Readme File

Corner Bowl Log Manager 2009

Wed, 10 Mar 2010 06:10:49 MST

Copyright (c) 2002-2010 Corner Bowl Software Corporation.
All Rights Reserved.

This document provides late-breaking or other information that supplements
the software documentation.


---------------------------------------------------------------------------
Build Notes
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Build 9.0.0.112 - Wed, 10 Mar 2010 06:10:25 MST
---------------------------------------------------------------------------
Previously Event Logs that contained a reserved character (/, :, “, <, >,
|) were unable to be backed up.  The special characters are now replaced
with an underscore (_).

Made several minor updates to the help file.


---------------------------------------------------------------------------
Build 9.0.0.111 - Mon, 08 Mar 2010 09:54:39 MST
---------------------------------------------------------------------------
Fixed a significant bug in the TLM importer.


---------------------------------------------------------------------------
Build 9.0.0.110 - Wed, 03 Mar 2010 22:43:56 MST
---------------------------------------------------------------------------
Text Log Monitor users can now import their text log monitors into Corner
Bowl Log Manager.


---------------------------------------------------------------------------
Build 9.0.0.109 - Tue, 02 Mar 2010 20:22:38 MST
---------------------------------------------------------------------------
This build includes a new filter type called Event Log (Success Logon).
Use this filter to limit entries within the viewer or generic reports to
success logon events.  Users can also filter on user, client workstation,
and logon type message parameters.  For example, use this filter to get a
list of all interactive logons.

Per several user requests we have added a TCP syslog server.  To enable
the TCP syslog server, select Options from the Tools menu item.  Select the
Syslog tab.  Enable the TCP syslog server and set the port.

Previously the failed logon report incorrectly included some success audit
events.  This bug has been fixed.

Previously when re-configuring multiple computers, the logon as domain
field did not populate correctly when the configured domain was different
than the default domain.  This bug has been fixed.

The SQL Server database connection string now includes the application
name enabling easy identification when running a trace against the
database.

Previously the real-time syslog viewer enabled users to de-select all
priorities toolbar toggle buttons.  The viewer now throws an error message
when the last priority is de-selected and then re-selects the priority.


---------------------------------------------------------------------------
Build 9.0.0.108 - Tue, 09 Feb 2010 08:34:07 MST
---------------------------------------------------------------------------
In previous builds there was a small memory leak that occurred every time
a user logged off or the tray icon was closed.  This bug has been fixed.

Updated the information message that is shown when a user chooses to
schedule the stand-alone Event Log Monitor.

Several icons were updated.

Typically applications open and lock log files until the application is
terminated.  In response we have changed the default text log monitor read
schedule from real-time to scheduled.

Made several wording and control position changes within the Text Log and
Text Log Directories Properties Wizard pages.


---------------------------------------------------------------------------
Build 9.0.0.106 - Mon, 01 Feb 2010 21:49:19 MST
---------------------------------------------------------------------------
The start process action now includes support to remotely execute a
process.

Previously the flag filter criteria value was obfuscated (e.g. a, b, c).
This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.104 - Thu, 14 Jan 2010 20:18:18 MST
---------------------------------------------------------------------------
Users can now target the account they want to run processes under.

We made several minor UI changes to several action configuration dialogs.
The most significant change was the addition of a Test button on the Event
Log action configuration dialog.


---------------------------------------------------------------------------
Build 9.0.0.103 - Wed, 13 Jan 2010 09:18:39 MST
---------------------------------------------------------------------------
When adding our new Event Log Poll Monitor we incorrectly serialized in
the event log monitor templates causing the template to fail on load.  This
bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.102 - Tue, 12 Jan 2010 09:39:57 MST
---------------------------------------------------------------------------
In previous builds the Success Logon report only worked when consolidating
Event Logs to our file system.  There was a bug in both the SQL Server and
MySQL commands preventing entries from being returned.  This bug has been
fixed.

Users can now rename reports directly from within the Reports and Views
view.

When using the Actions Manager, when a user selected an existing action,
attempted to change the type to Start Process, left the arguments field
blank, then saved the changes, a null reference error was thrown.  This bug
has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.101 - Fri, 08 Jan 2010 11:19:55 MST
---------------------------------------------------------------------------
Fixed a minor validation bug within the EVT/X backup page of the Event Log
Management Wizard.

In previous builds when creating a text log report the Select Consolidated
Log dialog in some cases displayed each log file twice.  This bug has been
fixed.

When opening a text log the Select Filter dialog did not show the
available text log filters.  This bug has been fixed.

Previously when the user changed the name of a filter, each displayed log
view that was using the filter would automatically de-select the filter and
show all entries.  This bug has been fixed.

Added diagnostic message to text log monitor.


---------------------------------------------------------------------------
Build 9.0.0.99 - Thu, 07 Jan 2010 10:13:58 MST
---------------------------------------------------------------------------
Previously when monitoring rolling text log files that contained the
current date within the filename some entries may have been dropped during
the rolling transition.  This bug has been resolved.

The Start Process action now logs a message just prior to execution
showing the command and arguments being executed.

Previously in very rare cases the user interface would throw a fatal error
after closed.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.97 - Fri, 01 Jan 2010 20:09:26 MST
---------------------------------------------------------------------------
Previously the Successful Logon Report obfuscated the LogonType values.
This bug has been fixed.

When exporting a consolidated Event Log from within the Active Directory
Event Log Explorer view an object reference error was thrown after the logs
were successfully exported.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.96 - Wed, 23 Dec 2009 09:06:39 MST
---------------------------------------------------------------------------
Users can now schedule to receive notification of critical Event Log
entries without saving the entries to the log repository.  Use the Event
Log Monitor page within the Event Log Management Properties Wizard to
schedule Event Logs for scheduled monitoring.  Please note the scheduled
monitor is only intended to be used when not saving entries to the log
repository.  If saving entries to the log repository use Post Consolidation
Filters and Actions instead.

Previously our SMTP client code threw an object reference exception if the
target SMTP server did not respond to the connection attempt.  This
typically manifested itself when the SMTP server does not allow connections
or relay from the server CBLM is installed.  This bug has been fixed.

In one case we saw our SMTP server receive an ‘Invalid domain name’ error
which was caused when the Log Manager Windows Service was running under the
SYSTEM account.  In this case a malformed EHLO command was sent causing the
error.  This bug has been fixed.

Users can now open zipped EVT/X files directly from the user interface.

Saved Syslog entries can now be automatically backed up, compressed and
encrypted.

While doing some MySQL testing we noticed MySQL does not properly
interface with the Windows Event Log system.  Because of this bug MySQL
Administrator messages did not appear when EVT export support was disabled.
Upon further review we learned Windows was not returning then generic
message that embeds the insertion strings as it typically does when an
application fails to interface with the Event Log system properly.  In this
scenario the insertion strings are saved to the to the log repository
enabling the viewer to display the insertion strings.

A few builds ago while fixing a few sizing issues with our base wizard
control we accidentally introduced a bug to the Auto Configuration.  The
Add and Remove buttons did not display.  This bug has been fixed.

Previously when forwarding messages to another syslog server, if the
remote server name could not be resolved an object reference error was
logged to the service log file.  The message now correctly logs the name
resolution issue.

Previously when forwarding messages to another syslog server, user added
replacement tags were ignored.  This bug has been fixed.

Previously when importing a NEV log repository that only contained
archived entries an error was thrown stating there were no logs to import.
This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.92 - Tue, 15 Dec 2009 14:32:13 MST
---------------------------------------------------------------------------
Previously messages that embedded curly open parenthesis caused the MySQL
consolidation function to fail.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.91 - Wed, 02 Dec 2009 21:49:16 MST
---------------------------------------------------------------------------
Users can now override the WMI block size option used when downloading
Event Log entries.  Increasing or decreasing the value may increase or
decrease download speed at the cost of remote CPU load.

The Syslog Entry Properties dialog now applies the same font to the
message text box as defined within the Options dialog.  The dialog can also
be resized.

Several minor drawing issues were resolved within our list view control.


---------------------------------------------------------------------------
Build 9.0.0.89 - Sun, 29 Nov 2009 16:23:02 MST
---------------------------------------------------------------------------
In previous builds the newly added Server 2008 account logon event IDs
handled within the Security Event Log Reports were not handled when an
Event Log (Failed Logon) filter was applied to a real-time or scheduled
monitor.  This bug has been fixed.

Several updates were made to the tree view node check and selection
algorithm that will hopefully benefit users.


---------------------------------------------------------------------------
Build 9.0.0.88 - Tue, 24 Nov 2009 09:27:47 MST
---------------------------------------------------------------------------
Made several minor drawing enhancements to the List Control.

Added several debug messages to startup code.


---------------------------------------------------------------------------
Build 9.0.0.87 - Tue, 17 Nov 2009 20:52:14 MST
---------------------------------------------------------------------------
Users can now generate successful login reports.  Use the Report Wizard
and select Event Logs (Success Logon).  You have the option to display
several different summary and detail reports.

Previously when importing NEV configurations, mapped computers that did
not have login credentials assigned caused the import function to fail with
an object reference error.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.86 - Fri, 13 Nov 2009 09:15:32 MST
---------------------------------------------------------------------------
When displaying consolidated Event Logs, EVT files or EVTX files users can
now hide duplicate entries.  Duplicate entries are defined as entries with
the same source and event ID regardless of message content.  To hide
duplicates, toggle the 2 arrow to 1 arrow toolbar button.  The viewer adds
a column which lists the count of entries with the same source and event
ID.

When running a standard Event Log report users can now choose to hide
duplicate entries. Duplicate entries are defined as entries with the same
source and event ID regardless of message content.  To hide duplicates
check the option from within the wizard.  If sending an email, the count of
entries with the same source and event ID is listed in the first column.


---------------------------------------------------------------------------
Build 9.0.0.85 - Tue, 10 Nov 2009 10:22:07 MST
---------------------------------------------------------------------------
The host name fields within actions can now be replaced by IPv4 or IPv6
values.  To include the IP address instead of the hostname replace the
{HOST} tag with {IPv4} or {IPv6}.

Added several data management configuration helper routines to the Log
Management Wizard to aid users.

Fixed several validation errors within the Report Wizards.

Removed a startup error message that displayed when running 2 instances of
the user interface from the different RDP sessions on behalf of the same
user account.


---------------------------------------------------------------------------
Build 9.0.0.84 - Sat, 07 Nov 2009 17:13:46 MST
---------------------------------------------------------------------------
In previous builds entries could be lost while archiving the consolidated
logs.  The bug occurred because of a race condition that existed when
replacing a log repository file with an updated file.  We have resolved
these issues.

The Message Box alert has been updated to include a Clear button within
the message box dialog.  When clicked, all the messages within the history
are removed and the current message cleared.

When viewing the Event Log Properties dialog the title now includes the
data provider when not primary log repository.  For example, if you right
click on an archived log within the Log Repository view the property dialog
includes the name given to the archive data provider.

Previously when restarting the service, the Event Log backup
configurations were incorrectly re-scheduled to the next download schedule
rather than the next backup schedule.  This bug has been fixed.

Previously the service shutdown was very slow due to a delay in
Microsoft’s IPC close code.  We now call the close method asynchronously
which significantly decreases the shutdown time.

Previously the application failed to remove all temporary files from the
temporary file directory.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.83 - Fri, 06 Nov 2009 02:55:10 MST
---------------------------------------------------------------------------
Text Logs monitors can now be executed on-demand from with the user
interface.  This function enables users to download and consolidate entries
at will.  Please note when run, all assigned filters are applied and all
non-user interface actions executed.  To run the monitor manually, check or
highlight the Text Log from one of the navigation views.  From the File
menu item select Run Text Log Monitor Now.

If the user navigated to a text log directory mask from within the
Configuration Explorer, the view was set to Group by Log Type and the
service was stopped, the files that passed the mask were not displayed.
This bug has been fixed.

If the user navigated to a text log directory mask from within the
Configuration Explorer, the view was set to Group by Log Type, the user
highlighted the mask or corresponding log file then attempted to open the
Log Management Properties Wizard an error was thrown stating a log file
must be selected.  The wizard now opens as expected.

In previous builds during startup if the user did not have administrator
rights an error was thrown that stated access to the register was denied.
The application now checks for administrator or power user rights and if
not found throws a user friendly message stating some functionality might
not be available.

Users can now generate a log management configuration report.  To generate
the report select Generate Configuration Report from the Tools menu item.
All the log management configurations are iterated and output to your
default text editor.


---------------------------------------------------------------------------
Build 9.0.0.82 - Wed, 04 Nov 2009 16:13:46 MST
---------------------------------------------------------------------------
When opening EVTX files a Sequence contains no elements error may have
been thrown when parsing the XML.  This bug has been fixed.

A sequence contains more than one element error may have been thrown if
the groups.dat file erroneously had a host pointing at 2 different groups.
This bug has been fixed.

After startup the licensing code may have caused a crash when the About
box or another function that must wait for the licensing to complete was
run.  This bug has been fixed.

When viewing a Failed Logon Report the logon type values were obfuscated
meaning the values displayed as letters a-i instead of the actual values.
This bug has been fixed.

When we added the SNMP support the setup was incorrectly modified setting
some registry keys that caused the all of the initial startup wizards to
fail to open.  This also caused the auto update from Network Event Viewer
to be ignored.

The Event Log, Syslog and Text Log Management Wizards now include a
verification page that enables users to copy the configuration and save it
to a text file for easy reading.


---------------------------------------------------------------------------
Build 9.0.0.79 - Tue, 03 Nov 2009 16:30:21 MST
---------------------------------------------------------------------------
Previously users had to add each directory entry they wanted to scan for
new computers.  We have added an option which is set by default, unless
previously configured, that enables the scan to recursively drill into each
sub-directory entry.  Use the Auto Configuration to set this option.

Previously when manually downloading Event Logs the download function
would fire off a new thread for every selected log.  If 100s of logs were
selected this could cause the system to run out of system resources.  By
default no more than 20 threads are now used.  You can increase or decrease
the number of threads via the WMI tab within the Options dialog.

A Print Selected Entries menu item was added to the popup menu bar for all
the log views except the real-time Syslog and real-time Event Log views.

In previous builds when attempting to select specific computers such as
domain controllers or servers from within the Browse Active Directory
Computers dialog the computer type was not queried causing the search
criteria to fail.  This bug has been fixed.

Users can now overwrite the default Active Directory configuration
enabling them to display a deep organization unit in place of the root.

The Event Log Explorer had a major bug that caused the discovery to simply
get a list of the local Event Logs.

Added refresh buttons to the overview dashboard.

The EVT and EVTX file readers have been optimized to cache user and
message file information where applicable decreasing the overall load time.


---------------------------------------------------------------------------
Build 9.0.0.78 - Mon, 02 Nov 2009 09:31:50 MST
---------------------------------------------------------------------------
When fixing the startup delay present in build 69 and earlier we
introduced a bug that occurred during startup when the computer was
offline.  At startup an error was thrown and the application exited.  We
have resolved this bug.


---------------------------------------------------------------------------
Build 9.0.0.77 - Mon, 02 Nov 2009 00:32:13 MST
---------------------------------------------------------------------------
When firing an email alert for an Event Log entry that passes a real-time
monitor’s filter or a post consolidation filter, the contents of the user
name displayed in the USER column can now be looked up in Active Directory
and the assigned email address used.  To use the user’s Active Directory
assigned email address create an action and specify {AD_USER} as the email
address.  To send all Event Log entries for a specific user, create a
Simple Event Log filter and specify the domain name followed by the user
name within the User text box.  For example: domain\username

Previously when creating a Simple Event Log filter specifying the
domain\username format caused an error to be thrown stating the escaped
sequence was not allowed.  This bug has been fixed.  If the user previously
specified domain\\username to get around this bug the serialization code
will remove the extra \ while loading the filter.  This bug fix should be
seamless to the user.


---------------------------------------------------------------------------
Build 9.0.0.76 - Fri, 30 Oct 2009 01:37:47 MDT
---------------------------------------------------------------------------
We added some smarts to the initialization.  The user is now automatically
prompted when Network Event Viewer is already installed.  The prompt
explains the differences in the programs and offers the option to import
the NEV configurations and data.  If they choose to import, the NEV license
is automatically applied to the software prior to the import dialog
appearing.


---------------------------------------------------------------------------
Build 9.0.0.75 - Wed, 28 Oct 2009 09:41:07 MDT
---------------------------------------------------------------------------
A few builds ago we changed the Syslog priority Emerg value to Emergency.
This caused the database initialization to fail because the maximum width
was 8 characters.  We have increased this value to 16 characters.


---------------------------------------------------------------------------
Build 9.0.0.74 - Wed, 28 Oct 2009 04:25:39 MDT
---------------------------------------------------------------------------
When firing an email alert for an Event Log entry that passes a real-time
monitor’s filter, the email address can be changed to the contents of the
USER column within the entry.  If the USER column contains a domain name,
the domain name is removed.

When receiving a heavy load of Syslog messages the Syslog viewer
continually flickered.  This drawing issue has been resolved.

When receiving a heavy load of Event Log entries the real-time Event Log
viewer continually flickered and often lost focus on the latest entry.
These issues have been resolved.

When watching an Event Log that is receiving a heavy load of messages a
bug was recently introduced that caused the Date and time sort to fail
ultimately resulting in entries missing from the view.  This bug has been
fixed.

In previous builds the user interface displayed the indent area within
column grouped log views as orange.  In an effort to reduce clutter we have
changed the color to transparent.


---------------------------------------------------------------------------
Build 9.0.0.73 - Tue, 27 Oct 2009 13:57:55 MDT
---------------------------------------------------------------------------
Corner Bowl Log Manager can now read EVTX files.

The previous Dashboard was simplified.  To account for the simplification
an Event Log and Syslog Dashboard have been included.  To automatically
display the Event Log and Syslog Dashboards check the options via the User
Preferences page within the Options dialog.

Help was added to the Select Computers page within the Report Wizards
where appropriate.

Previously when viewing an EVT file, the export function did not output
the computer name, log name or the date range.  This bug has been fixed.

The Network Explorer and Configuration Explorer were consolidated into a
single view now selectable through a drop-down combo-box.


---------------------------------------------------------------------------
Build 9.0.0.71 - Sun, 25 Oct 2009 23:06:23 MDT
---------------------------------------------------------------------------
When using the file system rather than a database to store logs, both the
Syslog and text log archive function incorrectly ordered the entries within
the archive file.  This caused several user interface display issues as
well as the archive truncation function to silently fail ultimately leading
to an ever increasing archive file.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.70 - Thu, 22 Oct 2009 13:29:14 MDT
---------------------------------------------------------------------------
There was a startup delay of around 20 seconds that occurred when the
product was licensed.  This delay seems to be recent and is the result of a
bug within Microsoft’s XML check signature function.  We have moved the
license file validation code to a background thread to enable the user
interface to quickly load.


---------------------------------------------------------------------------
Build 9.0.0.68 - Thu, 22 Oct 2009 02:39:24 MDT
---------------------------------------------------------------------------
Previously in Network Event Viewer when double-clicking on an Event Log
entry an entry properties dialog displayed.  This functionality was
originally dropped from Corner Bowl Log Manager.  We have added this
functionality back in.  We also added a Syslog message property dialog.
While adding the Syslog message property dialog we changed the following
Syslog priority names:  Emerg, Crit and Error to Emergency, Critical and
Error.

When viewing 2 types of logs if the user opened the Find dialog then
switched to the other log type the Find dialog for the first log type
remained visible.  If the user the opened the Find dialog for the second
log type 2 Find dialogs were then displayed.  The Find dialog is now
dismissed when moving between log types or when closing the log view.

A few builds ago we fixed a UI sorting bug that occurred when viewing
multiple Event Log entries from the same second from the file system log
repository.  When fixing this bug we accidentally created the bug we fixed
when viewing multiple Syslog and text log entries from the file system log
repository.  This bug has been fixed.

Fixed startup delay.


---------------------------------------------------------------------------
Build 9.0.0.67 - Wed, 21 Oct 2009 01:47:34 MDT
---------------------------------------------------------------------------
Users can now communicate with SQL Server using SSL.  To enable SSL
communication select Options from the Tools menu item.  Select the Data
Providers tab.  Select the target data provider and check the Encrypt
connection option.

Added help to the SQL Server connection controls explaining how to specify
a non-standard port.


---------------------------------------------------------------------------
Build 9.0.0.66 - Tue, 20 Oct 2009 02:47:42 MDT
---------------------------------------------------------------------------
Added SMS gateway support for iSMS.

Previously process and sound actions in response to text log entry filters
failed to execute.  These bugs have been fixed.

When configuring a text log monitor to read a new file from the end the
service incorrectly read the entire file.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.65 - Mon, 19 Oct 2009 08:28:08 MDT
---------------------------------------------------------------------------
Corner Bowl Log Manager can now import Network Event Viewer’s log
repository.  Please read the help file for detailed information on the
importing process.  To convert the data select Import from Network Event
Viewer.

Users can now limit email, SMS message, message box and tray popup content
to the actual message rather than the entire Event Log or syslog entry.  To
limit the content, use the Actions Manager, select the action to modify and
use the {MESSAGE} tag.

In previous builds the user interface would throw an object reference
error when any menu bar item or toolbar item was clicked and the Manual
Event Log Management Output window filled the detail view.  This bug has
been fixed.


---------------------------------------------------------------------------
Build 9.0.0.63 - Sat, 17 Oct 2009 23:01:47 MDT
---------------------------------------------------------------------------
The Event Log Properties dialog now enables users to backup EVT files.
Also, when clearing, users are now provided the option to backup the EVT
file prior to clearing it.

Previously when backing up and clearing EVT files each function was called
separately opening a window for entries to be lost.  These calls have been
combined into a single call guaranteeing no entry loss.

In previous builds when viewing EVT files or consolidated Event Logs,
entries written within the same second may not have displayed in the
correct order.  This bug has been resolved for EVT files and log files
consolidated to our file system format.  This is still an issue with SQL
Server and MySQL.  To fix this issue we must alter the database schema and
store the Event Log entry record number.  We will make this change at a
later date.

Unknown to us until recent load tests, Microsoft often duplicates and even
triplicates Event Log entries when it sends them over the wire via WMI.  We
have made modifications to the download algorithm to disregard duplicate
entries.

When downloading and backing up or clearing EVT files on the same schedule
the EVT backup typically did not run.  The EVT backup would also fail if a
long download was still running when the EVT backup schedule occurred.  The
EVT backup function has been modified to wait for the download to complete.

The Event Log Management Wizard now throws an informational message box
when the user chooses to clear the Event Logs after a download.

When setting the output filename the file action configuration dialog
incorrectly opened the common open dialog rather than the save as dialog.
The filter type did not show if the path was invalid or contained
replacement tags.  Once the common dialog was closed, the HTML template
text box was updated rather than the output filename text box.  These bugs
have been fixed.  We also added help to the configuration dialog to aid
users when saving to remote locations.

Users can now remove and archive entries on demand rather than having to
wait until the entry retention policy is automatically executed.  To
manually remove and archive the consolidated logs, select Options from the
Tools menu item.  Select the Log Repositories tab.  Click Remove and
Archive Entries Now.

Users can now receive email notification alerts when a real-time Event Log
monitor fails.  Use the Error Notification page within the Log Management
Wizard to set the email address and subject for the email.  While making
this changed we realized all the available replacement tags were not
visible for the email subject field.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.62 - Thu, 08 Oct 2009 15:06:53 MDT
---------------------------------------------------------------------------
In previous builds all WMI packets received from remote computers were
unencypted.  An option has been added to the Options dialog that enables
users to set the authentication level.  Setting the authentication level to
PacketPrivacy turns payload encryption on.

The failed logon, account lockout, and new user reports can now email
using text rather than HTML.

The account lockout and new user report wizard did not properly complete
when the schedule was disabled.  These bugs have been fixed.

In previous builds when closing a failed logon report that was still
running, an object reference error was thrown.  The error is no longer
thrown.


---------------------------------------------------------------------------
Build 9.0.0.60 - Mon, 28 Sep 2009 11:24:14 MDT
---------------------------------------------------------------------------
In previous builds if the user changed a real-time Event Log monitor
filter from a failed logon type to a complex or simple type, the service
was not updated properly causing the monitor to fail throwing a cast
exception.  This bug has been fixed.

In previous builds when changing an Event Log filter type from simple or
complex to a failed logon the Filter Manager threw an error when saved.
This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.59 - Thu, 24 Sep 2009 22:18:32 MDT
---------------------------------------------------------------------------
The failed logon reports now include Server 2008 account logon events
4768, 4771, and 4776.


---------------------------------------------------------------------------
Build 9.0.0.58 - Thu, 24 Sep 2009 11:29:55 MDT
---------------------------------------------------------------------------
In previous build when downloading Event Logs for the first time and using
SQL Server to store logs each download occurred serially because of a
database lock incurred during the table creation.  The user interface would
also hang as soon a database call was made.  The table lock has been
resolved.

In previous builds the Find dialog within the Real-Time Text Log Viewer in
included a Mark button that did nothing and a More button that offered
options not available to the Real-Time Text Log Viewer.  The Find dialog
now includes a mark column and the More button has been removed.

The Find dialogs had a tendency to show up in the left top most position
within the screen.  This bug has been fixed.

In previous builds when attempting to email the current page within a
Syslog View that contained more than 5000 entries the following error was
thrown: Index (zero based) must be greater than or equal to zero and less
than the size of the argument list.  This bug has been fixed.

A Flag toolbar button has been added to all of the real-time views.
Although you can not flag an entry that shows in the real-time view, when
pressing the button the user is prompted with instructions on how to flag
entries.

All reports that included entries from the last 7, 30, 90 days  or within
the last year ran as today plus the X number of days rather today being
included in the X number of days.  For example if you ran a report for the
last 7 days and today was Wednesday, the reports would include last
Wednesday as well.  In this example the code now only includes Thursday
forward.

The report and view HTML templates have been modified to include the date
range the report or current consolidated log view applies to.

When a less than frequency rule triggered the service did not log a
message to the service log file stating the rule triggered.  The service
now logs a message stating the less than frequency rule triggered.


---------------------------------------------------------------------------
Build 9.0.0.57 - Tue, 22 Sep 2009 13:50:36 MDT
---------------------------------------------------------------------------
Users can now backup and restore the configuration files from with the
user interface.  To backup the configurations select Backup Configuration
from the Tools menu item.  To restore the configurations select Restore
Configuration from the Tools menu item.

In previous builds when using a text log directory monitor the size alert
did not show if already set when the UI was open.  This bug has been fixed.

All of the text box controls have been updated to now automatically select
all characters when the user presses Ctrl-A.

In previous builds when making a change to an existing the log repository
configuration, for example changing the directory to save logs, the Log
Repository View was not updated.  This bug has been fixed.

In previous builds when switching between using Unicode and ASCII when
saving logs to the repository users were required to remove all previously
saved Syslogs and text logs otherwise the files became corrupt with a
mismatch of data. Both the Syslog and text log consolidation functions have
been modified so the saved files do not have to be deleted.  Please note
however if previously saved as ASCII the files will continue to be saved in
ASCII until the files are removed from the log repository.  Once removed
the new files will be created in the proper encoding, in this example
Unicode.  A positive side effect of this change is a potentially
significantly faster consolidation time when saving large text log files to
SQL Server or MySQL.  A negative side effect is the requirement to read the
consolidated Syslog header prior to saving each entry.  Our testing showed
no to negligible degrade in performance when heavily loaded on slower
machines.

A bug was added in the last build that prevented account lockout reports
from loading.  This bug has been resolved.


---------------------------------------------------------------------------
Build 9.0.0.56 - Mon, 21 Sep 2009 16:29:28 MDT
---------------------------------------------------------------------------
When monitoring a text log file that resides on a remote computer that is
unreachable the monitor may have blocked for a minute when the connection
was re-tried.  In the case of the file not being found the retry was
inappropriate.  This bug has been fixed.

When monitoring a text log file that resides on a remote computer that is
unreachable an exception was thrown during the monitor configuration
synchronization routine that caused the synchronization of the other
monitors to fail.

When monitoring a text log file that resides on a remote computer that is
unreachable the corresponding tree nodes within the user interface were not
correctly updated to show the error.

During service startup text log size monitors were run immediately during
initialization potentially blocking other startup components to quickly
initialize.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.55 - Sun, 20 Sep 2009 20:44:18 MDT
---------------------------------------------------------------------------
Users can now generate new user account reports from the consolidated
Security Event Logs.  To generate a new user account report from the Log
Repository view, check the Security Event Logs to run the report against
right click and select Reports | New User Accounts.  Follow the
instructions within the wizard.

The real-time Event Log Viewer and Syslog Viewer’s now include a pause and
resume toolbar button enabling users to review entries without having new
entries steal the focus.


---------------------------------------------------------------------------
Build 9.0.0.54 - Thu, 17 Sep 2009 21:51:28 MDT
---------------------------------------------------------------------------
Users can now generate account lockout reports from the consolidated
Security Event Logs.  To generate an account lockout report from the Log
Repository view, check the Security Event Logs to run the report against
right click and select Reports | Account Lockouts.  Follow the instructions
within the wizard.

In previous builds when running a failed logon report against the same
hostname within 2 different log repositories the report did not
differentiate between the 2 computers.  The report now lists out the
auxiliary or archive name in front of the hostname.

When re-mapping a computer via the Log Management Wizard the previous
mapping displayed within the Logon As page.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.53 - Mon, 14 Sep 2009 09:00:00 MDT
---------------------------------------------------------------------------
Corner Bowl Log Manager now supports monitoring column separated text log
files.  For example a comma separated value file can be monitored for
specific numbers and strings.  To monitor a CSV file, use the Text Log
Manager Wizard as you would to create a regular text log monitor.  When
prompted to assign a filter, use the Filters Manager to create a ‘Text Log
(Table)’ filter.  Define the columns of interest by specifying a name, the
column index within the file and the data type (either string or decimal).
Next, add the filter criteria for the newly defined columns.  Assign the
new filter and apply the appropriate actions.

Previously when configuring the service to automatically clear remote
Event Log files after a download or EVT backup there was a significant
potential for entries to either be dropped within the downloaded log or the
EVT backup.  The download and backup functions have been updated as
follows:  If an Event Log is configured to be backed up, upon a download
completion, if the Event Log is configured to be cleared via the download
configuration an EVT backup is executed prior to clearing the remote Event
Log.  If an Event Log is configured to be automatically downloaded and the
Event Log is configured to be cleared via the backup configuration, an
Event Log download is executed prior to backing up and clearing the remote
Event Log.

In previous builds the maximum Event Log size was not saved when set via
the Event Log Properties dialog.  This bug has been fixed.

Previously when monitoring a directory, the user interface may have
displayed 2 files with the same name but different capitalization.  This
bug has been fixed.

Output files can now be saved in ASCII. Previously all output CSV, TXT,
XML, and HTML files were output in Unicode format.  This presented an issue
with Unix systems hosting HTML files.  Users can now output files to using
ASCII encoding.  To output a file using ASCII encoding open the Actions
Manager, create a File action and de-select the Unicode option.

Several usability changes have been made to the Dashboard.


---------------------------------------------------------------------------
Build 9.0.0.48 - Tue, 08 Sep 2009 11:16:37 MDT
---------------------------------------------------------------------------
A bug was recently added that caused the Failed Logon Report Wizard to
throw an error stating a log had not been selected.  This bug has been
fixed.


---------------------------------------------------------------------------
Build 9.0.0.47 - Tue, 08 Sep 2009 10:34:44 MDT
---------------------------------------------------------------------------
Corner Bowl Log Manager now includes an SNMP Extension Agent dll enabling
users to fire SNMP traps using Microsoft’s SNMP Service.  For detailed
information on installing the SNMP Extension Agent dll please see the help
file.

In previous build if the data source that was being used by a database
action was removed, an error was thrown upon attempting to add or modify an
action.  This bug has been fixed.

In previous builds when attempting to add an SMS action and the default
message was used, an error was thrown when the user attempted to save the
action.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.45 - Mon, 31 Aug 2009 14:29:12 MDT
---------------------------------------------------------------------------
Network Event Viewer automatically saves all messages pushed to the
internal Syslog server.  Previously Corner Bowl Log Manager only saved
messages from computers and devices that were already configured.  This
functionality is now optional.  When installing the software for the first
time the service now automatically saves all messages received.  If already
installed you must configure each computer and device.  To change the
setting, select Options from the Tools menu item.  Set the option from the
Syslog tab.

In previous builds when creating a report, configured computers only
listed in the archive log repository tree node if entries existed in the
archive repository.  The computers are now listed regardless of the
repository content.

In previous builds the failed logon reports did not query the database
correctly when consolidating to SQL Server or MySQL.


---------------------------------------------------------------------------
Build 9.0.0.43 - Mon, 31 Aug 2009 12:02:29 MDT
---------------------------------------------------------------------------
The application has been updated to use the latest version of the MySQL
data connector library.


---------------------------------------------------------------------------
Build 9.0.0.42 - Fri, 28 Aug 2009 10:13:37 MDT
---------------------------------------------------------------------------
The Network Event Viewer configuration import now imports the log
repository settings, database settings, auxiliary data source
configurations, reports and directory services settings.

In previous builds there were several Report Wizard configuration
validation errors causing potentially invalid configurations to save as
well as dropping changes to the schedule and date range.  These bugs have
been fixed.


---------------------------------------------------------------------------
Build 9.0.0.41 - Wed, 26 Aug 2009 10:52:12 MDT
---------------------------------------------------------------------------
In previous builds when forwarding a Syslog to a user MySQL table on
behalf of a real-time filter, the following error was thrown:  ‘Failed to
save entry to database…You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near…’  This bug has been fixed.

In previous builds when forwarding a Syslog to a user SQL Server table on
behalf of a real-time filter, the following error was thrown:  ‘Failed to
save entry to database…INSERT statement conflicted with COLUMN FOREIGN KEY
constraint 'FK_PRI_1015896b-36e0-44fa-b908-c738cb117198'. The conflict
occurred in database 'cblm', table 'priority', column 'id'.

In previous builds when forwarding a text log entry to a user database
table, no entries were forwarded.  This bug has been fixed.

Some of the automated reports did not handle the date criteria properly.
These bugs have been fixed.

When automatically exporting a report to file that does not have a filter
applied an object reference error may have been thrown.  This would have
occurred when the file name tags contained the {FILTER} tag.  This bug has
been fixed.

In previous builds all of the report wizards enabled the user to set the
date and time range even when the report was not scheduled.  Since the date
and time range is only valid for scheduled reports the controls are now
disabled when the report is not scheduled.


---------------------------------------------------------------------------
Build 9.0.0.39 - Mon, 24 Aug 2009 04:19:11 MDT
---------------------------------------------------------------------------
When attempting to diagnose an IIS attack I was creating a monitor for the
IIS log file.  First, I started to create a text log file monitor.  Once I
navigated to the directory, I realized I needed to create a directory
monitor as the filenames have date values contained within them.  I
navigated back to the welcome page, checked the Directory option and then
clicked next.  I was immediately prompted with a class cast exception.
This bug has been fixed.

In previous builds when viewing a consolidated text log that was being
polled, the entries may not have displayed in the proper sort order.  This
bug has been fixed.

When using the Text Log Directory Monitor Wizard and clearing all the
monitored directories from the directory selection page, the wizard
incorrectly removed the computers from the configuration list causing
several errors with the dialog.  This bug has been fixed.

Both the Text Log File and Directory Monitor Wizards were updated to
notify the user when they no new files or directories have been added.

The Text Log Directory Monitor Wizard now automatically adds a directory
after the directory has already been expanded and then the user double
clicks on the directory.

The Text Log Directory Monitor Wizard’s Masks list box incorrectly resized
its width when the dialog was resized.  This bug has been fixed.

In previous builds when deleting a text log monitor or text log directory
monitor from a computer that did not contain monitors of the same type, the
associated state files were not deleted.  These bugs have been fixed.

Users can now check or right click on a text log directory mask from with
the Configuration or Network Views and delete the mask.  If the directory
monitor only has one mask, the directory monitor is removed.

In previous builds when the user interface was started up the
Configuration View did not always display the current text log and text log
directory monitor status.  A refresh may have been required.  This bug has
been fixed.

In previous builds when deleting a filter that was assigned to an Event
Log or Syslog configuration template the user was not notified the filter
was in use.  The user is now notified and the function now optionally
removes the reference from the associated templates.

In previous builds the Event Log source summary found within the Dash
Board did not merge identical source/ID values found over a series of
computers.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.38 - Sat, 22 Aug 2009 09:43:52 MDT
---------------------------------------------------------------------------
In previous builds when firing an email or HTML file action on behalf of a
monitor the overridden HTML template was not applied.  This bug has been
fixed.

In previous builds when emailing entries from a log view if the user
attempted to override the HTML template an error was thrown when browsing
for the template.  This bug has been fixed.

In previous builds the installation did not always update the HTML
templates.  This bug has been fixed.

In previous builds an unnecessary IPC warning message was displayed in the
service, user interface and tray icon logs.  The issue causing the message
has been resolved.


---------------------------------------------------------------------------
Build 9.0.0.37 - Thu, 13 Aug 2009 10:34:17 MDT
---------------------------------------------------------------------------
Per user requests we have added the Download Event Logs toolbar item to
the Tools menu item as well as most of the popup menu items.  We also
re-arranged some of the popup menu items.

In previous builds if a user closed the Manual Event Log Management Output
view they were unable to re-open the view as the menu item did not work.
This bug has been fixed.

When adding an entry to a filter the Filter Selected Entry dialog now
automatically selects the current filter.

The Real-Time Text Log view now includes export, print, email, and email
selected entries functionality.

In previous builds if the user opened the Filters Manager from within any
of the Consolidation tabs of the Log Management Wizards, the filters
combo-box did not clear causing the filters to list twice.  This bug has
been fixed.


---------------------------------------------------------------------------
Build 9.0.0.35 - Wed, 12 Aug 2009 12:57:26 MDT
---------------------------------------------------------------------------
The Event Log, Text Log, and Syslog HTML templates have been updated.

The property grid within the HTML templates page of the Options dialog has
been updated to include a browse for file button.

Added a Merged Event Log View email and HTML template sample.  The
template is called ‘event-log-view.html’.

When emailing the selected entries within a log view, the entries were
written in the order selected.  The function has changed so the entries are
sorted by date and time from latest to oldest.

When a Syslog report was run that contained computers or devices that have
yet to push messages to the syslog server and using the file system to
store logs an error was thrown causing the report to exit without
completing.  This bug has been fixed.

Within the Dash Board the Event Log Summary Sources list box did not show
its scroll bar.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.34 - Wed, 12 Aug 2009 12:24:45 MDT
---------------------------------------------------------------------------
The Event Log and Text Log email and HTML templates have been updated.

Users can now set the font used within the log view pages.  To set the
font select Tools | Options | Fonts.  Once set, any currently open windows
must be reopened for the changes to take effect.  This is particularly
useful when reading text log files that have formatted output requiring a
fixed width font such as Courier New.

On many systems the busy spinner within the log view pages was difficult
to see.  The active color has been changed to bright orange.

The Select Files Text Log Management Wizard page has been difficult for
users.  Users can now double click on a file and it will be automatically
added to the list of monitored files at the bottom of the page.  The header
for the monitored files list has also been changed from ‘Filenames’ to
‘Monitored Files’.  We would appreciate user feed back on this issue.

In previous builds no error was thrown when opening a text log that did
not exist.  This bug has been fixed.

On Windows Vista the page navigation toolbar was cutoff on the right side.
This bug has been fixed.

When emailing a report if more that 5000 entries were to be displayed an
error was thrown causing the email to be lost.  This bug has been fixed.

When firing a real-time text log email alert, the frequency rule template
was incorrectly being used.  The correct template is now applied.

All of the frequency rule report wizards failed to save frequency rule
changes when no other parameters were changed.  These bugs have been fixed.

In previous builds the text log size monitor email and HTML template was
not installed and when overridden the value ignored.  These bugs have been
fixed.


---------------------------------------------------------------------------
Build 9.0.0.33 - Tue, 11 Aug 2009 11:34:10 MDT
---------------------------------------------------------------------------
All of the Event Log HTML templates have been updated.

When using our HTML merge template for either Event Log or Syslog reports,
the entries were sorted by host, log, then date and time.  The reports have
been changed so the data is now sorted from latest to oldest.

In previous builds both email and HTML output reports did not use the
overridden HTML template when applicable.

In previous builds when running an Event Log or Syslog Frequency report
the filter column within email or HTML output did not list the filters
contained within the report.  The column header now lists all filters.

When overriding the default HTML template within the Actions Manager, the
file open dialog did not load the HTML template directory but instead
loaded the running path.  The dialog now opens to the correct path.

When clicking the Configure Filters toolbar button within any of the log
views the Filters Manager did not automatically select the current filter.
The dialog now automatically selects the current filter.

When exporting an Event Log Frequency view to CSV or XML, the log column
was not included making it impossible to match the log the entry belonged.
The Log column has been added to all export to CSV and XML functionality
found within the software.

The majority of the action assignment pages within the Report Wizards did
not open the action item when double-clicked.  This bug has been fixed.

In previous builds none of the Log Management Wizards enabled users to
un-assign an already assigned consolidation filter.  These bugs have been
fixed.


---------------------------------------------------------------------------
Build 9.0.0.32 - Mon, 10 Aug 2009 09:09:52 MDT
---------------------------------------------------------------------------
In previous builds the Event Log Frequency Report Wizard did not enable
users to move past the Filters page.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.31 - Sun, 09 Aug 2009 04:37:17 MDT
---------------------------------------------------------------------------
Added the majority of the long awaited Network Event Viewer configuration
import functions.  Event Log and Syslog configurations, filters, actions
and several other parameters are automatically imported.  At this time
Reports are not yet imported.

Added the Active Directory Auto Configurator previously seen in Network
Event Viewer.  The Auto Configurator enables users to monitor an Active
Directory Entry for new computers.  Once discovered, new computers are
automatically monitored.

After adding some error messages to the UI several builds ago,
double-clicking on tree nodes caused a bogus message box to display.  The
message box no longer displays.

After adding the EVT backup component to the Event Log configuration
templates the templates did not properly re-load.  This bug has been fixed.

Cleaned up some cursor flicker when double-clicking on tree view nodes.


---------------------------------------------------------------------------
Build 9.0.0.30 - Wed, 05 Aug 2009 12:41:24 MDT
---------------------------------------------------------------------------
Users can now email selected log entries to a collegue.  Simply select the
entries, right click and select Email Selected Entries.

In previous builds when filtering a selected entry the Add Simple Filter
Criteria dialog did not contain an easy way to clear the message box.  The
dialog now includes a clear message button enabling users to clear the
message from the criteria without having to press Ctrl-A or highlight all
the text prior to pressing the delete key.  The level group box also now
contains images for easy level recognition.

In previous builds the view detail displayed the text using the Window
Text color rather than the Active Window Text color possible making it hard
to read.  The tag has been changed appropriately.

In previous builds if an action was deleted that was assigned to a report,
the next time the user opened the report wizard a collection enumeration
error was thrown.  This bug has been fixed.

When deleting an action that is assigned to report, Log Manager now
prompts the user and asks if they really want to delete the action.

Rather than silently failing, the Save Logs As dialog now throws an error
when the user attempts to export a Syslog or Text Log to EVT.

The real-time Event Log and Syslog viewers now include a toolbar button to
clear the screen of all entries.

In previous builds when filtering an entry via the Filter Selected Entry
popup item the filters were not always created correctly.  These bugs have
been fixed.

A null reference error was occasionally thrown from the complex filter
criteria dialog.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.28 - Fri, 31 Jul 2009 10:51:47 MDT
---------------------------------------------------------------------------
The Failed Logon Reports menu item was missing from both the Tools menu
item and the Log Repository popup menu.  This bug has been fixed.

The Event Logs list box within the Select Event Logs tab within the Log
Management Wizard incorrectly resized when the wizard was resized.  This
bug has been fixed.

Fixed a potential database connection resource leak.

In previous builds when a user checked multiple logs and selected Watch
Log potentially nothing happened.  The software now throws an error telling
the user to highlight a single log.

Several UI issues were addressed within the Failed Logon Report.


---------------------------------------------------------------------------
Build 9.0.0.27 - Thu, 23 Jul 2009 01:06:17 MDT
---------------------------------------------------------------------------
The Dash Board has been updated to show the repository status.

The Real-Time Text Log view now enables users to right click on an entry
and add it to a filter.

In previous builds when deleting multiple configurations the user
interface simply asked if the user wanted to delete the selected object.
The UI now lists the first 20 selected items in the message.

Within the Dash Board the long service accounts did not display correctly.
The control has been widened and even if not wide enough the ellipse
characters will now display.

When creating groups the Add Group dialog displayed twice.  This bug has
been fixed.


---------------------------------------------------------------------------
Build 9.0.0.26 - Tue, 14 Jul 2009 06:08:50 MDT
---------------------------------------------------------------------------
Previously there was no intuitive way to map a computer prior to creating
a new text log or directory monitor.  The text log monitor wizards have
been updated to enable users to select computers, map credentials, and
lastly select files via local disks or remote shares.

In previous builds the text log size monitor did not impersonate when
necessary.  This bug has been fixed.

In previous builds the text log size monitor would run when ever a log was
configured for monitoring.  This bug has been fixed.

In previous builds the text log directory monitor did not impersonate when
necessary.  This bug has been fixed.

In previous builds the tray icon could get out of synch if the service is
restarted several times.  This bug has been fixed.

In previous builds when viewing a small text file clicking the last page
button or the tail button have caused the display to clear.  This bug has
been fixed.

If all the logs assigned to a report were from a log repository that was
changed to a user action database via the options dialog, the report wizard
would show no computers assigned to the report and would erroneously enable
the user to move past the computers page without selecting any computers
from the current log repositories.  This bug has been fixed.

When using text log directory monitors with date and time masks newly
discovered files caused the user interface to throw an ‘Illegal character’
error.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.25 - Wed, 01 Jul 2009 02:06:22 MDT
---------------------------------------------------------------------------
In previous builds users where prompted with an error when saving a file
based action.  This bug has been fixed.

In previous builds when changing a text log poll schedule the user
interface was not notified by the service that the schedule changed.  This
bug has been fixed.

In previous builds when changing a text log monitor schedule from seconds
to a schedule other than seconds then back to seconds the monitor would
fail to restart.  This bug has been fixed.

In previous builds within the Options dialog the Text Log Size Monitor
HTML template always appeared in bold.  This was an obfuscation bug that
has been resolved.


---------------------------------------------------------------------------
Build 9.0.0.23 - Tue, 16 Jun 2009 11:04:46 MDT
---------------------------------------------------------------------------
When an Event Logs starts at the same time as the Entry Retention Policy
is executed and consolidating to the file system, several file IO errors
may be thrown.  Both processes are attempting to access the same files at
the same time causing.  Using the default download and entry retention
policy schedules this error was frequently thrown.  The default entry
retention policy schedule has been changed weekly on Sunday at 08:00.

Reports previously did not open the database with the oldest and latest
date and times causing extra records to be returned.  The code has been
changed so only entries within the relevant time period are returned.

Updated the initial column header sizes within the Dashboard view.


---------------------------------------------------------------------------
Build 9.0.0.22 - Thu, 11 Jun 2009 09:22:48 MDT
---------------------------------------------------------------------------
In previous builds the Event Log Action level did not save causing all
Event Log actions to be sent out with warning levels regardless of what the
user set the value to.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.21 - Sat, 06 Jun 2009 02:04:18 MDT
---------------------------------------------------------------------------
EVT files can now be displayed within the viewer.  To view backed up EVT
files, select Tools | Event Log Backups | View Backed Up Event Log.

Added a tutorial that shows users how to schedule automatic EVT file
backups that compress, encrypt and password protect the backed up Event Log
files.


---------------------------------------------------------------------------
Build 9.0.0.20 - Fri, 05 Jun 2009 12:58:30 MDT
---------------------------------------------------------------------------
Event Log backups can now be encrypted and password protected.

In the previous build the Event Log backup did not work when executed
against a remote machine.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.18 - Wed, 03 Jun 2009 10:30:23 MDT
---------------------------------------------------------------------------
In previous builds the Prompt for filter option was not implemented.  This
bug has been fixed.

In previous builds several message box questions that should have
defaulted to the Yes button actually defaulted to the No button.  These
bugs have been fixed.

In previous builds the prompt to select a syslog filter prior to
displaying the consolidated syslog did not always show the last selected
syslog filter.  This bug has been fixed.

In previous builds if the user attempted to view a consolidated Text Log
from a computer that was no longer being monitored an object reference
error was thrown.  This bug has been fixed.

A notification message is now displayed when a user attempts to merge and
view a consolidated view but has not checked an Event Log or a Syslog.


---------------------------------------------------------------------------
Build 9.0.0.17 - Tue, 02 Jun 2009 10:16:38 MDT
---------------------------------------------------------------------------
Uses can now configure Corner Bowl Log Manager to automatically backup,
compress and clear remote EVT and EVTX (Event Log files) files.  Use the
Log Management Wizard to schedule the service to automatically backup EVT
and EVTX files.


---------------------------------------------------------------------------
Build 9.0.0.16 - Sun, 31 May 2009 09:56:19 MDT
---------------------------------------------------------------------------
Added a tutorial that shows users how to print logs for compliance
auditors.

In previous builds pressing F1 from within the Options dialog did not open
the help file.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.15 - Wed, 27 May 2009 04:06:40 MDT
---------------------------------------------------------------------------
We have added several tutorials to the help file.

In previous builds the log entry preview view did not always redraw the
preview area correctly.  This drawing bug has been resolved.


---------------------------------------------------------------------------
Build 9.0.0.14 - Thu, 21 May 2009 09:55:50 MDT
---------------------------------------------------------------------------
When firing an email if the HTML template could not be found the error
message logged did not read correctly.  The message has been updated.

The Reports and Views icons did not display properly within the Navigation
View.  This bug has been fixed.

In previous builds from within the Assign Filter and Action dialog the
action frequency units was incorrectly set to the filter frequency rule
units.  This bug has been fixed.

In previous builds the user friendly formatted schedule did not correctly
display every X hour schedules.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.13 - Mon, 18 May 2009 09:53:38 MDT
---------------------------------------------------------------------------
The Navigation view now contains an Active Directory based Event Log
Explorer.


---------------------------------------------------------------------------
Build 9.0.0.12 - Tue, 12 May 2009 01:50:41 MDT
---------------------------------------------------------------------------
The Dash Board now contains Event Log Management and Syslog Monitor
content enabling users to see what the service is doing.

In previous builds if the service was off and either the user interface or
the tray icon were running, memory leaked.  This bug has been resolved.


---------------------------------------------------------------------------
Build 9.0.0.10 - Tue, 05 May 2009 03:09:58 MDT
---------------------------------------------------------------------------
We have added a dash board view.  This view is a work in progress.  As of
this build it contains service status, syslog server status, Event Log
summary charts and tables, and Syslog summary charts.  We will be adding
much more to this view over the next few weeks.

The Top Events reports have been optimized when run against SQL Server or
MySQL log repositories.

In previous builds when upgrading the installed version with the latest
version the installation sometimes erroneously notified the user that their
system needed to be rebooted.  We have made a change to the installation
that should resolve this issue.


---------------------------------------------------------------------------
Build 9.0.0.8 - Sun, 03 May 2009 01:27:12 MDT
---------------------------------------------------------------------------
The text log directory monitor now supports date and time masks within the
path enabling users to monitor dynamic date and time based paths.

Users can now configure text log size monitors.

In an effort to decrease the size needed to store Event Logs, the extra
data necessary for EVT exports is now optional and not saved be default.
This will decrease the required space to store logs by approximately 50%.
Use the Options dialog to enable EVT export support.

In previous builds when using the file system log repository data was not
saved to Unicode when configured to do so.  This bug has been fixed.

Changed the default text log poll schedule from daily at 12:00 AM to every
5 minutes.

Made several UI enhancements to the Text Log Properties dialog.

In previous builds when closing a log view the current days per page was
saved.  The behavior has been changed so the value is only saved from the
user settings within the Options dialog.  This enables users to leave a
small default value and then increase as necessary without having to
decrease the value prior to closing the log view.

Fixed numerous display issues in the Log Repository view.

Removed a 60 second hang when attempting to set a flag or notes to a
consolidated log entry that was previous deleted.

Syslog actions did not include user defined data defined in the message
portion of the action.  This bug has been fixed.

The Syslog action did not cache the previously used socket causing the
action to run very slow.  The socket is now cached decreasing the action
execution time to approximately 10% the previous time.


---------------------------------------------------------------------------
Build 9.0.0.7 - Tue, 28 Apr 2009 10:54:13 MDT
---------------------------------------------------------------------------
The global syslog viewer that was available in Network Event Viewer has
been added.

When viewing a syslog in real-time the view message did not properly load
per the previous user settings.  This bug has been fixed.

This build includes our first major draft of our help file.

In previous builds the Find dialog did not work when used from a Text Log
Real-Time view.  This bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.6 - Sun, 26 Apr 2009 11:18:39 MDT
---------------------------------------------------------------------------
Made numerous updates to the report wizard

Made numerous updates to the Log Properties dialogs

In previous builds after moving computers from one logical group to
another, the Log Repository view did not update.  The Log Repository now
automatically moves the computers to the newly assigned logical group.

Updated the title bars on the report properties wizards.


---------------------------------------------------------------------------
Build 9.0.0.5 - Wed, 22 Apr 2009 09:18:03 MDT
---------------------------------------------------------------------------
When creating a report against a MySQL log repository a SQL error was
throw prior to selecting the logs to include.  This bug has been fixed.

Numerous UI enhancements have been added to the configuration and report
wizards.


---------------------------------------------------------------------------
Build 9.0.0.4 - Mon, 20 Apr 2009 09:59:38 MDT
---------------------------------------------------------------------------
When using the file system to store logs, the wizard threw a fatal error
after selecting logs.  This bug has been fixed.

Users were unable to add an email address to forward report errors.  This
bug has been fixed.


---------------------------------------------------------------------------
Build 9.0.0.3 - Fri, 17 Apr 2009 01:16:56 MDT
---------------------------------------------------------------------------
Users can now save Event Log and syslog configurations enabling a
configuration to be applied to a new computer with just a few clicks.


---------------------------------------------------------------------------
Build 9.0.0.2 - Fri, 10 Apr 2009 02:56:00 MDT
---------------------------------------------------------------------------
We are proud to announce the BETA release of Corner Bowl Log Manager 2009.
CB Log Manager is a new product that consolidates and expands on the
functionality found in both Network Event Viewer and Text Log Monitor. Our
goal with CB Log Manager is to create a single product that allows us to
easily add support for new log types and report types while also addressing
many load and usability issues.  Please note, this is a BETA (pre-release)
version and by definition is not ready for production systems.  At this
time CB Log Manager will not convert or load your Network Event Viewer or
Text Log Monitor configurations or data, however; you can run this software
side-by-side Network Event Viewer and Text Log Monitor.