Templates. To import a list of computers select Tools -> Import Computer List. Previously when downloading Event Logs and saving to SQL Server using Windows Authentication if the account the service was running under did not have access to the database a logon failure error was thrown. The error was somewhat confusing because it did not explicitly callout which function (Database or remote WMI request) threw the logon error. The error includes more information that should be quite a bit more helpful. --------------------------------------------------------------------------- Build 11.0.0.53 - Fri, 20 May 2011 10:40:16 MDT Fixed schedule distributor bug --------------------------------------------------------------------------- Previously the schedule distributor did not properly distribute minutes and every X hour schedules where X is > 1. These bugs have been fixed. --------------------------------------------------------------------------- Build 11.0.0.52 - Wed, 11 May 2011 12:03:09 MDT Fixed text log entry delimiter update bug --------------------------------------------------------------------------- Previously when changing the text log entry delimiter for a directory monitor the user interface did not properly update. This bug has been fixed. Please note whenever an entry delimiter is updated all dependent log views must be re-opened for changes to take effect. --------------------------------------------------------------------------- Build 11.0.0.51 - Thu, 05 May 2011 14:24:28 MDT Optimized several SQL Server database tables and queries --------------------------------------------------------------------------- Previously when archiving to SQL Server from a SQL Server log repository the data was ordered. The order is not necessary and has been removed. Previously after adding the Event Log and Syslog property pages the right click popup menu items failed to open within the Event Log and Syslog Error Reports. This bug has been fixed. The help popup controls found through out the UI has been updated to display the popup after the mouse hovers for more than 200 milliseconds. --------------------------------------------------------------------------- Build 11.0.0.47 - Mon, 04 Apr 2011 11:59:28 MDT Fixed Logon/Logoff Report bug --------------------------------------------------------------------------- Previously Logon/Logoff reports incorrecly reported the caller domain instead of the domain when displaying the reports from Server 2003, Vista, XP, 2000, and NT computers. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.46 - Wed, 30 Mar 2011 23:06:55 MDT Fixed encryption bug --------------------------------------------------------------------------- Previously if FIPS compliance was enabled the service failed to start. This typically manifests itself during installation as a service start failure. Upon inspection of the service log file the following error is written: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.45 - Thu, 24 Mar 2011 09:48:57 MDT Fixed EVT import bug --------------------------------------------------------------------------- Previously when importing an EVT file, but not an EVTX file, and using our file system format to store consolidated logs the data was inserted in the wrong sort direction. This rendered the software unable to properly display and report against the data. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.43 - Wed, 16 Mar 2011 22:56:06 MDT Fixed several bugs user interface bugs --------------------------------------------------------------------------- In build 41 we added the ability to assign a group to a report however when configuring a Standard or Frequency Event Log Report the wizard did not display the available logs for the group. This bug has been fixed. In build 41 we added an Idle File Monitor however this monitor's configuration was not added to the Text Log and Text Log Directory Template configuration pages. This bug has been fixed. There were several annoying scroll issues related to the list control. These bugs have been resolved. --------------------------------------------------------------------------- Build 11.0.0.42 - Tue, 15 Mar 2011 05:21:42 MDT Fixed significant text log monitor bug recently introduced --------------------------------------------------------------------------- Build 36 introduced a bug which potentially corrupts the text log monitor and text log directory monitor internal state files. This build detects the potentially corrupt files and recreates them. --------------------------------------------------------------------------- Build 11.0.0.41 - Tue, 15 Mar 2011 20:52:27 MDT Added idle file monitor and group support reports --------------------------------------------------------------------------- Log Manager now includes an idle file monitor enabling system administrators to get notified when an application server shuts down, hangs or crashes. To create an idle file monitor select New Monitor from the File menu item. Configure a new Text Log or Text Log Directory monitor. Click through to the Configure Idle File Monitor page. Previously when clearing a file size monitor for a text log directory monitor the Configuration Explorer pane was not properly updated. This bug has been fixed. Previously when viewing an Event Log and attempting to append an entry to an existing filter the Filter Selected Entries dialog incorrectly listed our canned security log filters. Only simple and complex Event Log filters can be appended too. This bug has been fixed. Previously when configuring a database action users were able to erroneously select the default file system log repository. The UI now only permits database configurations to be selected. Previously when mapping a computer to monitor a text log file the map computer dialog incorrectly attempted to access Event Logs on the remote computer. The dialog now attempts to read the available shares using Windows Networking. Users can now assign groups to reports enabling computers automatically added to reports when added to a new group. --------------------------------------------------------------------------- Build 11.0.0.36 - Sat, 19 Feb 2011 08:45:43 MST Overhauled template management functions --------------------------------------------------------------------------- Users can now create, view and delete configuration templates from within the configuration wizards and the Auto Configurator. --------------------------------------------------------------------------- Build 11.0.0.35 - Fri, 11 Feb 2011 13:00:38 MST Added a new text log monitor property page dialog --------------------------------------------------------------------------- We have added a text log monitor properties page dialog enabling users to re-configure text log monitors using property pages. The text log size monitor wizard page has been updated to include the current file size as well as all size state information recorded during the previous scan. Users can also now clear triggered size alerts from within the wizard. Several menu bar commands have been added, moved, icons updated and text updated. Previously when a file size alert was fired the threshold value was typically displayed incorrectly. This bug has been fixed. Previously when displaying a consolidated directory monitor log that has been removed from the Configuration Explorer an object reference error was thrown. This bug has been fixed. Previously the user interface based actions would not fire for text log size monitor alerts. This bug has been fixed. Previously when an Event Log was assigned to an Account Management or Logon/Logoff Security report the Assigned Reports page within the Event Log Management Wizard and Event Log Property Tabs dialogs did not show the assignment. This bug has been fixed. Previously when restoring a configuration to a new computer the monitor dependent state files were not immediately created. This caused several significant errors that may or may not self-resolve depending on how the monitors are configured. The most common issue discovered was all scheduled functionality was immediately executed regardless of the schedule. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.31 - Tue, 01 Feb 2011 22:16:19 MST Fixed 2 Significant Event Log Management Bugs --------------------------------------------------------------------------- Previously the Event Log Account Management reports would only run when manually executed. This bug has been fixed. Previously Event Log backups failed if the final backup directory did not exist. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.30 - Mon, 31 Jan 2011 22:43:26 MST Added Syslog Property Pages Dialog --------------------------------------------------------------------------- In an effort to simplify Syslog management users can now re-configure Syslogs using a new Syslog Property Pages dialog. Added a clear option to the Syslog Backup function enabling users not interested in retaining data to the log repository to immediately remove the data once backed up, compressed and encrypted. Updated several of the configuration validation error messages. --------------------------------------------------------------------------- Build 11.0.0.29 - Sun, 30 Jan 2011 09:56:15 MST Fixed friendly name service update bug --------------------------------------------------------------------------- Previously several internal variables such as friendly name required the service to restart for the changes to take effect. This bug has been fixed. Made several usability changes to the Schedule Distributor. --------------------------------------------------------------------------- Build 11.0.0.28 - Thu, 20 Jan 2011 21:07:37 MST Added day and time filter support --------------------------------------------------------------------------- Users can now create filters that only include or exclude specific days of the week. Users can now filter entries from reports based on the day of week. To add day of week criteria, open the Report Properties Wizard. Click through to the Day and Time Exclusions page. Add as many exclusions as necessary. Previously when monitoring a directory that contained date information (e.g. c:\logs\2011_01\) when the directory no longer matched the mask (e.g. when the next month starts) the previously monitored files were not read prior to shutting down the directory monitor. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.26 - Thu, 13 Jan 2011 00:01:11 MST Added filter copy to function --------------------------------------------------------------------------- Users can now copy and append existing filter criteria to other pre-existing filters. To copy criteria from one filter to another, select Tools | Configure Filters. From the Filters Manager select the simple or complex Event Log filter, syslog filter, or text log filter and click Copy To. When prompted select the target filter. The currently selected filter's criteria will be appended to the target filter. --------------------------------------------------------------------------- Build 11.0.0.25 - Wed, 12 Jan 2011 19:19:56 MST Added Assign Group function --------------------------------------------------------------------------- Users can now assign multiple computers to a group from within the Configuration Explorer. To assign multiple computers to a group select the Configuration Explorer pane from within the Navigation view, choose Sort by Computer, select the computers to assign, right click and then select Assign Group. --------------------------------------------------------------------------- Build 11.0.0.24 - Fri, 07 Jan 2011 10:17:02 MST Added recursive Active Directory search --------------------------------------------------------------------------- The Browse Active Directory dialog now enables users to recursively scan and apply an Active Directory filter to each discovered computer. Previously the Auto Configurator did not properly assign computers to groups. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.23 - Mon, 03 Jan 2011 13:41:40 MST Fixed text log report bug --------------------------------------------------------------------------- Previously when attempting to run a report against a consolidated text log that resides within a date based directory the report would fail with an Illegal characters in path error. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.22 - Mon, 27 Dec 2010 09:23:53 MST Added Auto Configurator filter mechanism --------------------------------------------------------------------------- Uses can now configure the Auto Configurator to include a single filter to apply when scanning an Active Directory tree. When applied only computers that pass the filter are configured. Previously the Logon report did not properly apply the day of week and time of day filter exclusion rules. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.21 - Wed, 15 Dec 2010 09:17:32 MST Added Event Log Properties Tabs --------------------------------------------------------------------------- Previously when re-configuring Event Logs, users were required to navigate through the entries wizard until they reached the page of interest. An Event Log Properties Tab form has been added to the software which now enables users to simply select the tab of interest rather than clicking through the wizard. Previously when right clicking on a Log Repository node and selecting Properties, nothing happened. The user interface now loads a properties dialog which contains configuration information along with log counts. Users can now test scheduled reports immediately by selecting an option within the General Page of the Report Wizard. Previously the command timeout and connection timeout values found within the Data Providers tab within the Options dialog used Spin Controls. These controls are difficult to use and have been replaced by simple Text Box controls. The Auxiliary (Backup) log repository tree node icons have been changed from bright blue to white and gray. Previously scheduled reports that were configured to display the last x hours of data did not display the correct date range within the header. This bug has been fixed. Previously Security Event Log reports dropped entries that existed in the last second of the date and time range. This bug has been fixed. Previously the Security Event Log Properties Wizards did not check the file backup option when enabled. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.19 - Mon, 06 Dec 2010 10:24:57 MST Updated the configuration templates --------------------------------------------------------------------------- Previously the Group was not saved to the configuration templates. This bug has been fixed. Users can now include a description when creating a template. When assigning a template, the template details are now displayed enabling users to more easily identify the settings they are applying prior to committing the changes. --------------------------------------------------------------------------- Build 11.0.0.18 - Fri, 26 Nov 2010 02:13:09 MST Created 64-Bit Installer --------------------------------------------------------------------------- Log Manager is now offered with a native 64-bit installer. Previously SNMP traps did not fire on Server 2008 and Vista. This bug has been fixed. Previously when exporting Security Event Log reports to a directory using the {DATE} tag, the export failed to create the path. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.15 - Tue, 23 Nov 2010 14:15:25 MST Fixed object reference error in Event Log Management Wizard --------------------------------------------------------------------------- Previously if a user specified an illegal filename, such as \\servername\logs, when configuring EVT/X file backup an object reference error was thrown. This is now caught and a meaningful error thrown. --------------------------------------------------------------------------- Build 11.0.0.14 - Wed, 17 Nov 2010 00:17:02 MST Fixed log properties dialog and install bug --------------------------------------------------------------------------- Previously when right clicking on a Text Log Monitor and selecting properties, an error was throw stating an Oracle client library could not be loaded. This bug has been resolved. Previously the desktop shortcut would reinstall itself during a patch even if the user had deleted the shortcut from the desktop. This bug has been fixed. --------------------------------------------------------------------------- Build 11.0.0.13 - Tue, 16 Nov 2010 14:53:38 MST Added exclusion periods support to all Event Log Security reports --------------------------------------------------------------------------- Previously users were unable to target specific days of the week and times of the day when running Event Log Security reports. Per user requests, all Event Log Security reports can not exclude specific days of the week and/or times of the day. For example a success logon report can be generated for every Wednesday between at 10:00 PM and Thursday at 2:00 AM. When importing Event Log backups (.evt and .evtx) files uses can now apply a filter to limit the entries imported. Once complete, the results are now displayed within the status dialog. When managing a high number of machines, for example 1500 computers or devices, the user interface was very slow to load and update after a configuration change. The user interface has been optimized for high numbers of Event Logs and Syslogs. We are still looking into a solution for text logs. --------------------------------------------------------------------------- Build 11.0.0.10 - Sun, 14 Nov 2010 21:29:21 MST Added popup help control --------------------------------------------------------------------------- We added a popup help control to the text log and text log directory configuration wizards to provide users with inline help that will hopefully help users better understand how to configure the software to meet their requirements. --------------------------------------------------------------------------- Build 11.0.0.9 - Tue, 09 Nov 2010 10:09:40 MST Added Error Report --------------------------------------------------------------------------- Added an Error Report that shows all monitors that have errored. Event Log Management error notifications have been updated to use an HTML templates for email alerts and now includes the ability to fire other action types. The log management components have all been updated to include error alert functionality. For example, if the database is down while attempting to save a syslog entry, you can now receive an email notification. The Syslog Servers (UDP and TCP) now save entries that are out of RFC3164 specification. Previously when monitoring a UTF-8 or Unicode text log file, the first entry may not have been saved correctly. This bug has been fixed. The default read method for Text Log Monitors has been changed from end of file (EOF) to beginning of file (BOF). Several validation bugs were resolved within the configuration wizards. Previously when deleting an action, referencing Text Log Directory Templates were not updated. This bug has been fixed. Previously if using a database to consolidate log entries and the database was down, the dashboard views continued to display the running image. This bug has been fixed. Several updates were made to the help file. --------------------------------------------------------------------------- Build 11.0.0.7 - Wed, 03 Nov 2010 14:54:08 MDT Changed annoying behavior in Text Log Management Wizard --------------------------------------------------------------------------- Previously when adding a new text log monitor or directory monitor the Text Log Management Wizard automatically selected (All) if other logs or directories were already configured. This lead to users accidentally overwriting their previously created log monitor configurations. The wizard now automatically selects the newly added log. If multiple logs are added, (All) logs are still selected. --------------------------------------------------------------------------- Build 11.0.0.6 - Tue, 02 Nov 2010 12:33:15 MDT Fixed several significant bugs --------------------------------------------------------------------------- Previously users were only able to create or append to a filter from a single selected entry. The log views now enable users to multi-select entries and apply them to a new filter or append them to an existing filter. Previously when saving entries to SQL Server 2000 an overflow message was thrown when the sum of all the Event Log columns inserted exceeded 8060 bytes. When this error is thrown, the software now truncates the message content to 2048 bytes and attempts to save the entry again. If the entry still overflows the row, a message is written to the service log file and the download resumes. Previously when monitoring a CSV file an error was thrown within the monitor when multiple filters were assigned to the same file. This bug has been fixed. Previously when modifying a filter that is applied to a standard Event Log, syslog or text log report the filter's criteria was not properly pushed to the service or the user interface causing the reports to continue using the old filter. This bug has been fixed. Previously when upgrading from version 2009, if the installation directory was changed the HTML templates were not updated. The software now sets each HTML template value to the default when ever the assigned value is invalid. --------------------------------------------------------------------------- Build 11.0.0.1 - Sun, 24 Oct 2010 10:06:35 MDT Major new release --------------------------------------------------------------------------- This new release fixes several installation bugs that required a major update in order to resolve. The Log Manager 2011 installation now requires .Net Framework 3.5 Service Pack 1. Previously if the user deleted the desktop shortcut icon it would re-appear after a patch installation. This bug has been fixed. Updated the MySQL and SQL Server configuration tutorials Please continue to update your installation as we will be releasing many new updates that include usability enhancements and monitor upgrades. --------------------------------------------------------------------------- Build 9.0.0.173 - Sun, 24 Oct 2010 08:52:16 MDT Fixed several bugs --------------------------------------------------------------------------- Previously when saving filtered Event Log entries to a user defined table within a MySQL database an error was thrown stating the syntax was incorrect. This bug has been fixed. Previously when importing multiple Event Log backups data was duplicated. This bug has been fixed. Previously when importing an Event Log backup into SQL Server and checking the option to delete previously saved entries, the index table was not properly updated causing the Log Repository view to remove the log from the tree even though the data was present. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.171 - Tue, 19 Oct 2010 13:34:20 MDT Added Help | Renew menu item --------------------------------------------------------------------------- Added Help | Renew menu item enabling users to easily determine or purchase the next appropriate maintenance contract. --------------------------------------------------------------------------- Build 9.0.0.170 - Wed, 06 Oct 2010 13:52:38 MDT Added Event Log import function --------------------------------------------------------------------------- Log Manager now includes a function to import previously archived Event Log files. To import archived files select Tools | Event Log Backups | Import Backed up Event Log. Users can now encrypt email packets using TLS. Previously if a user attempted to manually add an malformed Event Log name via the Event Log Management wizard, the user interface could crash when attempting to download the Event Log. This bug has been fixed. Previously the CDYNE SMS gateway action always resulted in an error even when the action was properly fired. This bug has been fixed. Previously when displaying a standard event log report within the user interface, rather then when emailed, and the hide duplicate option was selected, the report displayed without hiding the duplicates. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.167 - Mon, 20 Sep 2010 15:15:29 MDT Made Event Log Management Wizard usability changes --------------------------------------------------------------------------- In an effort to increase usability, the Event Log Monitor wizard pages have been moved to the end of the Event Log Management Wizard. The consolidated log views now display the total number of entries and the filtered entry count within the status bar at the bottom of the view. --------------------------------------------------------------------------- Build 9.0.0.166 - Fri, 17 Sep 2010 08:50:43 MDT Fixed minor UI bug --------------------------------------------------------------------------- We recently modified the Logon As dialog and accidentally pasted the text from Disk Monitor into the informational control. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.165 - Wed, 15 Sep 2010 15:39:34 MDT Updated On-Demand Security Event Log Reports --------------------------------------------------------------------------- The On-Demand Security Event Log Reports have been updated to use our latest multi-threaded background report generation forms enabling users to identify report generation issues as well as re-run reports with all the available options. --------------------------------------------------------------------------- Build 9.0.0.164 - Wed, 08 Sep 2010 20:12:10 MDT Fixed several critical bugs and added several minor enhancements --------------------------------------------------------------------------- Previously complex Event Log filters did not properly handle the "Event" criteria. The "Event" criteria only worked if set to an equals statement. For example Event=1000. <, <=, >, >= and != did not return the expected results. This bug has been fixed. Recently we added support for CDYNE SMS gateway. While adding this function an obfuscation bug was introduced disabling users from adding new SMS actions. This bug has been fixed. The log properties dialogs now display the consolidated log's file or table size depending on the type of log repository. Previously the Top Events report used a pie chart to list the top events which depending on the data returned was difficult to read. A column chart is now displayed. Several dialog resize bugs were resolved. Reports can now be configured to only send email or output when the report contains results. In other words empty reports can be dropped. --------------------------------------------------------------------------- Build 9.0.0.162 - Sun, 05 Sep 2010 17:42:03 MDT Added unicode support to SQL Server and MySQL log repositories --------------------------------------------------------------------------- SQL Server and MySQL now enable users to consolidate entries from computers running non-ASCII languages such as German, Italian and Japanese. The File System Log Repositories now use UTF-8 encoding by default enabling all languages to be saved. The Unicode option has been renamed to UTF-16 and should continue to be used when saving Japanese or Chinese logs. Previously if consolidating to MySQL, the syslog date column index was not created. This bug has been fixed. Previously when consolidating from a database to the file system, entries were stored in the files out of order. This bug has been fixed. Previously if consolidating to SQL Server or MySQL and viewing Event Log entries that have identical date/time values, the entries were displayed in reverse order. This bug has been fixed. Previously if consolidating to Oracle the software may have throw an error when saving text log and syslog entries. This bug has been fixed. Previously the recordNumber column found within the Oracle Log Repository Event Log tables was too wide. The column has been narrowed to NUMBER(10). Users should either manually alter the column or delete the log from the repository and re-download. --------------------------------------------------------------------------- Build 9.0.0.161 - Sat, 28 Aug 2010 10:40:26 MDT Added Oracle support --------------------------------------------------------------------------- Log Manage now includes support for Oracle database. To consolidate logs to an Oracle server, first download and install the latest version of the Oracle client libraries from Oracle's website. At this time they are named: Oracle Database 11g Release 2 Client (11.2.0.1.0) for Microsoft Windows (32-bit) Oracle Database 11g Release 2 Client (11.2.0.1.0) for Microsoft Windows (x64) Once installed select Options from the Tools menu item. Select the Data Providers tab and create a new Oracle data provider. Lastly, set the type to Log Repository. If archiving data, you must point the archive to another database. The log repository and archive can not reside within the same database. Please note you now have the option to store log content in single byte or Unicode format. --------------------------------------------------------------------------- Build 9.0.0.160 - Mon, 23 Aug 2010 16:50:39 MDT Added Account Management Reports and Filters --------------------------------------------------------------------------- Users can now generate Account Management reports on the fly or on a scheduled basis. Users can now create account management filters enabling easier configuration for real-time monitoring of account updates. Account management filters support grouping entries by user or account enabling system administrators, for example, to receive notification when an account is changed more than 3 times in an hour. --------------------------------------------------------------------------- Build 9.0.0.159 - Wed, 11 Aug 2010 14:07:03 MDT Fixed several host/alias display bugs --------------------------------------------------------------------------- Previously the configuration wizards did not display hostname alias values when set. The list and combo-boxes now display as "[ALIAS] ([HOST])" when appropriate. When emailing text formatted reports and alerts hostname alias values did not display in the content. This bug has been fixed. The configuration and report error configuration pages have been updated to include a browse for email addresses button. Fixed several tab order bugs within the configuration wizards. --------------------------------------------------------------------------- Build 9.0.0.158 - Mon, 09 Aug 2010 10:57:46 MDT Fixed serialization bug --------------------------------------------------------------------------- The last build introduced a serialization bug that caused issues when specifying logon as credentials. Fixed a bug seen rarely on Windows XP workstations where a bogus empty domain appeared within the network object discover tree controls. All the computer selection dialogs have been updated to be more user friendly. --------------------------------------------------------------------------- Build 9.0.0.157 - Thu, 05 Aug 2010 01:49:12 MDT Added computer alias support --------------------------------------------------------------------------- Users can now specify an alias via the Map Computer Dialog. When used, the hostname or IP address is replaced with the alias throughout most of the user interface. The log management configuration wizards and log detail views continue to use the actual hostname or IP address. Previously the several of the tree views did not properly sort. The tree views are now sorted after refreshed. Previously when consolidating to MySQL if the target event log name was greater than 55 characters consolidation would fail. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.156 - Tue, 03 Aug 2010 01:59:27 MDT Fixed several time formatting localization bugs --------------------------------------------------------------------------- Previously throughout the user interface time values did not display correctly for locales, such as Sweden, that do not use AM/PM within time. These bugs have been fixed. --------------------------------------------------------------------------- Build 9.0.0.155 - Thu, 29 Jul 2010 09:33:23 MDT Add Microsoft Application Log support --------------------------------------------------------------------------- Corner Bowl Log Manager now includes support for the Microsoft Application Logs found in Server 2008, Windows 7 and Windows Vista. To configure Microsoft's Application Logs, select File | Log Management Wizard | Event Logs. Click through to the Select Event Logs page. Form this page you have the option to select or manually add Microsoft Application Logs. Previously the Archive Now button was anchored bottom right within the Options dialog causing the button to display in the incorrect location when the dialog was resized. This bug has been fixed. Fixed an installation bug that enabled expired users to install the latest version only to be later prompted by the user interface that they must update their maintenance contract to run the latest version. --------------------------------------------------------------------------- Build 9.0.0.153 - Wed, 21 Jul 2010 12:15:00 MDT Increased Event Log backup timeout --------------------------------------------------------------------------- When backing up Event Logs WMI returns prior to the file actually being written to the disk. The timeout was previously 3 seconds and has now been increased to 30 seconds. --------------------------------------------------------------------------- Build 9.0.0.152 - Fri, 02 Jul 2010 10:19:10 MDT Added diagnostics to debug execution --------------------------------------------------------------------------- Error messages now include a stacktrace when the user interface is run from the command-line with the -d parameter. --------------------------------------------------------------------------- Build 9.0.0.151 - Wed, 30 Jun 2010 13:02:22 MDT Fixed numerous UI and service bugs --------------------------------------------------------------------------- Previously when using the Select Specific Logs function users were required to specify a specific log. The dialog has been updated so the user can simply select Event Logs to select all event logs and Text Logs to select all text logs. After adding the logical filename for text log directory monitors the Select Log dialog that is displayed when creating a report did not list the logical filename until after at least one entry was consolidated. The dialog now lists the logical filename regardless. The Auto Configurator Wizard now includes a browse button to select known email accounts to send the results too. Previously the Auto Configurator would add more computers than licensed. When this occured the user was unable to re-configure computers until after they manually removed the excess computers. The Auto Configurator no longer adds computers once the license limit is reached. Previously if the clock on the localhost was advanced and then restored, when re-configuing schedules the next time may not have been updated correctly. This bug has been fixed. Previously when adding a list of emails addresses to send an alert to on error or when the Auto Configurator was complete multiple email addresses were not properly validated. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.150 - Tue, 29 Jun 2010 10:18:32 MDT Fixed several considerable bugs --------------------------------------------------------------------------- Previously when creating a new Standard Event Log Report if the user disabled the schedule they were unable to set the filter. This bug has been fixed. When consolidating text logs, each time a text log directory monitor discovered a new file the entry retention policy was immediately run against the newly created consolidated log. This bug has been fixed. Previously when saving a Test Log Directory monitor template, the drop down combo-box was not populated. This bug has been fixed. A serialization bug was introduced in the last build that caused the Text Log Directory monitor templates to corrupt. This bug has been fixed. When the MAC address changes the software now offers the option to automatically return and re-register. Previously the user was required to contact Corner Bowl Software to have their license reset. --------------------------------------------------------------------------- Build 9.0.0.148 - Sat, 26 Jun 2010 10:54:00 MDT Added text log directory monitor logical filename support --------------------------------------------------------------------------- Text Log Directory monitors now include a logical filename option enabling date based filenames to be saved to a single log within the repository. This functionality enables users to run automated reports against the date based filenames. --------------------------------------------------------------------------- Build 9.0.0.147 - Wed, 23 Jun 2010 22:29:16 MDT Added text log monitor template support --------------------------------------------------------------------------- Users can now save text log monitor configurations to template for later application. Previously if monitoring numerous text log files and directories, the server is offline, and then the service is restarted, the service stop may timeout. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.145 - Fri, 18 Jun 2010 16:00:10 MDT Fixed significant Security Entry parsing bug --------------------------------------------------------------------------- Previously Security Event Log Entries that were missing documented key value pairs caused the report to prematurely return. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.144 - Fri, 18 Jun 2010 11:56:58 MDT Enhanced text log actions --------------------------------------------------------------------------- Users can now receive text log monitor alerts that include a number of previous and following entries. For example, you can include the previous 3 entries every time an entry passes your filter for a total of 4 entries that will be included in your alert. To set this value, open the Text Log Management Wizard. Click through to the Optionally Assign Filters and Actions page. Click the Add button. Specify the number of previous and following entries to include. --------------------------------------------------------------------------- Build 9.0.0.143 - Wed, 16 Jun 2010 20:29:54 MDT Fixed significant text log monitor bug --------------------------------------------------------------------------- Previously when configuring the pattern recognition for a text log monitor, if the user configured the pattern recognition to ends with without first setting the delimiter value, the monitor did not properly recognize the entries. This bug has been fixed. Previously if a user wanted to re-download all Event Log entries for a particular log the user was required to either disable the Log Retention Policy prior to downloading or increase the maximum number of days to retain from within the log retention policy page. If archiving entries, the maximum days to retain within the archive is now applied causing the re-download to use the greater of, the initial days to download or the maximum number of days to retain in the archive. Previously when removing log configurations, the logs were not removed from referenced reports. All reports are now updated. For technical reasons there is one exception to this rule. When deleting a single Event Log configuration from within the Configuration Explorer the reports are not cleaned up. Please note only the primary log repository and archive log repository logs are removed from the report. If you have a report setup to access backup, alternate or WAN repositories the report remains untouched. All the Syslog views have been updated to include a priority icon column. --------------------------------------------------------------------------- Build 9.0.0.142 - Mon, 07 Jun 2010 08:44:28 MDT Added 3 tutorials --------------------------------------------------------------------------- We have added 3 tutorials to our help file. --------------------------------------------------------------------------- Build 9.0.0.141 - Thu, 03 Jun 2010 09:24:11 MDT Fixed list control sort bug --------------------------------------------------------------------------- Previously sorting by certain columns within the Security Event Log Reports may have caused a crash. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.140 - Tue, 01 Jun 2010 03:50:00 MDT Added non-English support to Security Event Log Reports and monitors --------------------------------------------------------------------------- Previously our Security Event Log Reports and monitors were only able to parse English Security Entries. We have significantly changed our parsing algorithm enabling CBLM to parse non-English Security Events. The About Box now includes the number of license computers being monitored and when not an Unlimited license, the remaining # of computers that can be monitored. The Logon/Logoff reports now include an option to only show the last successful logon for each user and logon type. --------------------------------------------------------------------------- Build 9.0.0.136 - Mon, 24 May 2010 08:43:28 MDT Fixed several minor bugs --------------------------------------------------------------------------- The real-time text log monitor HTML templates were updated to include the name of the applied filter. When mapping computers using an IP address, users may have seen an error stating the host could not be resolved. This bug has been fixed. Previously the Filter Manager rarely threw a dictionary error when adding a new criteria. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.135 - Wed, 19 May 2010 15:34:44 MDT Fixed service crash --------------------------------------------------------------------------- Previously if running a Real-Time Event Log Monitor the service could crash if configured to email on error, the remote server is off-line or denies access, and Log Manager is unable to send the email. Previously the service had a very small window in which the program could hang. This could occur if the service was not run for a significant amount of time, there were 100s of configurations, and the service was restarted 2 times very quickly. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.134 - Wed, 19 May 2010 00:00:32 MDT Added database date column index and fixed numerous UI issues --------------------------------------------------------------------------- Per a customer request we have added an index for the date column reducing the load on the log repository database when retrieving entries. Previously when consolidating to SQL Server or MySQL in very rare cases Event Log entries could have been duplicated in the log repository. This bug has been fixed. Previously when viewing an Event Log's properties, if access was denied an error was thrown, however, the user was not provided the option to specify logon as credentials. The user is now prompted to supply logon as credentials. Previously when changing the log repository type, for example from the file system to SQL Server, the dashboards did not update with the new information. The dashboards are now immediately updated. Previously when deleting multiple logs from the repository or clearing multiple Event Logs the user was not prompted with a list of selected logs. The user is now prompted with the first 20 selected logs. Previously when restoring a backed up configuration the Sort by Computer view within the Configuration Explorer did not remove computers that were not contained within the backup. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.133 - Mon, 17 May 2010 15:26:34 MDT Enhanced Security Event Log Reports and fixed several related bugs --------------------------------------------------------------------------- The Security Event Log Reports now include user include/exclude filters as well as an Active Directory lookup option. Previously several of the Security Event Log reports failed to show the detail records if the summary report items were not checked. These bugs have been fixed. --------------------------------------------------------------------------- Build 9.0.0.132 - Fri, 14 May 2010 09:23:31 MDT Fixed major logon/logoff bug --------------------------------------------------------------------------- Previously the logon/logoff report may have thrown a key not present in dictionary error causing the report to error out. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.131 - Tue, 11 May 2010 10:33:09 MDT Fixed real-time viewer bug --------------------------------------------------------------------------- Previously when watching Event Logs or Syslogs in real-time within the user interface, when the user clicked the Clear button to reset the screen, the entries were removed from the view but remained in memory. When the user applied a filter or modified the current filter the once cleared entries would resurface in the updated view. This bug has been fixed. Users can now return their own licenses enabling them to move installation locations without notifying our support team. To return your license, select Help | About | Return License. --------------------------------------------------------------------------- Build 9.0.0.130 - Tue, 04 May 2010 08:08:37 MDT Added Logon/Logoff Report --------------------------------------------------------------------------- Users can now generate logon/logoff reports. From the Log Repository view, check the Security Event Logs to run the report against, right click and select Reports | Logon/Logoff. Previously the text log monitor did not properly re-initialize after an exclusion period when polled every x minutes or longer. This bug has been fixed. Previously the report wizards for frequency reports (counts of entry types) did not save the date range when the only change made was to the date range field. This bug has been fixed. Previously manually run log entry frequency reports displayed the count in a column which could not be resized. If more than 99 entries were present users would typically see "...". This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.126 - Fri, 23 Apr 2010 09:22:12 MDT Enhanced schedule exclusion period algorithm --------------------------------------------------------------------------- All scheduled functions now include an enhanced exclusion period algorithm. For example, users can now configure a monitor to shutdown Sunday from 8:00 - 12:00. --------------------------------------------------------------------------- Build 9.0.0.125 - Tue, 20 Apr 2010 20:28:56 MDT Added several report assignment options and fixed several UI bugs --------------------------------------------------------------------------- Users can now assign Event Logs and Syslogs to existing reports from within the Log Management Wizard. Report assignment is now always included when saved to a template. Lastly, the Auto Configurator will now use the report assignment found within the templates to automatically add computers and logs to existing reports. Previously consolidated Security Event Log views did not update when a user changed an already applied Success or Failed Logon filter via the Filters Manager. These bugs have been fixed. Users are now asked if they would like to re-scan the current consolidated view when clearing an applied filter while on a page other than the first. --------------------------------------------------------------------------- Build 9.0.0.122 - Sun, 18 Apr 2010 11:21:50 MDT Added date option to the Select Display Filters dialogs --------------------------------------------------------------------------- Users can now select the initial date they would like to see prior to viewing consolidating logs. This option significantly reduces the time it takes to review entries that fall on a page other than the default. Previously when scrolling a list of entries using either the down or up arrow buttons the dependent views were not redraw until after the key was released. The view has been modified to refresh the message text, hex view, and notes views (where applicable) after each focus changed event. --------------------------------------------------------------------------- Build 9.0.0.121 - Thu, 15 Apr 2010 22:14:19 MDT Added backup email server support --------------------------------------------------------------------------- Users can now configure a backup email server. If the primary is down or is unable to send your message, the software will All text based actions including but not limited to text emails, message boxes, and SMS messages can now parse and display The Event Log Entry action has been updated to enable the action to dynamically insert the host name the entry was generated The LATEST_ENTRY and OLDEST_ENTRY tags displayed the wrong entries when used for text email based reports. We added a new tutorial that shows users how to configure Gmail as a backup email server. The Event Log Management tutorial has been updated to include information and screen shots for poll monitoring and EVT and The documentation for replacement tags has been updated. --------------------------------------------------------------------------- Build 9.0.0.120 - Sat, 10 Apr 2010 01:08:29 MDT Fixed Event Log EVT/EVTX backup bug --------------------------------------------------------------------------- In many cases the Event Log backup function would fail with an error stating the file could not be moved. The error occurred because WMI returns prior to the file being written to the disk. The function now waits up to 3 seconds for the existence of the file. In all our tests this resolved the issue. Users are now promoted to select display filters when viewing an Event Log or syslog in real-time. Previously check boxes with an intermediate state were unchecked when clicked. This behavior caused any dependent settings to be lost. The behavior has been changed so the state changes to checked which in turn preserves dependent settings. Previously after selecting another computer or all computers from the Logon As page within the Event Log Management Properties Wizard all modified values for the previously selected computer were lost. This bug has been fixed. The 'Event' column values for all Event Log views are now right aligned. The Event Log Entry Properties dialog can now be resized and the assigned font is applied message text box. --------------------------------------------------------------------------- Build 9.0.0.119 - Wed, 31 Mar 2010 09:50:16 MDT Fixed Event Log poll monitor bug --------------------------------------------------------------------------- Installations prior to build 9.0.0.96 would have been unable to schedule the poll monitor due to a file versioning bug. This bug has been fixed. --------------------------------------------------------------------------- Build 1.0.0.118 - Tue, 30 Mar 2010 20:34:47 MDT Fixed success logon real-time filter --------------------------------------------------------------------------- Previously when monitoring an event log in real-time, the success logon filter ignored the LogonType flag. This bug has been fixed. Previously when using the Auto Configurator computers added to Active Directory in lower case were re-added during every scan. This bug has been fixed. --------------------------------------------------------------------------- Build 1.0.0.117 - Fri, 26 Mar 2010 18:44:48 MDT Fixed several UI annoyances --------------------------------------------------------------------------- Previously the list control we use through out the application had a bug that caused the items to re-sort when the user changed the size of the columns. This was very annoying even with small amounts of data. This bug along with several other minor bugs with the control have been resolved. Since the inclusion of the TCP syslog server the log nodes did not show the correct status when the TCP server was disabled. This bug has been fixed. Fixed another bug within the real-time Success Logon filter. --------------------------------------------------------------------------- Build 9.0.0.114 - Wed, 24 Mar 2010 12:26:20 MDT Fixed Success/Failed Logon filter bug --------------------------------------------------------------------------- Previously the Success and Failed Logon filters did not work within the consolidated or real-time viewers unless one of the sub-fields (user, client workstations, reason, or logon type) was selected. This bug has been fixed. Users can now right click on an event or syslog message within the real-time and apply the entry to a filter. --------------------------------------------------------------------------- Build 9.0.0.113 - Sun, 21 Mar 2010 16:48:38 MDT Fixed a UI scheduling bug --------------------------------------------------------------------------- Previously when re-configuring different monitoring schedules for multiple logs an object reference error may have been thrown when dismissing the Assign Schedule without selecting a new schedule. Since the TCP syslog server was added, syslog nodes displayed the incorrect status within the configuration explorer when the TCP syslog server was disabled. --------------------------------------------------------------------------- Build 9.0.0.112 - Wed, 10 Mar 2010 06:10:25 MST Fixed a bug in the Event Log backup function --------------------------------------------------------------------------- Previously Event Logs that contained a reserved character (/, :, “, <, >, |) were unable to be backed up. The special characters are now replaced with an underscore (_). Made several minor updates to the help file. --------------------------------------------------------------------------- Build 9.0.0.111 - Mon, 08 Mar 2010 09:54:39 MST Fixed a significant bug in the TLM importer --------------------------------------------------------------------------- Fixed a significant bug in the TLM importer. --------------------------------------------------------------------------- Build 9.0.0.110 - Wed, 03 Mar 2010 22:43:56 MST Added Text Log Monitor upgrade support --------------------------------------------------------------------------- Text Log Monitor users can now import their text log monitors into Corner Bowl Log Manager. --------------------------------------------------------------------------- Build 9.0.0.109 - Tue, 02 Mar 2010 20:22:38 MST Added several major new features and fixed a critical failed logon report bug. --------------------------------------------------------------------------- This build includes a new filter type called Event Log (Success Logon). Use this filter to limit entries within the viewer or generic reports to success logon events. Users can also filter on user, client workstation, and logon type message parameters. For example, use this filter to get a list of all interactive logons. Per several user requests we have added a TCP syslog server. To enable the TCP syslog server, select Options from the Tools menu item. Select the Syslog tab. Enable the TCP syslog server and set the port. Previously the failed logon report incorrectly included some success audit events. This bug has been fixed. Previously when re-configuring multiple computers, the logon as domain field did not populate correctly when the configured domain was different than the default domain. This bug has been fixed. The SQL Server database connection string now includes the application name enabling easy identification when running a trace against the database. Previously the real-time syslog viewer enabled users to de-select all priorities toolbar toggle buttons. The viewer now throws an error message when the last priority is de-selected and then re-selects the priority. --------------------------------------------------------------------------- Build 9.0.0.108 - Tue, 09 Feb 2010 08:34:07 MST Fixed minor memory leak --------------------------------------------------------------------------- In previous builds there was a small memory leak that occurred every time a user logged off or the tray icon was closed. This bug has been fixed. Updated the information message that is shown when a user chooses to schedule the stand-alone Event Log Monitor. Several icons were updated. Typically applications open and lock log files until the application is terminated. In response we have changed the default text log monitor read schedule from real-time to scheduled. Made several wording and control position changes within the Text Log and Text Log Directories Properties Wizard pages. --------------------------------------------------------------------------- Build 9.0.0.106 - Mon, 01 Feb 2010 21:49:19 MST Added remote execution option to start process action --------------------------------------------------------------------------- The start process action now includes support to remotely execute a process. Previously the flag filter criteria value was obfuscated (e.g. a, b, c). This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.104 - Thu, 14 Jan 2010 20:18:18 MST Added run as option to start process action --------------------------------------------------------------------------- Users can now target the account they want to run processes under. We made several minor UI changes to several action configuration dialogs. The most significant change was the addition of a Test button on the Event Log action configuration dialog. --------------------------------------------------------------------------- Build 9.0.0.103 - Wed, 13 Jan 2010 09:18:39 MST Fixed Event Log Template bug --------------------------------------------------------------------------- When adding our new Event Log Poll Monitor we incorrectly serialized in the event log monitor templates causing the template to fail on load. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.102 - Tue, 12 Jan 2010 09:39:57 MST Fixed Success Logon report bug --------------------------------------------------------------------------- In previous builds the Success Logon report only worked when consolidating Event Logs to our file system. There was a bug in both the SQL Server and MySQL commands preventing entries from being returned. This bug has been fixed. Users can now rename reports directly from within the Reports and Views view. When using the Actions Manager, when a user selected an existing action, attempted to change the type to Start Process, left the arguments field blank, then saved the changes, a null reference error was thrown. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.101 - Fri, 08 Jan 2010 11:19:55 MST Fixed several text log monitor bugs --------------------------------------------------------------------------- Fixed a minor validation bug within the EVT/X backup page of the Event Log Management Wizard. In previous builds when creating a text log report the Select Consolidated Log dialog in some cases displayed each log file twice. This bug has been fixed. When opening a text log the Select Filter dialog did not show the available text log filters. This bug has been fixed. Previously when the user changed the name of a filter, each displayed log view that was using the filter would automatically de-select the filter and show all entries. This bug has been fixed. Added diagnostic message to text log monitor. --------------------------------------------------------------------------- Build 9.0.0.99 - Thu, 07 Jan 2010 10:13:58 MST Fixed significant rolling text log file monitor bug --------------------------------------------------------------------------- Previously when monitoring rolling text log files that contained the current date within the filename some entries may have been dropped during the rolling transition. This bug has been resolved. The Start Process action now logs a message just prior to execution showing the command and arguments being executed. Previously in very rare cases the user interface would throw a fatal error after closed. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.97 - Fri, 01 Jan 2010 20:09:26 MST Fixed Successful Logon Report obfuscated bug --------------------------------------------------------------------------- Previously the Successful Logon Report obfuscated the LogonType values. This bug has been fixed. When exporting a consolidated Event Log from within the Active Directory Event Log Explorer view an object reference error was thrown after the logs were successfully exported. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.96 - Wed, 23 Dec 2009 09:06:39 MST Added Event Log schedule monitor --------------------------------------------------------------------------- Users can now schedule to receive notification of critical Event Log entries without saving the entries to the log repository. Use the Event Log Monitor page within the Event Log Management Properties Wizard to schedule Event Logs for scheduled monitoring. Please note the scheduled monitor is only intended to be used when not saving entries to the log repository. If saving entries to the log repository use Post Consolidation Filters and Actions instead. Previously our SMTP client code threw an object reference exception if the target SMTP server did not respond to the connection attempt. This typically manifested itself when the SMTP server does not allow connections or relay from the server CBLM is installed. This bug has been fixed. In one case we saw our SMTP server receive an ‘Invalid domain name’ error which was caused when the Log Manager Windows Service was running under the SYSTEM account. In this case a malformed EHLO command was sent causing the error. This bug has been fixed. Users can now open zipped EVT/X files directly from the user interface. Saved Syslog entries can now be automatically backed up, compressed and encrypted. While doing some MySQL testing we noticed MySQL does not properly interface with the Windows Event Log system. Because of this bug MySQL Administrator messages did not appear when EVT export support was disabled. Upon further review we learned Windows was not returning then generic message that embeds the insertion strings as it typically does when an application fails to interface with the Event Log system properly. In this scenario the insertion strings are saved to the to the log repository enabling the viewer to display the insertion strings. A few builds ago while fixing a few sizing issues with our base wizard control we accidentally introduced a bug to the Auto Configuration. The Add and Remove buttons did not display. This bug has been fixed. Previously when forwarding messages to another syslog server, if the remote server name could not be resolved an object reference error was logged to the service log file. The message now correctly logs the name resolution issue. Previously when forwarding messages to another syslog server, user added replacement tags were ignored. This bug has been fixed. Previously when importing a NEV log repository that only contained archived entries an error was thrown stating there were no logs to import. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.92 - Tue, 15 Dec 2009 14:32:13 MST Fixed MySQL bug --------------------------------------------------------------------------- Previously messages that embedded curly open parenthesis caused the MySQL consolidation function to fail. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.91 - Wed, 02 Dec 2009 21:49:16 MST Added WMI block size option --------------------------------------------------------------------------- Users can now override the WMI block size option used when downloading Event Log entries. Increasing or decreasing the value may increase or decrease download speed at the cost of remote CPU load. The Syslog Entry Properties dialog now applies the same font to the message text box as defined within the Options dialog. The dialog can also be resized. Several minor drawing issues were resolved within our list view control. --------------------------------------------------------------------------- Build 9.0.0.89 - Sun, 29 Nov 2009 16:23:02 MST Fixed failed logon filter bug --------------------------------------------------------------------------- In previous builds the newly added Server 2008 account logon event IDs handled within the Security Event Log Reports were not handled when an Event Log (Failed Logon) filter was applied to a real-time or scheduled monitor. This bug has been fixed. Several updates were made to the tree view node check and selection algorithm that will hopefully benefit users. --------------------------------------------------------------------------- Build 9.0.0.88 - Tue, 24 Nov 2009 09:27:47 MST Added several minor enhancements --------------------------------------------------------------------------- Made several minor drawing enhancements to the List Control. Added several debug messages to startup code. --------------------------------------------------------------------------- Build 9.0.0.87 - Tue, 17 Nov 2009 20:52:14 MST Added Success Login reports --------------------------------------------------------------------------- Users can now generate successful login reports. Use the Report Wizard and select Event Logs (Success Logon). You have the option to display several different summary and detail reports. Previously when importing NEV configurations, mapped computers that did not have login credentials assigned caused the import function to fail with an object reference error. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.86 - Fri, 13 Nov 2009 09:15:32 MST Added hide duplicate Event Log entry function --------------------------------------------------------------------------- When displaying consolidated Event Logs, EVT files or EVTX files users can now hide duplicate entries. Duplicate entries are defined as entries with the same source and event ID regardless of message content. To hide duplicates, toggle the 2 arrow to 1 arrow toolbar button. The viewer adds a column which lists the count of entries with the same source and event ID. When running a standard Event Log report users can now choose to hide duplicate entries. Duplicate entries are defined as entries with the same source and event ID regardless of message content. To hide duplicates check the option from within the wizard. If sending an email, the count of entries with the same source and event ID is listed in the first column. --------------------------------------------------------------------------- Build 9.0.0.85 - Tue, 10 Nov 2009 10:22:07 MST Added IP address support to actions --------------------------------------------------------------------------- The host name fields within actions can now be replaced by IPv4 or IPv6 values. To include the IP address instead of the hostname replace the {HOST} tag with {IPv4} or {IPv6}. Added several data management configuration helper routines to the Log Management Wizard to aid users. Fixed several validation errors within the Report Wizards. Removed a startup error message that displayed when running 2 instances of the user interface from the different RDP sessions on behalf of the same user account. --------------------------------------------------------------------------- Build 9.0.0.84 - Sat, 07 Nov 2009 17:13:46 MST Fixed file system log repository bugs --------------------------------------------------------------------------- In previous builds entries could be lost while archiving the consolidated logs. The bug occurred because of a race condition that existed when replacing a log repository file with an updated file. We have resolved these issues. The Message Box alert has been updated to include a Clear button within the message box dialog. When clicked, all the messages within the history are removed and the current message cleared. When viewing the Event Log Properties dialog the title now includes the data provider when not primary log repository. For example, if you right click on an archived log within the Log Repository view the property dialog includes the name given to the archive data provider. Previously when restarting the service, the Event Log backup configurations were incorrectly re-scheduled to the next download schedule rather than the next backup schedule. This bug has been fixed. Previously the service shutdown was very slow due to a delay in Microsoft’s IPC close code. We now call the close method asynchronously which significantly decreases the shutdown time. Previously the application failed to remove all temporary files from the temporary file directory. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.83 - Fri, 06 Nov 2009 02:55:10 MST Added on-demand text log monitor function --------------------------------------------------------------------------- Text Logs monitors can now be executed on-demand from with the user interface. This function enables users to download and consolidate entries at will. Please note when run, all assigned filters are applied and all non-user interface actions executed. To run the monitor manually, check or highlight the Text Log from one of the navigation views. From the File menu item select Run Text Log Monitor Now. If the user navigated to a text log directory mask from within the Configuration Explorer, the view was set to Group by Log Type and the service was stopped, the files that passed the mask were not displayed. This bug has been fixed. If the user navigated to a text log directory mask from within the Configuration Explorer, the view was set to Group by Log Type, the user highlighted the mask or corresponding log file then attempted to open the Log Management Properties Wizard an error was thrown stating a log file must be selected. The wizard now opens as expected. In previous builds during startup if the user did not have administrator rights an error was thrown that stated access to the register was denied. The application now checks for administrator or power user rights and if not found throws a user friendly message stating some functionality might not be available. Users can now generate a log management configuration report. To generate the report select Generate Configuration Report from the Tools menu item. All the log management configurations are iterated and output to your default text editor. --------------------------------------------------------------------------- Build 9.0.0.82 - Wed, 04 Nov 2009 16:13:46 MST Fixed several Linq issues throughout the application that caused sequence errors to be thrown --------------------------------------------------------------------------- When opening EVTX files a Sequence contains no elements error may have been thrown when parsing the XML. This bug has been fixed. A sequence contains more than one element error may have been thrown if the groups.dat file erroneously had a host pointing at 2 different groups. This bug has been fixed. After startup the licensing code may have caused a crash when the About box or another function that must wait for the licensing to complete was run. This bug has been fixed. When viewing a Failed Logon Report the logon type values were obfuscated meaning the values displayed as letters a-i instead of the actual values. This bug has been fixed. When we added the SNMP support the setup was incorrectly modified setting some registry keys that caused the all of the initial startup wizards to fail to open. This also caused the auto update from Network Event Viewer to be ignored. The Event Log, Syslog and Text Log Management Wizards now include a verification page that enables users to copy the configuration and save it to a text file for easy reading. --------------------------------------------------------------------------- Build 9.0.0.79 - Tue, 03 Nov 2009 16:30:21 MST Added recursive Active Directory option --------------------------------------------------------------------------- Previously users had to add each directory entry they wanted to scan for new computers. We have added an option which is set by default, unless previously configured, that enables the scan to recursively drill into each sub-directory entry. Use the Auto Configuration to set this option. Previously when manually downloading Event Logs the download function would fire off a new thread for every selected log. If 100s of logs were selected this could cause the system to run out of system resources. By default no more than 20 threads are now used. You can increase or decrease the number of threads via the WMI tab within the Options dialog. A Print Selected Entries menu item was added to the popup menu bar for all the log views except the real-time Syslog and real-time Event Log views. In previous builds when attempting to select specific computers such as domain controllers or servers from within the Browse Active Directory Computers dialog the computer type was not queried causing the search criteria to fail. This bug has been fixed. Users can now overwrite the default Active Directory configuration enabling them to display a deep organization unit in place of the root. The Event Log Explorer had a major bug that caused the discovery to simply get a list of the local Event Logs. Added refresh buttons to the overview dashboard. The EVT and EVTX file readers have been optimized to cache user and message file information where applicable decreasing the overall load time. --------------------------------------------------------------------------- Build 9.0.0.78 - Mon, 02 Nov 2009 09:31:50 MST Fixed startup bug --------------------------------------------------------------------------- When fixing the startup delay present in build 69 and earlier we introduced a bug that occurred during startup when the computer was offline. At startup an error was thrown and the application exited. We have resolved this bug. --------------------------------------------------------------------------- Build 9.0.0.77 - Mon, 02 Nov 2009 00:32:13 MST Added Active Directory email lookup to email actions --------------------------------------------------------------------------- When firing an email alert for an Event Log entry that passes a real-time monitor’s filter or a post consolidation filter, the contents of the user name displayed in the USER column can now be looked up in Active Directory and the assigned email address used. To use the user’s Active Directory assigned email address create an action and specify {AD_USER} as the email address. To send all Event Log entries for a specific user, create a Simple Event Log filter and specify the domain name followed by the user name within the User text box. For example: domain\username Previously when creating a Simple Event Log filter specifying the domain\username format caused an error to be thrown stating the escaped sequence was not allowed. This bug has been fixed. If the user previously specified domain\\username to get around this bug the serialization code will remove the extra \ while loading the filter. This bug fix should be seamless to the user. --------------------------------------------------------------------------- Build 9.0.0.76 - Fri, 30 Oct 2009 01:37:47 MDT Simplified the NEV upgrade process --------------------------------------------------------------------------- We added some smarts to the initialization. The user is now automatically prompted when Network Event Viewer is already installed. The prompt explains the differences in the programs and offers the option to import the NEV configurations and data. If they choose to import, the NEV license is automatically applied to the software prior to the import dialog appearing. --------------------------------------------------------------------------- Build 9.0.0.75 - Wed, 28 Oct 2009 09:41:07 MDT Fixed Syslog.Priority.Emergency bug recently added to database initialization --------------------------------------------------------------------------- A few builds ago we changed the Syslog priority Emerg value to Emergency. This caused the database initialization to fail because the maximum width was 8 characters. We have increased this value to 16 characters. --------------------------------------------------------------------------- Build 9.0.0.74 - Wed, 28 Oct 2009 04:25:39 MDT Added email address {USER} tag option for real-time Event Log monitors --------------------------------------------------------------------------- When firing an email alert for an Event Log entry that passes a real-time monitor’s filter, the email address can be changed to the contents of the USER column within the entry. If the USER column contains a domain name, the domain name is removed. When receiving a heavy load of Syslog messages the Syslog viewer continually flickered. This drawing issue has been resolved. When receiving a heavy load of Event Log entries the real-time Event Log viewer continually flickered and often lost focus on the latest entry. These issues have been resolved. When watching an Event Log that is receiving a heavy load of messages a bug was recently introduced that caused the Date and time sort to fail ultimately resulting in entries missing from the view. This bug has been fixed. In previous builds the user interface displayed the indent area within column grouped log views as orange. In an effort to reduce clutter we have changed the color to transparent. --------------------------------------------------------------------------- Build 9.0.0.73 - Tue, 27 Oct 2009 13:57:55 MDT Added EVTX view support --------------------------------------------------------------------------- Corner Bowl Log Manager can now read EVTX files. The previous Dashboard was simplified. To account for the simplification an Event Log and Syslog Dashboard have been included. To automatically display the Event Log and Syslog Dashboards check the options via the User Preferences page within the Options dialog. Help was added to the Select Computers page within the Report Wizards where appropriate. Previously when viewing an EVT file, the export function did not output the computer name, log name or the date range. This bug has been fixed. The Network Explorer and Configuration Explorer were consolidated into a single view now selectable through a drop-down combo-box. --------------------------------------------------------------------------- Build 9.0.0.71 - Sun, 25 Oct 2009 23:06:23 MDT Fixed Syslog and text log file system archive bug --------------------------------------------------------------------------- When using the file system rather than a database to store logs, both the Syslog and text log archive function incorrectly ordered the entries within the archive file. This caused several user interface display issues as well as the archive truncation function to silently fail ultimately leading to an ever increasing archive file. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.70 - Thu, 22 Oct 2009 13:29:14 MDT Fixed startup delay --------------------------------------------------------------------------- There was a startup delay of around 20 seconds that occurred when the product was licensed. This delay seems to be recent and is the result of a bug within Microsoft’s XML check signature function. We have moved the license file validation code to a background thread to enable the user interface to quickly load. --------------------------------------------------------------------------- Build 9.0.0.68 - Thu, 22 Oct 2009 02:39:24 MDT Added Event Log entry properties dialog --------------------------------------------------------------------------- Previously in Network Event Viewer when double-clicking on an Event Log entry an entry properties dialog displayed. This functionality was originally dropped from Corner Bowl Log Manager. We have added this functionality back in. We also added a Syslog message property dialog. While adding the Syslog message property dialog we changed the following Syslog priority names: Emerg, Crit and Error to Emergency, Critical and Error. When viewing 2 types of logs if the user opened the Find dialog then switched to the other log type the Find dialog for the first log type remained visible. If the user the opened the Find dialog for the second log type 2 Find dialogs were then displayed. The Find dialog is now dismissed when moving between log types or when closing the log view. A few builds ago we fixed a UI sorting bug that occurred when viewing multiple Event Log entries from the same second from the file system log repository. When fixing this bug we accidentally created the bug we fixed when viewing multiple Syslog and text log entries from the file system log repository. This bug has been fixed. Fixed startup delay. --------------------------------------------------------------------------- Build 9.0.0.67 - Wed, 21 Oct 2009 01:47:34 MDT Added SQL Server Encryption option --------------------------------------------------------------------------- Users can now communicate with SQL Server using SSL. To enable SSL communication select Options from the Tools menu item. Select the Data Providers tab. Select the target data provider and check the Encrypt connection option. Added help to the SQL Server connection controls explaining how to specify a non-standard port. --------------------------------------------------------------------------- Build 9.0.0.66 - Tue, 20 Oct 2009 02:47:42 MDT Added support for iSMS --------------------------------------------------------------------------- Added SMS gateway support for iSMS. Previously process and sound actions in response to text log entry filters failed to execute. These bugs have been fixed. When configuring a text log monitor to read a new file from the end the service incorrectly read the entire file. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.65 - Mon, 19 Oct 2009 08:28:08 MDT Added NEV log repository data import functions --------------------------------------------------------------------------- Corner Bowl Log Manager can now import Network Event Viewer’s log repository. Please read the help file for detailed information on the importing process. To convert the data select Import from Network Event Viewer. Users can now limit email, SMS message, message box and tray popup content to the actual message rather than the entire Event Log or syslog entry. To limit the content, use the Actions Manager, select the action to modify and use the {MESSAGE} tag. In previous builds the user interface would throw an object reference error when any menu bar item or toolbar item was clicked and the Manual Event Log Management Output window filled the detail view. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.63 - Sat, 17 Oct 2009 23:01:47 MDT Fixed several Event Log Management bugs and added several new features --------------------------------------------------------------------------- The Event Log Properties dialog now enables users to backup EVT files. Also, when clearing, users are now provided the option to backup the EVT file prior to clearing it. Previously when backing up and clearing EVT files each function was called separately opening a window for entries to be lost. These calls have been combined into a single call guaranteeing no entry loss. In previous builds when viewing EVT files or consolidated Event Logs, entries written within the same second may not have displayed in the correct order. This bug has been resolved for EVT files and log files consolidated to our file system format. This is still an issue with SQL Server and MySQL. To fix this issue we must alter the database schema and store the Event Log entry record number. We will make this change at a later date. Unknown to us until recent load tests, Microsoft often duplicates and even triplicates Event Log entries when it sends them over the wire via WMI. We have made modifications to the download algorithm to disregard duplicate entries. When downloading and backing up or clearing EVT files on the same schedule the EVT backup typically did not run. The EVT backup would also fail if a long download was still running when the EVT backup schedule occurred. The EVT backup function has been modified to wait for the download to complete. The Event Log Management Wizard now throws an informational message box when the user chooses to clear the Event Logs after a download. When setting the output filename the file action configuration dialog incorrectly opened the common open dialog rather than the save as dialog. The filter type did not show if the path was invalid or contained replacement tags. Once the common dialog was closed, the HTML template text box was updated rather than the output filename text box. These bugs have been fixed. We also added help to the configuration dialog to aid users when saving to remote locations. Users can now remove and archive entries on demand rather than having to wait until the entry retention policy is automatically executed. To manually remove and archive the consolidated logs, select Options from the Tools menu item. Select the Log Repositories tab. Click Remove and Archive Entries Now. Users can now receive email notification alerts when a real-time Event Log monitor fails. Use the Error Notification page within the Log Management Wizard to set the email address and subject for the email. While making this changed we realized all the available replacement tags were not visible for the email subject field. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.62 - Thu, 08 Oct 2009 15:06:53 MDT Added WMI packet encryption option --------------------------------------------------------------------------- In previous builds all WMI packets received from remote computers were unencypted. An option has been added to the Options dialog that enables users to set the authentication level. Setting the authentication level to PacketPrivacy turns payload encryption on. The failed logon, account lockout, and new user reports can now email using text rather than HTML. The account lockout and new user report wizard did not properly complete when the schedule was disabled. These bugs have been fixed. In previous builds when closing a failed logon report that was still running, an object reference error was thrown. The error is no longer thrown. --------------------------------------------------------------------------- Build 9.0.0.60 - Mon, 28 Sep 2009 11:24:14 MDT Fixed several filter bugs --------------------------------------------------------------------------- In previous builds if the user changed a real-time Event Log monitor filter from a failed logon type to a complex or simple type, the service was not updated properly causing the monitor to fail throwing a cast exception. This bug has been fixed. In previous builds when changing an Event Log filter type from simple or complex to a failed logon the Filter Manager threw an error when saved. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.59 - Thu, 24 Sep 2009 22:18:32 MDT Added Server 2008 account logon event support --------------------------------------------------------------------------- The failed logon reports now include Server 2008 account logon events 4768, 4771, and 4776. --------------------------------------------------------------------------- Build 9.0.0.58 - Thu, 24 Sep 2009 11:29:55 MDT Fixed SQL Server database lock bug --------------------------------------------------------------------------- In previous build when downloading Event Logs for the first time and using SQL Server to store logs each download occurred serially because of a database lock incurred during the table creation. The user interface would also hang as soon a database call was made. The table lock has been resolved. In previous builds the Find dialog within the Real-Time Text Log Viewer in included a Mark button that did nothing and a More button that offered options not available to the Real-Time Text Log Viewer. The Find dialog now includes a mark column and the More button has been removed. The Find dialogs had a tendency to show up in the left top most position within the screen. This bug has been fixed. In previous builds when attempting to email the current page within a Syslog View that contained more than 5000 entries the following error was thrown: Index (zero based) must be greater than or equal to zero and less than the size of the argument list. This bug has been fixed. A Flag toolbar button has been added to all of the real-time views. Although you can not flag an entry that shows in the real-time view, when pressing the button the user is prompted with instructions on how to flag entries. All reports that included entries from the last 7, 30, 90 days or within the last year ran as today plus the X number of days rather today being included in the X number of days. For example if you ran a report for the last 7 days and today was Wednesday, the reports would include last Wednesday as well. In this example the code now only includes Thursday forward. The report and view HTML templates have been modified to include the date range the report or current consolidated log view applies to. When a less than frequency rule triggered the service did not log a message to the service log file stating the rule triggered. The service now logs a message stating the less than frequency rule triggered. --------------------------------------------------------------------------- Build 9.0.0.57 - Tue, 22 Sep 2009 13:50:36 MDT Added configuration backup and restore functions --------------------------------------------------------------------------- Users can now backup and restore the configuration files from with the user interface. To backup the configurations select Backup Configuration from the Tools menu item. To restore the configurations select Restore Configuration from the Tools menu item. In previous builds when using a text log directory monitor the size alert did not show if already set when the UI was open. This bug has been fixed. All of the text box controls have been updated to now automatically select all characters when the user presses Ctrl-A. In previous builds when making a change to an existing the log repository configuration, for example changing the directory to save logs, the Log Repository View was not updated. This bug has been fixed. In previous builds when switching between using Unicode and ASCII when saving logs to the repository users were required to remove all previously saved Syslogs and text logs otherwise the files became corrupt with a mismatch of data. Both the Syslog and text log consolidation functions have been modified so the saved files do not have to be deleted. Please note however if previously saved as ASCII the files will continue to be saved in ASCII until the files are removed from the log repository. Once removed the new files will be created in the proper encoding, in this example Unicode. A positive side effect of this change is a potentially significantly faster consolidation time when saving large text log files to SQL Server or MySQL. A negative side effect is the requirement to read the consolidated Syslog header prior to saving each entry. Our testing showed no to negligible degrade in performance when heavily loaded on slower machines. A bug was added in the last build that prevented account lockout reports from loading. This bug has been resolved. --------------------------------------------------------------------------- Build 9.0.0.56 - Mon, 21 Sep 2009 16:29:28 MDT Fixed several text log monitor bugs --------------------------------------------------------------------------- When monitoring a text log file that resides on a remote computer that is unreachable the monitor may have blocked for a minute when the connection was re-tried. In the case of the file not being found the retry was inappropriate. This bug has been fixed. When monitoring a text log file that resides on a remote computer that is unreachable an exception was thrown during the monitor configuration synchronization routine that caused the synchronization of the other monitors to fail. When monitoring a text log file that resides on a remote computer that is unreachable the corresponding tree nodes within the user interface were not correctly updated to show the error. During service startup text log size monitors were run immediately during initialization potentially blocking other startup components to quickly initialize. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.55 - Sun, 20 Sep 2009 20:44:18 MDT Added new user account report --------------------------------------------------------------------------- Users can now generate new user account reports from the consolidated Security Event Logs. To generate a new user account report from the Log Repository view, check the Security Event Logs to run the report against right click and select Reports | New User Accounts. Follow the instructions within the wizard. The real-time Event Log Viewer and Syslog Viewer’s now include a pause and resume toolbar button enabling users to review entries without having new entries steal the focus. --------------------------------------------------------------------------- Build 9.0.0.54 - Thu, 17 Sep 2009 21:51:28 MDT Added Account Lockout Reports --------------------------------------------------------------------------- Users can now generate account lockout reports from the consolidated Security Event Logs. To generate an account lockout report from the Log Repository view, check the Security Event Logs to run the report against right click and select Reports | Account Lockouts. Follow the instructions within the wizard. In previous builds when running a failed logon report against the same hostname within 2 different log repositories the report did not differentiate between the 2 computers. The report now lists out the auxiliary or archive name in front of the hostname. When re-mapping a computer via the Log Management Wizard the previous mapping displayed within the Logon As page. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.53 - Mon, 14 Sep 2009 09:00:00 MDT Added CSV file monitor support --------------------------------------------------------------------------- Corner Bowl Log Manager now supports monitoring column separated text log files. For example a comma separated value file can be monitored for specific numbers and strings. To monitor a CSV file, use the Text Log Manager Wizard as you would to create a regular text log monitor. When prompted to assign a filter, use the Filters Manager to create a ‘Text Log (Table)’ filter. Define the columns of interest by specifying a name, the column index within the file and the data type (either string or decimal). Next, add the filter criteria for the newly defined columns. Assign the new filter and apply the appropriate actions. Previously when configuring the service to automatically clear remote Event Log files after a download or EVT backup there was a significant potential for entries to either be dropped within the downloaded log or the EVT backup. The download and backup functions have been updated as follows: If an Event Log is configured to be backed up, upon a download completion, if the Event Log is configured to be cleared via the download configuration an EVT backup is executed prior to clearing the remote Event Log. If an Event Log is configured to be automatically downloaded and the Event Log is configured to be cleared via the backup configuration, an Event Log download is executed prior to backing up and clearing the remote Event Log. In previous builds the maximum Event Log size was not saved when set via the Event Log Properties dialog. This bug has been fixed. Previously when monitoring a directory, the user interface may have displayed 2 files with the same name but different capitalization. This bug has been fixed. Output files can now be saved in ASCII. Previously all output CSV, TXT, XML, and HTML files were output in Unicode format. This presented an issue with Unix systems hosting HTML files. Users can now output files to using ASCII encoding. To output a file using ASCII encoding open the Actions Manager, create a File action and de-select the Unicode option. Several usability changes have been made to the Dashboard. --------------------------------------------------------------------------- Build 9.0.0.48 - Tue, 08 Sep 2009 11:16:37 MDT Fixed critical Failed Logon Report Wizard bug --------------------------------------------------------------------------- A bug was recently added that caused the Failed Logon Report Wizard to throw an error stating a log had not been selected. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.47 - Tue, 08 Sep 2009 10:34:44 MDT Added SNMP Trap Support --------------------------------------------------------------------------- Corner Bowl Log Manager now includes an SNMP Extension Agent dll enabling users to fire SNMP traps using Microsoft’s SNMP Service. For detailed information on installing the SNMP Extension Agent dll please see the help file. In previous build if the data source that was being used by a database action was removed, an error was thrown upon attempting to add or modify an action. This bug has been fixed. In previous builds when attempting to add an SMS action and the default message was used, an error was thrown when the user attempted to save the action. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.45 - Mon, 31 Aug 2009 14:29:12 MDT Added back syslog auto save function found in Network Event Viewer --------------------------------------------------------------------------- Network Event Viewer automatically saves all messages pushed to the internal Syslog server. Previously Corner Bowl Log Manager only saved messages from computers and devices that were already configured. This functionality is now optional. When installing the software for the first time the service now automatically saves all messages received. If already installed you must configure each computer and device. To change the setting, select Options from the Tools menu item. Set the option from the Syslog tab. In previous builds when creating a report, configured computers only listed in the archive log repository tree node if entries existed in the archive repository. The computers are now listed regardless of the repository content. In previous builds the failed logon reports did not query the database correctly when consolidating to SQL Server or MySQL. --------------------------------------------------------------------------- Build 9.0.0.43 - Mon, 31 Aug 2009 12:02:29 MDT Updated the MySQL .Net library --------------------------------------------------------------------------- The application has been updated to use the latest version of the MySQL data connector library. --------------------------------------------------------------------------- Build 9.0.0.42 - Fri, 28 Aug 2009 10:13:37 MDT Completed the Network Event Viewer configuration import sub-routines --------------------------------------------------------------------------- The Network Event Viewer configuration import now imports the log repository settings, database settings, auxiliary data source configurations, reports and directory services settings. In previous builds there were several Report Wizard configuration validation errors causing potentially invalid configurations to save as well as dropping changes to the schedule and date range. These bugs have been fixed. --------------------------------------------------------------------------- Build 9.0.0.41 - Wed, 26 Aug 2009 10:52:12 MDT Fixed several critical output to user table bugs --------------------------------------------------------------------------- In previous builds when forwarding a Syslog to a user MySQL table on behalf of a real-time filter, the following error was thrown: ‘Failed to save entry to database…You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near…’ This bug has been fixed. In previous builds when forwarding a Syslog to a user SQL Server table on behalf of a real-time filter, the following error was thrown: ‘Failed to save entry to database…INSERT statement conflicted with COLUMN FOREIGN KEY constraint 'FK_PRI_1015896b-36e0-44fa-b908-c738cb117198'. The conflict occurred in database 'cblm', table 'priority', column 'id'. In previous builds when forwarding a text log entry to a user database table, no entries were forwarded. This bug has been fixed. Some of the automated reports did not handle the date criteria properly. These bugs have been fixed. When automatically exporting a report to file that does not have a filter applied an object reference error may have been thrown. This would have occurred when the file name tags contained the {FILTER} tag. This bug has been fixed. In previous builds all of the report wizards enabled the user to set the date and time range even when the report was not scheduled. Since the date and time range is only valid for scheduled reports the controls are now disabled when the report is not scheduled. --------------------------------------------------------------------------- Build 9.0.0.39 - Mon, 24 Aug 2009 04:19:11 MDT Addressed numerous text log monitor user interface bugs usability issues --------------------------------------------------------------------------- When attempting to diagnose an IIS attack I was creating a monitor for the IIS log file. First, I started to create a text log file monitor. Once I navigated to the directory, I realized I needed to create a directory monitor as the filenames have date values contained within them. I navigated back to the welcome page, checked the Directory option and then clicked next. I was immediately prompted with a class cast exception. This bug has been fixed. In previous builds when viewing a consolidated text log that was being polled, the entries may not have displayed in the proper sort order. This bug has been fixed. When using the Text Log Directory Monitor Wizard and clearing all the monitored directories from the directory selection page, the wizard incorrectly removed the computers from the configuration list causing several errors with the dialog. This bug has been fixed. Both the Text Log File and Directory Monitor Wizards were updated to notify the user when they no new files or directories have been added. The Text Log Directory Monitor Wizard now automatically adds a directory after the directory has already been expanded and then the user double clicks on the directory. The Text Log Directory Monitor Wizard’s Masks list box incorrectly resized its width when the dialog was resized. This bug has been fixed. In previous builds when deleting a text log monitor or text log directory monitor from a computer that did not contain monitors of the same type, the associated state files were not deleted. These bugs have been fixed. Users can now check or right click on a text log directory mask from with the Configuration or Network Views and delete the mask. If the directory monitor only has one mask, the directory monitor is removed. In previous builds when the user interface was started up the Configuration View did not always display the current text log and text log directory monitor status. A refresh may have been required. This bug has been fixed. In previous builds when deleting a filter that was assigned to an Event Log or Syslog configuration template the user was not notified the filter was in use. The user is now notified and the function now optionally removes the reference from the associated templates. In previous builds the Event Log source summary found within the Dash Board did not merge identical source/ID values found over a series of computers. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.38 - Sat, 22 Aug 2009 09:43:52 MDT Fixed several HTML template related bugs --------------------------------------------------------------------------- In previous builds when firing an email or HTML file action on behalf of a monitor the overridden HTML template was not applied. This bug has been fixed. In previous builds when emailing entries from a log view if the user attempted to override the HTML template an error was thrown when browsing for the template. This bug has been fixed. In previous builds the installation did not always update the HTML templates. This bug has been fixed. In previous builds an unnecessary IPC warning message was displayed in the service, user interface and tray icon logs. The issue causing the message has been resolved. --------------------------------------------------------------------------- Build 9.0.0.37 - Thu, 13 Aug 2009 10:34:17 MDT Added Download Event Logs to Tools menu bar --------------------------------------------------------------------------- Per user requests we have added the Download Event Logs toolbar item to the Tools menu item as well as most of the popup menu items. We also re-arranged some of the popup menu items. In previous builds if a user closed the Manual Event Log Management Output view they were unable to re-open the view as the menu item did not work. This bug has been fixed. When adding an entry to a filter the Filter Selected Entry dialog now automatically selects the current filter. The Real-Time Text Log view now includes export, print, email, and email selected entries functionality. In previous builds if the user opened the Filters Manager from within any of the Consolidation tabs of the Log Management Wizards, the filters combo-box did not clear causing the filters to list twice. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.35 - Wed, 12 Aug 2009 12:57:26 MDT Updated Syslog email and HTML templates and fixed relevant issues --------------------------------------------------------------------------- The Event Log, Text Log, and Syslog HTML templates have been updated. The property grid within the HTML templates page of the Options dialog has been updated to include a browse for file button. Added a Merged Event Log View email and HTML template sample. The template is called ‘event-log-view.html’. When emailing the selected entries within a log view, the entries were written in the order selected. The function has changed so the entries are sorted by date and time from latest to oldest. When a Syslog report was run that contained computers or devices that have yet to push messages to the syslog server and using the file system to store logs an error was thrown causing the report to exit without completing. This bug has been fixed. Within the Dash Board the Event Log Summary Sources list box did not show its scroll bar. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.34 - Wed, 12 Aug 2009 12:24:45 MDT Updated email and HTML templates and fixed numerous service and UI bugs --------------------------------------------------------------------------- The Event Log and Text Log email and HTML templates have been updated. Users can now set the font used within the log view pages. To set the font select Tools | Options | Fonts. Once set, any currently open windows must be reopened for the changes to take effect. This is particularly useful when reading text log files that have formatted output requiring a fixed width font such as Courier New. On many systems the busy spinner within the log view pages was difficult to see. The active color has been changed to bright orange. The Select Files Text Log Management Wizard page has been difficult for users. Users can now double click on a file and it will be automatically added to the list of monitored files at the bottom of the page. The header for the monitored files list has also been changed from ‘Filenames’ to ‘Monitored Files’. We would appreciate user feed back on this issue. In previous builds no error was thrown when opening a text log that did not exist. This bug has been fixed. On Windows Vista the page navigation toolbar was cutoff on the right side. This bug has been fixed. When emailing a report if more that 5000 entries were to be displayed an error was thrown causing the email to be lost. This bug has been fixed. When firing a real-time text log email alert, the frequency rule template was incorrectly being used. The correct template is now applied. All of the frequency rule report wizards failed to save frequency rule changes when no other parameters were changed. These bugs have been fixed. In previous builds the text log size monitor email and HTML template was not installed and when overridden the value ignored. These bugs have been fixed. --------------------------------------------------------------------------- Build 9.0.0.33 - Tue, 11 Aug 2009 11:34:10 MDT Updated Event Log email and html templates as well as fixed numerous related issues --------------------------------------------------------------------------- All of the Event Log HTML templates have been updated. When using our HTML merge template for either Event Log or Syslog reports, the entries were sorted by host, log, then date and time. The reports have been changed so the data is now sorted from latest to oldest. In previous builds both email and HTML output reports did not use the overridden HTML template when applicable. In previous builds when running an Event Log or Syslog Frequency report the filter column within email or HTML output did not list the filters contained within the report. The column header now lists all filters. When overriding the default HTML template within the Actions Manager, the file open dialog did not load the HTML template directory but instead loaded the running path. The dialog now opens to the correct path. When clicking the Configure Filters toolbar button within any of the log views the Filters Manager did not automatically select the current filter. The dialog now automatically selects the current filter. When exporting an Event Log Frequency view to CSV or XML, the log column was not included making it impossible to match the log the entry belonged. The Log column has been added to all export to CSV and XML functionality found within the software. The majority of the action assignment pages within the Report Wizards did not open the action item when double-clicked. This bug has been fixed. In previous builds none of the Log Management Wizards enabled users to un-assign an already assigned consolidation filter. These bugs have been fixed. --------------------------------------------------------------------------- Build 9.0.0.32 - Mon, 10 Aug 2009 09:09:52 MDT Fixed critical Event Log Frequency Report Wizard bug --------------------------------------------------------------------------- In previous builds the Event Log Frequency Report Wizard did not enable users to move past the Filters page. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.31 - Sun, 09 Aug 2009 04:37:17 MDT Added majority of NEV configuration import functions and Active Directory Auto Configurator --------------------------------------------------------------------------- Added the majority of the long awaited Network Event Viewer configuration import functions. Event Log and Syslog configurations, filters, actions and several other parameters are automatically imported. At this time Reports are not yet imported. Added the Active Directory Auto Configurator previously seen in Network Event Viewer. The Auto Configurator enables users to monitor an Active Directory Entry for new computers. Once discovered, new computers are automatically monitored. After adding some error messages to the UI several builds ago, double-clicking on tree nodes caused a bogus message box to display. The message box no longer displays. After adding the EVT backup component to the Event Log configuration templates the templates did not properly re-load. This bug has been fixed. Cleaned up some cursor flicker when double-clicking on tree view nodes. --------------------------------------------------------------------------- Build 9.0.0.30 - Wed, 05 Aug 2009 12:41:24 MDT Added several UI enhancements and fixed several UI bugs --------------------------------------------------------------------------- Users can now email selected log entries to a collegue. Simply select the entries, right click and select Email Selected Entries. In previous builds when filtering a selected entry the Add Simple Filter Criteria dialog did not contain an easy way to clear the message box. The dialog now includes a clear message button enabling users to clear the message from the criteria without having to press Ctrl-A or highlight all the text prior to pressing the delete key. The level group box also now contains images for easy level recognition. In previous builds the view detail displayed the text using the Window Text color rather than the Active Window Text color possible making it hard to read. The tag has been changed appropriately. In previous builds if an action was deleted that was assigned to a report, the next time the user opened the report wizard a collection enumeration error was thrown. This bug has been fixed. When deleting an action that is assigned to report, Log Manager now prompts the user and asks if they really want to delete the action. Rather than silently failing, the Save Logs As dialog now throws an error when the user attempts to export a Syslog or Text Log to EVT. The real-time Event Log and Syslog viewers now include a toolbar button to clear the screen of all entries. In previous builds when filtering an entry via the Filter Selected Entry popup item the filters were not always created correctly. These bugs have been fixed. A null reference error was occasionally thrown from the complex filter criteria dialog. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.28 - Fri, 31 Jul 2009 10:51:47 MDT Fixed missing failed logon report menu item --------------------------------------------------------------------------- The Failed Logon Reports menu item was missing from both the Tools menu item and the Log Repository popup menu. This bug has been fixed. The Event Logs list box within the Select Event Logs tab within the Log Management Wizard incorrectly resized when the wizard was resized. This bug has been fixed. Fixed a potential database connection resource leak. In previous builds when a user checked multiple logs and selected Watch Log potentially nothing happened. The software now throws an error telling the user to highlight a single log. Several UI issues were addressed within the Failed Logon Report. --------------------------------------------------------------------------- Build 9.0.0.27 - Thu, 23 Jul 2009 01:06:17 MDT Added repository status to Dash Board and fixed several UI bugs --------------------------------------------------------------------------- The Dash Board has been updated to show the repository status. The Real-Time Text Log view now enables users to right click on an entry and add it to a filter. In previous builds when deleting multiple configurations the user interface simply asked if the user wanted to delete the selected object. The UI now lists the first 20 selected items in the message. Within the Dash Board the long service accounts did not display correctly. The control has been widened and even if not wide enough the ellipse characters will now display. When creating groups the Add Group dialog displayed twice. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.26 - Tue, 14 Jul 2009 06:08:50 MDT Fixed several text log monitor impersonation bugs --------------------------------------------------------------------------- Previously there was no intuitive way to map a computer prior to creating a new text log or directory monitor. The text log monitor wizards have been updated to enable users to select computers, map credentials, and lastly select files via local disks or remote shares. In previous builds the text log size monitor did not impersonate when necessary. This bug has been fixed. In previous builds the text log size monitor would run when ever a log was configured for monitoring. This bug has been fixed. In previous builds the text log directory monitor did not impersonate when necessary. This bug has been fixed. In previous builds the tray icon could get out of synch if the service is restarted several times. This bug has been fixed. In previous builds when viewing a small text file clicking the last page button or the tail button have caused the display to clear. This bug has been fixed. If all the logs assigned to a report were from a log repository that was changed to a user action database via the options dialog, the report wizard would show no computers assigned to the report and would erroneously enable the user to move past the computers page without selecting any computers from the current log repositories. This bug has been fixed. When using text log directory monitors with date and time masks newly discovered files caused the user interface to throw an ‘Illegal character’ error. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.25 - Wed, 01 Jul 2009 02:06:22 MDT Fixed file action bug --------------------------------------------------------------------------- In previous builds users where prompted with an error when saving a file based action. This bug has been fixed. In previous builds when changing a text log poll schedule the user interface was not notified by the service that the schedule changed. This bug has been fixed. In previous builds when changing a text log monitor schedule from seconds to a schedule other than seconds then back to seconds the monitor would fail to restart. This bug has been fixed. In previous builds within the Options dialog the Text Log Size Monitor HTML template always appeared in bold. This was an obfuscation bug that has been resolved. --------------------------------------------------------------------------- Build 9.0.0.23 - Tue, 16 Jun 2009 11:04:46 MDT Fixed several minor issues --------------------------------------------------------------------------- When an Event Logs starts at the same time as the Entry Retention Policy is executed and consolidating to the file system, several file IO errors may be thrown. Both processes are attempting to access the same files at the same time causing. Using the default download and entry retention policy schedules this error was frequently thrown. The default entry retention policy schedule has been changed weekly on Sunday at 08:00. Reports previously did not open the database with the oldest and latest date and times causing extra records to be returned. The code has been changed so only entries within the relevant time period are returned. Updated the initial column header sizes within the Dashboard view. --------------------------------------------------------------------------- Build 9.0.0.22 - Thu, 11 Jun 2009 09:22:48 MDT Fixed Event Log action bug --------------------------------------------------------------------------- In previous builds the Event Log Action level did not save causing all Event Log actions to be sent out with warning levels regardless of what the user set the value to. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.21 - Sat, 06 Jun 2009 02:04:18 MDT Added EVT file display --------------------------------------------------------------------------- EVT files can now be displayed within the viewer. To view backed up EVT files, select Tools | Event Log Backups | View Backed Up Event Log. Added a tutorial that shows users how to schedule automatic EVT file backups that compress, encrypt and password protect the backed up Event Log files. --------------------------------------------------------------------------- Build 9.0.0.20 - Fri, 05 Jun 2009 12:58:30 MDT Added Event Log backup encryption support --------------------------------------------------------------------------- Event Log backups can now be encrypted and password protected. In the previous build the Event Log backup did not work when executed against a remote machine. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.18 - Wed, 03 Jun 2009 10:30:23 MDT Fixed several log display option bugs --------------------------------------------------------------------------- In previous builds the Prompt for filter option was not implemented. This bug has been fixed. In previous builds several message box questions that should have defaulted to the Yes button actually defaulted to the No button. These bugs have been fixed. In previous builds the prompt to select a syslog filter prior to displaying the consolidated syslog did not always show the last selected syslog filter. This bug has been fixed. In previous builds if the user attempted to view a consolidated Text Log from a computer that was no longer being monitored an object reference error was thrown. This bug has been fixed. A notification message is now displayed when a user attempts to merge and view a consolidated view but has not checked an Event Log or a Syslog. --------------------------------------------------------------------------- Build 9.0.0.17 - Tue, 02 Jun 2009 10:16:38 MDT Added EVT and EVTX backup capability --------------------------------------------------------------------------- Uses can now configure Corner Bowl Log Manager to automatically backup, compress and clear remote EVT and EVTX (Event Log files) files. Use the Log Management Wizard to schedule the service to automatically backup EVT and EVTX files. --------------------------------------------------------------------------- Build 9.0.0.16 - Sun, 31 May 2009 09:56:19 MDT Added another tutorial to the help file --------------------------------------------------------------------------- Added a tutorial that shows users how to print logs for compliance auditors. In previous builds pressing F1 from within the Options dialog did not open the help file. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.15 - Wed, 27 May 2009 04:06:40 MDT Added several tutorials --------------------------------------------------------------------------- We have added several tutorials to the help file. In previous builds the log entry preview view did not always redraw the preview area correctly. This drawing bug has been resolved. --------------------------------------------------------------------------- Build 9.0.0.14 - Thu, 21 May 2009 09:55:50 MDT Fixed several minor bugs --------------------------------------------------------------------------- When firing an email if the HTML template could not be found the error message logged did not read correctly. The message has been updated. The Reports and Views icons did not display properly within the Navigation View. This bug has been fixed. In previous builds from within the Assign Filter and Action dialog the action frequency units was incorrectly set to the filter frequency rule units. This bug has been fixed. In previous builds the user friendly formatted schedule did not correctly display every X hour schedules. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.13 - Mon, 18 May 2009 09:53:38 MDT Added Active Directory Event Log Explorer --------------------------------------------------------------------------- The Navigation view now contains an Active Directory based Event Log Explorer. --------------------------------------------------------------------------- Build 9.0.0.12 - Tue, 12 May 2009 01:50:41 MDT Added several objects to the dash board --------------------------------------------------------------------------- The Dash Board now contains Event Log Management and Syslog Monitor content enabling users to see what the service is doing. In previous builds if the service was off and either the user interface or the tray icon were running, memory leaked. This bug has been resolved. --------------------------------------------------------------------------- Build 9.0.0.10 - Tue, 05 May 2009 03:09:58 MDT Added dash board view --------------------------------------------------------------------------- We have added a dash board view. This view is a work in progress. As of this build it contains service status, syslog server status, Event Log summary charts and tables, and Syslog summary charts. We will be adding much more to this view over the next few weeks. The Top Events reports have been optimized when run against SQL Server or MySQL log repositories. In previous builds when upgrading the installed version with the latest version the installation sometimes erroneously notified the user that their system needed to be rebooted. We have made a change to the installation that should resolve this issue. --------------------------------------------------------------------------- Build 9.0.0.8 - Sun, 03 May 2009 01:27:12 MDT Major build --------------------------------------------------------------------------- The text log directory monitor now supports date and time masks within the path enabling users to monitor dynamic date and time based paths. Users can now configure text log size monitors. In an effort to decrease the size needed to store Event Logs, the extra data necessary for EVT exports is now optional and not saved be default. This will decrease the required space to store logs by approximately 50%. Use the Options dialog to enable EVT export support. In previous builds when using the file system log repository data was not saved to Unicode when configured to do so. This bug has been fixed. Changed the default text log poll schedule from daily at 12:00 AM to every 5 minutes. Made several UI enhancements to the Text Log Properties dialog. In previous builds when closing a log view the current days per page was saved. The behavior has been changed so the value is only saved from the user settings within the Options dialog. This enables users to leave a small default value and then increase as necessary without having to decrease the value prior to closing the log view. Fixed numerous display issues in the Log Repository view. Removed a 60 second hang when attempting to set a flag or notes to a consolidated log entry that was previous deleted. Syslog actions did not include user defined data defined in the message portion of the action. This bug has been fixed. The Syslog action did not cache the previously used socket causing the action to run very slow. The socket is now cached decreasing the action execution time to approximately 10% the previous time. --------------------------------------------------------------------------- Build 9.0.0.7 - Tue, 28 Apr 2009 10:54:13 MDT Added a global syslog viewer --------------------------------------------------------------------------- The global syslog viewer that was available in Network Event Viewer has been added. When viewing a syslog in real-time the view message did not properly load per the previous user settings. This bug has been fixed. This build includes our first major draft of our help file. In previous builds the Find dialog did not work when used from a Text Log Real-Time view. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.6 - Sun, 26 Apr 2009 11:18:39 MDT Made Numerous UI Updates --------------------------------------------------------------------------- Made numerous updates to the report wizard Made numerous updates to the Log Properties dialogs In previous builds after moving computers from one logical group to another, the Log Repository view did not update. The Log Repository now automatically moves the computers to the newly assigned logical group. Updated the title bars on the report properties wizards. --------------------------------------------------------------------------- Build 9.0.0.5 - Wed, 22 Apr 2009 09:18:03 MDT Fixed several configuration wizard issues --------------------------------------------------------------------------- When creating a report against a MySQL log repository a SQL error was throw prior to selecting the logs to include. This bug has been fixed. Numerous UI enhancements have been added to the configuration and report wizards. --------------------------------------------------------------------------- Build 9.0.0.4 - Mon, 20 Apr 2009 09:59:38 MDT Fixed report wizard bugs --------------------------------------------------------------------------- When using the file system to store logs, the wizard threw a fatal error after selecting logs. This bug has been fixed. Users were unable to add an email address to forward report errors. This bug has been fixed. --------------------------------------------------------------------------- Build 9.0.0.3 - Fri, 17 Apr 2009 01:16:56 MDT Added configuration template support --------------------------------------------------------------------------- Users can now save Event Log and syslog configurations enabling a configuration to be applied to a new computer with just a few clicks. --------------------------------------------------------------------------- Build 9.0.0.2 - Fri, 10 Apr 2009 02:56:00 MDT Beta Build --------------------------------------------------------------------------- We are proud to announce the BETA release of Corner Bowl Log Manager 2009. CB Log Manager is a new product that consolidates and expands on the functionality found in both Network Event Viewer and Text Log Monitor. Our goal with CB Log Manager is to create a single product that allows us to easily add support for new log types and report types while also addressing many load and usability issues. Please note, this is a BETA (pre-release) version and by definition is not ready for production systems. At this time CB Log Manager will not convert or load your Network Event Viewer or Text Log Monitor configurations or data, however; you can run this software side-by-side Network Event Viewer and Text Log Monitor.