New Features

Stop more attacks with correlation

The enhanced correlation interface contains over thirty predefined attack rules, including those for ransomware, brute force, and more. You can now correlate logs from multiple log sources and create rules to suit your business environment.

Understand how correlation can help you by requesting a personal feature demo.

Learn more

Augmented threat intelligence

The enhanced threat intelligence platform comes with a built-in STIX/TAXII feed processor. Get real-time alerts for suspicious traffic in your network and outbound connections to malicious domains and callback servers.

Find out how the feature works with our free solution brief.

Learn more

Built-in incident management console

Track the response and resolution process of incidents by assigning every alert to a specific administrator. Keep track of incident tickets with the built-in ticketing option, or raise tickets in external help desk tools - ServiceDesk Plus and ServiceNow.

Find out how the feature works with our free solution brief.

Learn more

Release Notes

2020
- Apr
- Mar
- Mar
- Feb
- Jan
2019
- Dec
- Nov
- Oct
- Aug
- Jul
- Jun
- May
- Mar
- Feb
- Jan
2018
- Nov
- Nov
- Oct
- Sep
- Sep
- Jul
- Jun
- May
- May
- May
- Apr
- Mar
- Mar
- Mar
- Feb
- Jan
- Jan
2017
- Dec
- Nov
- Oct
- Sep
- Sep
- Aug
- Aug
- Aug
- Jul
- May
- May
- Apr
- Mar
- Feb
- Feb
- Jan
2016
- Dec
- Nov
- Aug
- Jul
- Jun
- Apr
- Mar
- Jan
2015
- Nov
- Oct
- May
- Jan
2014
- Apr

Service Packs

Build 12126

Released on 3rd April 2020

Standalone Edition
Distributed Edition

New features
- Number of active VPN sessions
- Duration of each VPN session
- Status of individual user's VPN connection

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12125

Released on 19th March 2020

Standalone Edition
Distributed Edition

Enhancements
- The Log receiver option is now enabled only for administrators.
- Read access is now provided for the current archive file, so that other applications can access it.
- OpenSSL has been upgraded from openssl_1_1_0c to openssl_1_1_0l.
- Option to disable the population of trend tables (tables containing hourly log count) has been added.
- Parser rules for Windows Event ID 800 has been added.
Fixes
- Issue with switching the managed server in the Compliance page has been fixed.
- Issues with parsing of severity information from old Windows archive files have been fixed.
- The dashboard now renders perfectly for all date formats.
- Sophos, pfSense, and Juniper devices' logs can now be parsed without errors.
- The Syslog Viewer no longer stops displaying incoming logs when the language is changed from English.
- Issue which caused log collection to be stopped when an existing ELA installation was migrated to a different device has been fixed.
- Issue in deletion of custom fields created from preview of import log has been fixed.
- Issue which caused the alert dumps to accumulate when a correlation rule is built with "is variable" condition has been fixed.
- Updates and improvements to ensure ELA works in the "High Availability" mode when started as a service.
- Fixes to ensure archive logs don't get corrupted when Java virtual machine hangs or shuts down abruptly.
- Problems concerning crashes in native logger have been fixed.
- Problem of disconnection of SSH during agent sync has been fixed.
- Problem with Linux File Integrity Monitoring filters has been fixed.
- Problems with permissions being escalated for non-privileged users while importing logs have been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12123

Released on 6th March 2020

Standalone Edition
Distributed Edition

Fixes
- The issue with processing of cached records created before 12120 build has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12121

Released on 19th February 2020

Standalone Edition
Distributed Edition

Enhancements
- Enhanced performance with redundant log prints detection, centralized log entry point, and more.
Fixes
- Reduced Elasticsearch recovery time, and product startup time.

- Issues with changing a managed server in the reports tab has been fixed.
- Issues with viewing the last 10 events of a managed server in the admin server has been fixed.

Service Packs

Build 12120

Released on 16th January 2020

Standalone Edition
Distributed Edition

New features
- FERPA compliance: EventLog Analyzer now has out-of-the-box compliance reports for the Family Educational Rights and Privacy Act (FERPA).
Enhancements
- Agent administration: EventLog Analyzer's agent has been upgraded to make it more versatile and achieve the following:
  - You can deploy Windows agents from EventLog Analyzer running on a Linux server.
  - The agent administration UI has been enhanced to facilitate easier agent installation, uninstallation, restart, and upgrade.
  - You can now collect syslogs from applications running on Windows machines.
  - You can upgrade the EventLog Analyzer agent deployed in demilitarized zones (DMZs).
  - Communication between the agent and EventLog Analyzer is now more secure.
  - You can collect logs of Oracle applications running in Windows devices.
- New blocks in workflow including Send SNMP Trap, HTTP Request, CSV Lookup, and Forward Logs have been added.
- You now have the option of collecting only the application logs from Windows devices.
- The log collector's dependency on databases has been eliminated.
- The product settings UI has been revamped for easier configuration.
Fixes
- Traces of clickjacking vulnerability have been removed.
- Issue in 'Save to folder' option for scheduled reports has been fixed.
- Issue in the SonicWall web traffic dashboard widget has been fixed.
- Issues in parsing HTML tags and logs from recent Windows versions have been fixed.
- Issue in log correlation for imported logs has been fixed.
- Issue which caused Linux agent to crash has been fixed.
- Issue in notification for AMS license expiry has been fixed.
- Issue in importing vulnerability logs from the Windows agent has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12115

Released on 14th December 2019

Standalone Edition
Distributed Edition

New features
- Support for IBM Db2 logs: EventLog Analyzer now supports IBM Db2 logs and provides out-of-the-box reports.
- Threat whitelisting: You can configure EventLog Analyzer with an index of approved IPs, URLs, and domain names to minimize false positives.
Enhancements
- The alerts section now has a set of default alert profiles.
- The dashboard has predefined profiles for Cisco devices and SQL and IIS servers.
- The dashboard gets a new dark theme for better visual experience.
Fixes
- Issue with zipping AS/400 archive logs has been fixed.
- Issue with categorizing IIS FTP server logs has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12110

Released on 6th November 2019

Standalone Edition
Distributed Edition

New features
- Support for F5 devices: Out-of-the-box reports are now available for F5 devices.
- CCPA compliance reports: Predefined reports for CCPA compliance are now available.
Enhancements
- Receive email notifications to monitor user actions in EventLog Analyzer.
- Option to customize the existing correlation rules to detect sophisticated threats.
- All the generated alerts are now stored in Elasticsearch instead of database, for faster search and retrieval of data.
- Custom reports can now be shared with other users.
- Alert retention is now configurable.
Fixes
- Issues with multiple admin-managed server synchronization has been fixed.
- An option has been added to enable or disable periodic email alerts when a device is down.
- Issue with taking backups of the built-in pgSQL database in EventLog Analyzer while upgrading to versions 12000 and above has been fixed.
- Issue with displaying executed commands for older library versions of Linux File Integrity Monitoring has been fixed.
- Issue with viewing the last 10 events in machines with Turkish operating systems has been fixed.
- Issue wit sending emails from EventLog Analyzer using TLS 1.2 has been fixed.
- Issue with displaying agent log counts has been fixed.
- Issue with displaying Configuration Changes Reports in Checkpoint devices has been fixed.
- Issue with updating the values in alert profiles has been fixed.
- Issue with displaying event log counts for PCI DSS compliance has been fixed.
- Issue with processing alert profiles created with Regex pattern criteria has been fixed.

Enhancement
- The process of converting a standalone server to a managed server has been enhanced for improved user experience.
Fixes
- Issue in updating the managed server with compatible service packs from the admin server has been fixed.
- Connection failure issue after updating managed server credentials in admin server has been fixed.
- Issue with automatically updating managed server devices to the admin server has been fixed.

Service Packs

Build 12100

Released on 8 October 2019

Standalone Edition
Distributed Edition

New Features
- Customizable dashboard: EventLog Analyzer's dashboard now has a range of customization options.
  - Dashboard data will be updated in real time.
  - New tabs can be created with predefined widgets or with a blank template where any report can be pinned to the tab.
  - The color of the charts can be customized for more visual impact.
- Advanced Threat Analytics: Crucial information on the severity of threats can be obtained when potentially malicious URLs, domains, and IP addresses intrude into the network.
Enhancement
- Enhanced archival process: The log archival process has been enhanced for better usability, reporting, and for ensuring the integrity of log data. With the enhanced archive:
  - Multiple archives can be loaded and unloaded simultaneously.
  - The data in the loaded archive files is now searchable and reports can be generated.
  - An alert will be raised if the archived logs are tampered with.
Fixes
- Issue with macros in default threat alert profiles has been fixed.
- Issue with site configuration settings while discovering IIS servers has been fixed.
- Issue with custom alert profiles automatically getting converted to AS400 profiles while importing from an older build has been fixed.
- Issue with SSH timeout for linux agent installation has been fixed.
- While parsing syslogs, the filter can now be extended to the header of the logs as well.
- Issue while parsing Huawei SSH logs has been fixed.
- Support has been extended for the archival of SNMP and FIM logs.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12060

Released on 23 August 2019

Standalone Edition
Distributed Edition

New Features
- Automatic discovery of MySQL servers.
- SAP ERP logs and McAfee ePolicy Orchestrator syslogs support.
Enhancements
- Support for seamlessly processing syslogs that have different encodings and are from different time zones.
- REST API support for ServiceDesk Plus, an Incident Management tool.
- Performance of searching through compressed log data has improved.
Issue fixes
- Issue of creating alert profiles using custom fields has been fixed.
- SQL server audit reports not being populated with data has been resolved.
- Issue of parsing username with sudo commands has been fixed.
- Issue of identifying false positives when the log collector is manually stopped has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12050

Released on 26 July 2019

Standalone Edition
Distributed Edition

New Features
- Incident workflow management: Create and manage incident workflows in EventLog Analyzer. These workflows are automatically executed when the associated incident alerts are triggered. You can even track the execution of each workflow and view its status.
- CoCo and NERC compliance reports: Predefined compliance reports have been added for CoCo and NERC regulations.
Enhancements
- Technician audit logs are now maintained separately in the database, to facilitate future forensic investigations if needed.
- Alert severity can now be passed as an argument to scripts in the run program option, or to be displayed in email and SMS notifications.
Fixes
- Issue with displaying the Next 10 archives in the Archive Settings page has been fixed.
- Issue with loading the Malware Detected report under Windows Defender has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12041

Released on 20 June 2019

Standalone Edition
Distributed Edition

Enhancements
- The Search tab has a new UI with enhanced Advanced Search Criteria, Save Search, and Tag settings, for better user experience.
Fixes
- Issue in the terminal server agent has been fixed.
- Issue in migrating from PostgreSQL to Microsoft SQL Server has been fixed.
- Issue in Microsoft SQL Server Auditing Configuration when SSL is enabled in a SQL Server instance has been fixed.
- Issue in changing EventLog Analyzer's back-end database to SQL Server when SSL is enabled has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the Standalone Edition.

Service Packs

Build 12040

Released on 31 May 2019

Standalone Edition
Distributed Edition

New Feature
- Support for Arista switches: EventLog Analyzer now offers predefined event-based reports on Arista switches.
Enhancements
- The settings tab has been refurbished for enhanced user experience.
- The reporting module has been tweaked to process queries faster.
Fixes
- Issue in archiving correlated data has been fixed.
- Issue in sending a test email without authentication has been fixed.
- Timestamp issue in forwarded Windows logs has been fixed.
- Issue in scheduled reports exported with empty PDF attachments has been fixed.

Enhancement
- Synchronized data will be auto-recovered in the admin server if synchronization fails.
Fixes
- Issue in synchronizing data and service pack if the admin server is down during managed server startup has been fixed.
- Issue in device reports in the admin server dashboard has been fixed.
- Issue in removing managed servers configured with applications from the admin server has been fixed.
- Synchronization issues between the admin server and managed servers have been fixed.

Service Packs

Build 12030

Released on 27 Mar 2019

Standalone Edition
Distributed Edition

New Feature
- Compliance reports for NRC and Cyber Essentials: EventLog Analyzer offers out-of-the-box reports for complying with the mandates prescribed in the Nuclear Regulatory Commission RG 5.71 and Cyber Essentials.
Enhancements
- You can now import logs stored in Amazon Simple Storage Service (Amazon S3) buckets.
- EventLog Analyzer now supports server message block (SMB) 2.0 for importing logs, discovering IIS Servers, and file integrity monitoring.
Fixes
- Issue in log collector caused by packet size being bigger than the buffer size has been fixed.
- Issue in sending test emails from the product has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 12020

Released on 8 Feb 2019

Standalone Edition
Distributed Edition

New Features
- Support for SNMP traps and MySQL logs: EventLog Analyzer now has the ability to process SNMP traps, and also supports import and analysis of MySQL general and error logs.
- H3C device support: EventLog Analyzer now provides out-of-the-box support for H3C devices.
Enhancements
- The different views of a report, such as table, summary, matrix, and multi-report, can now be exported as PDFs.
- Option to enable or disable headers in CSV files has been added.
- Option to select log file name patterns while periodically importing log data has been added.
Fixes
- Issue in deleting log import schedules has been fixed.
- Issue in adding multiple email addresses in the recipient field of the Log Collection Failure alert has been fixed.
- Issue in alert processing has been fixed.
- Issues in report schedules and severity-based pivot reports have been fixed.
- Issue in log collection schedules when collecting Syslog from Windows devices has been fixed.
- Issue in parsing Firepower and Check Point logs has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 12012

Released on 23 Jan 2019

Standalone Edition
Distributed Edition

New Features
- Two-factor Authentication: EventLog Analyzer's login security has been bolstered with two-factor authentication via email, SMS, Duo Security, RSA SecurID, and Google Authenticator.
Enhancements
- Mail notification settings have been completely revamped for enhanced user experience.
- Option to configure proxy server has been added.
- SMS notification settings now supports additional protocols such as HTTP, SMTP, and SMPP.
- jQuery version has been upgraded to 3.3.1 for greater security.
Fixes
- Issue in connecting to a Microsoft SQL database when the password size exceeds 15 characters has been fixed.
- Issue in sending alerts to Windows Event Viewer has been fixed.
- Issue in MySQL backup has been fixed.
- Issue in forwarding logs from AS/400 devices has been fixed.
- Issues in parsing logs for file integrity monitoring and SQL column integrity monitoring have been fixed.
- Issue in resolving IP addresses which caused the log collector to quit has been fixed.
- Issue in scheduling predefined reports has been fixed.
- Issue in loading archived logs has been fixed.
- Issue in sorting report profiles has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 12010

Released on 30 Nov 2018

Standalone Edition
Distributed Edition

New Feature
- Linux File Integrity Monitoring: Predefined reports to track creation, modification, deletion, renaming, and permissions changes in files and folders on Linux devices.
Enhancements
- The File Integrity Monitoring module configuration has been enhanced for better user experience.
- The capability to audit all activities of users with Technician roles in the File Integrity Monitoring module.
- ICMP traffic logs are now parsed.
Fixes
- Issue in the scheduler when multiple criteria are selected for File Integrity Monitoring has been fixed.
- Issue which caused a mismatch in the number of events displayed in the File Integrity Monitoring dashboard and the underlying data has been fixed.
- Issues in graph and data in exported reports in the CSV format has been fixed.
- Issue in exporting reports with more than eight columns has been fixed.
- Issue in parsing Palo Alto logs without serial numbers has been fixed.
- Issue in displaying Symantec system events in the appropriate report has been fixed.
- Issue in parsing Unix device logs to track file uploads has been fixed.
- Issue in displaying the content in alerts mails has been fixed.
- Issue in updating the time at which logs were last received from Windows devices with third-party agents has been fixed.
- Issue in displaying the status of log collection of the syslog receiver has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.
Fix
- Issue in configuring centralized log archival from the Admin server using some browsers has been fixed.

Service Packs

Build 12000

Released on 13 Nov 2018

Standalone Edition
Distributed Edition

New Features
- Brand-new UI for reports: A completely revamped reports tab with a fresh UI and the ability to:
  - Create custom reports more swiftly and also view them in four different formats— Table, Summary, Matrix, and Multi-report.
  - Generate new views for the prebuilt reports.
- ISLP compliance reports: EventLog Analyzer now has out-of-the-box reports to help you comply with Information Security Level Protection's (ISLP) requirements.
- Support for Cisco Firepower & pfSense: Ability to process logs from Cisco Firepower and pfSense, along with exclusive reports and alert profiles to easily audit events from these devices.
Enhancements
- Correlation rules have been enhanced with the option to add these new conditions: less than, greater than, between, not contains, not starts with, not ends with, not between, and is variable.
- Advanced auditing of Microsoft SQL supports all collations.
- The Favorite reports category has been enhanced to become user-specific.
- All the report categories have been enhanced for better usability and searching.
- The GPG compliance reports under the Windows reports category have now been moved to the dedicated group under the Compliance tab.
Fixes
- Issue in user-specific language settings has been fixed.
- Issue causing the unavailability of EVTX log files' description has been resolved.
- Issue in parsing DHCP and Huawei logs has been fixed.
- Issue in updating report summary in database has been resolved.
- Issue causing log collector to shut down while processing logs collected using TLS 1.0 has been fixed.
- Issue in editing the log collection filters page has been resolved.
- Issue causing inconsistency in Application page's severity log reports has been resolved.
- Issues in selecting fields for search and changing work-hour configurations in Internet Explorer browser have been fixed.
- Issue in fetching data for previous day's non-working hours reports has been fixed.
- Issue in searching while having space in field names has been resolved.
- Issue in Save to Folder option in scheduled reports has been fixed.
- Issue in time format when exporting user-based reports has been fixed.
- Issue in rearranging actions in correlation rules has been fixed.
- Issue in deleting correlation rules in the off-heap mode has been fixed.
- Issue in saving search criteria that contain regex expressions as an alert has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.
Fix
- Issue in View Old Data option in the managed server correlation tab has been fixed.

Service Packs

Build 11212

Released on 5 Oct 2018

Standalone Edition
Distributed Edition

Enhancements
- Log processing has now been made faster for enhanced performance and user experience.
Fixes
- Issue with scheduled imports of multi line logs has been fixed.
- Issues in building custom alerts have been fixed.
- Issue with parsing SonicWall logs has been fixed.
- Issue with emailing scheduled reports has been fixed.
- Issue with populating data in reports pertaining to ManageEngine Password Manager Pro has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11211

Released on 28 Sep 2018

Standalone Edition
Distributed Edition

Fixes
- Issue in viewing events of the correlation history in Build 11210 has been fixed.
- Issue in applying the service pack in Build 11210 has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11210

Released on 10 Sep 2018

Standalone Edition
Distributed Edition

New Feature
- HP switch monitoring: EventLog Analyzer offers predefined reports and alert profiles to monitor the security events of HP switches exclusively. It also comes with the capability to analyze log data of HP switches.
Enhancements
- The import log module now supports multiple file encodings.
- An option to specify the imported log data's timezone.
- Date format can now be set in the product.
Fixes
- Issue with importing EVTX format files from a shared path has been fixed.
- Issue with importing files from a shared path when the device credentials have already been configured has been fixed.
- Issue in displaying data for compliance reports in the free version of the product has been fixed.
- Issue in timestamp when scheduled compliance reports are saved has been fixed.
- Issue in not parsing the username field in Windows application logs has been fixed.
- Issue in reports not populating data from IBM AIX systems has been fixed.
- Issue in fields of the Windows Services reports in the compliance report section has been fixed.
- Issue in not being able to import CRT files into the ssl.keystore has been fixed.
- Issue in product not starting when HTTPS is enabled and the password contains a special character has been fixed.
- Issue in parsing Barracuda device logs has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11204

Released on 30 Jul 2018

Standalone Edition
Distributed Edition

New Feature
- Threat Management: EventLog Analyzer's threat intelligence module has been further enhanced by extending support for real-time updates from custom STIX/TAXII servers.
Fixes
- Issue in saving scheduled reports and also changes to favorite reports has been fixed.
- Sparsely-occurring issue while loading archive logs has been fixed.
- Issue causing malfunction of TLS log collection server when PFX certificate has certificate chain has been fixed.
- Issue in parsing H3C logs has been fixed.
- Issue encountered while resetting passwords has been fixed.
- Issue in alert mail rebranding has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11200

Released on 18 Jun 2018

Standalone Edition
Distributed Edition

New Features
- Selective activity monitoring: Monitor Windows and Unix sessions of users with predefined or custom session activity rules.
- Meraki security appliances auditing: Predefined reports and alert profiles to audit security events of Meraki security appliances easily.
- Support for CEF format logs.
Enhancements
- The scope of Microsoft SQL Server auditing has been widened with the ability to audit and track more activities such as logins, integrity of data on the server, and more.
- Reports on session activity have been enhanced for better usability.
- The correlation scheduler has been given a facelift.
Fixes
- Issue in establishing an ODBC Connection when TLS 1.0 is disabled has been fixed.
- Issue which identified other application logs as Microsoft SQL Server logs has been fixed.
- Issue in data not being displayed in reports if the table header and database name exceeds fifty characters has been fixed.
- Issue in monitoring interval scheduler for AS400 devices has been fixed.
- Issue in AIX reports not showing accurate data has been fixed.
- Issue in VPN user reports not populating data for network devices has been fixed.
- Issue in the format of the Palo Alto logon report has been fixed.
- Vulnerability issues in the product settings have been fixed.
- Cross-Site Scripting vulnerability (CVE-2018-10075) that allowed remote attackers to inject arbitrary web script or HTML via the import logs function has been fixed.
- Cross Site Scripting vulnerability (CVE-2018-10076) that allowed remote attackers to inject arbitrary web scripts or HTML via the search function has been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.
- Issue in copying the service pack and license from the Admin server to Managed servers has been fixed.

Service Packs

Build 11140

Released on 25 May 2018

Standalone Edition
Distributed Edition

New Features
- Password protection can be enabled for reports that are exported in PDF and CSV formats.
- Users with administrator privileges can now audit the report export activities.
- Guest users will not be able to export reports.
Enhancements
- When you enable the GDPR configuration settings, you will be prompted for consent during third party tool integrations.

- The new features and enhancements for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11134

Released on 21 May 2018

Standalone Edition
Distributed Edition

New Feature
- A rich text editor has been provided in the alert profile configuration page to compose the alert email.
Enhancements
- The correlation rule builder has been revamped for better usability.
- The correlation engine can now detect malicious IP addresses from threat feeds.
- The alert mail content has been enhanced.
Fixes
- The issue in the correlation alert mail has been fixed.
- Several other minor issues have been fixed.

- The updates for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11133

Released on 11 May 2018

Standalone Edition
Distributed Edition

New Feature
- Support for more ticketing tools: EventLog Analyzer's incident management module now supports Jira Service Desk, Zendesk, Kayako, and BMC Remedy Service Desk.
Enhancement
- The user interface of the Incident Management tab has been enhanced for better user experience.

- The updates and fixes for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11130

Released on 13 April 2018

Standalone Edition
Distributed Edition

New Feature
- IIS web site auto discovery which makes it easier to configure IIS web sites for monitoring.
Enhancements
- Multiple files can now be imported simultaneously.
- Server Message Block (SMB) protocol has been added as one of the protocols to access files.
- Customization options have been added for scheduling of log imports.
- Dynamic patterns and numerical increments for file rollovers have been added.
- Option to import and store logs for short durations has been added.
Fixes
- Issue in the device name and display name fields in custom reports has been fixed.
- Issue in adding syslog hosts has been fixed.
- Parsing issue in Cisco device logs has been fixed.

- The updates and fixes for the Distributed Edition - Managed Server are the same as the above.

Service Packs

Build 11123

Released on 27 March 2018

Standalone Edition
Distributed Edition

New Features
- Secure archival of log files: Checksums are now used to maintain the integrity of archived log files, thus helping meet compliance requirements.
- Supports Huawei firewall: Predefined reports and alert profiles help easily audit security events of Huawei firewalls.
- Supports Malwarebytes: Predefined reports and alert profiles help in auditing logs from Malwarebytes, thereby improving the threat detection mechanism.
Enhancements
- Kerberos has been added as an authentication method for log collection.
- Removable Disk Auditing now supports more device types.
- The object access policies enabled by default in an agent have been optimized to reduce log dropping.
- The IP address of the remote device has been added as a field in file integrity monitoring logs.
- Permission changes for files are now audited.
- All logs generated during agent downtime will be collected from the Event Viewer, once the agent recovers.
Fixes
- Issue with restarting of the log collector has been fixed.
- Issue in specifying multiple entries in the fields of database filters has been fixed.
- Issue in log collection filter for Windows logs forwarded as syslog has been fixed.
- Consistency issue in deletion events of folders with child objects has been fixed.

- Sync issue between the admin server and managed servers has been fixed.
- The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Service Packs

Build 11122

Released on 19 March 2018

Standalone Edition
Distributed Edition

New Features
- The correlation module now supports logs from ManageEngine OpManager and Password Manager Pro.
- Forensic analysis can be performed on the actions of the user(s) and device(s) involved in a successfully correlated event.
Enhancements
- Reports of network devices can now also be viewed in the Compliance tab.
- An option to enable or disable the out of memory alert notification.
- The mail subject of low disk space and out of memory alerts can be customized.
- Automatic assignment of alerts to technicians based on alert profiles.
- An option to delete generated alerts, when deleting the alert profile that they are associated to.
- Exporting compliance reports has been made faster.
- The compliance report scheduler has been enhanced.
Fixes
- Issue in parsing of File Integrity Message in the alert mail has been fixed.
- Issue in automatically adding agent has been fixed.
- Issue which generated alerts with wrong criteria for AS400 has been fixed.
- Issue in Compliance report scheduler has been fixed.

- The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Service Packs

Build 11120

Released on 7 March 2018

Standalone Edition
Distributed Edition

New Features
- SQL Server auto discovery which makes it easier to configure SQL servers for monitoring.
- Column Integrity Monitoring in SQL Server: Track changes in a monitored column including who changed the value, at what time the value was changed, and the database table in which the value was changed.
- SQL Server Advanced Audit reports provide information on the history of schema and object changes, most used tables, and more.
Enhancements
- Auditing can now be enabled only for the selected SQL Server instances.
- Audit policies can now be created or deleted from EventLog Analyzer.
- The user interface of the Manage Applications tab has been enhanced for better user experience.
Fixes
- Issue in password with special characters entered during the configuration of mail server has been fixed.
- Issue which added duplicate entries to reports exported in CSV format has been fixed.
- Issues in parsing and indexing of SolarWinds and Snare logs have been fixed.
- Cross Site Scripting (XSS) in the search and reports page (CVE-2018-7405) raised by Suresh Khutale has been fixed.
- Vulnerability issue of remote code execution when uploaded by an agent has been fixed.

- The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Service Packs

Build 11110

Released on 9 February 2018

Standalone Edition
Distributed Edition

New Features
- Supports Barracuda devices: Predefined reports and alert profiles help easily audit security events of Barracuda Firewalls, Web Application Firewalls, and Email Security Gateway.
- Implementation of slow query graphs for the dashboard.
Enhancements
- Provision to customize the subject, content of email, and SMS alerts.
- Add alerts and manage alerts pages have been enhanced for improved user experience.
Fixes
- Issue in handling special characters in Microsoft SQL migration has been fixed.
- Issue in wildcard search has been fixed.
- Issue in triggering alerts when the buffer size is reached has been fixed.
- Issues in parsing Sonicwall signature ID, Cisco Firepower custom fields, and denied traffic in Fortinet have been fixed.
- Issue in SQL Login Altered report has been fixed.
- Issue in updating aggregated data in MySQL database has been fixed.
- Issue which caused multiple UDP ports to listen has been fixed.

- The new features, enhancements, and bug fixes for the Distributed Edition - Managed Server are the same as that of the Standalone Edition.

Service Packs

Build 11102

Released on 24 January 2018

Standalone Edition
Distributed Edition

New Feature
- Integration with Log360 Cloud: The logs collected by EventLog Analyzer can now be stored and managed on a secure cloud platform - Log360 Cloud.

New Feature
- The new features for the Distributed Edition - Managed Server is the same as the Standalone edition (Build 11102).

Service Packs

Build 11101

Released on 12 January 2018

Standalone Edition
Distributed Edition

New Features
- Three new predefined correlation rules that detect suspicious SQL backup, installation of services and software.
- Logs from syslog and other devices can be forwarded to any server including file servers and Windows servers.

Enhancements
- Parsing of new fields in Juniper and Fortinet firewall logs.
- Support for Snare in the RFC 5424 format.

Fixes
- The new features for the Distributed Edition - Managed Server is the same as the above.

Service Packs

Build 11100

Released on 9 December 2017

Standalone Edition
Distributed Edition

New Feature
- GDPR compliance reports: Offers predefined report templates to help you easily comply with the GDPR's requirements.

Enhancements
- A new report for Juniper application tracking has been added.
- Mail subject can now be added in the custom report scheduler.

Fixes
- The alignment issue in reports exported as CSV files from the search tab has been fixed.
- The issue in parsing SonicWall botnet logs has been fixed.
- WatchGuard firewall logs are now parsed.
- The issue with not being able to view devices in the admin server when the user logs in via AD has been fixed.
- The issue in displaying the report fields for Oracle devices has been fixed.
- The issues in parsing the timestamp of imported logs have been fixed.

Fixes
- The new feature for the Distributed Edition - Managed Server is the same as the above.

Service Packs

Build 11090

Released on 29 November 2017

Standalone Edition
Distributed Edition

New Features
- Supports Sophos-UTM, Sophos-XG, and Cyberoam devices: Predefined reports and alert profiles help easily audit security events of Sophos-UTM, Sophos-XG, and Cyberoam devices.
- Provides an option to discover and configure event sources for individual devices.

Enhancements
- The mechanism of recording the log flow rate has been optimized.
- An extra field "Display name" has been added to the pre-defined reports and search section.

Fixes
- The issue with parsing of fields for NPS events occurring on Windows Server 2016 has been fixed.
- Addition of VMware reports for created and deleted VMs (Event IDs: 13002 and 13003).
- The issue with the Solaris user account management report and SUDO command execution report has been fixed.
- Issue with populating web traffic reports for WatchGuard has been fixed.
- The issue with the policy changes report for Symantec devices has been fixed.
- The issue with exporting reports from the "My Reports" category has been fixed.

New Features
- The new features are same as in the Standalone Edition.

Fixes
- All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Service Packs

Build 11080

Released on 17 October 2017

Standalone Edition
Distributed Edition

New Features
- Multiple log format support: Correlation is now carried out across multiple log formats, enabling you to correlate logs from Windows and Unix systems, network devices, and more.
- Enhanced field-level correlation: Correlation can be done based on multiple log field values to provide fine-grained attack detection.
- Predefined rules: The module is packaged with 25 predefined complex attack patterns.
- Custom rule builder: The custom correlation rule builder has been upgraded to include over 250 predefined network actions and advanced filters.
  - Check for unique, constant, or shared field values among the actions that make up a rule.
  - Use multiple comparison conditions for fields, namely 'equals', 'not equal to', 'starts with', or 'ends with'.
  - Create rules for individual log types using specific network actions, or rules common to all log types with generic network actions.
- Incident management integration: All correlation alerts can be viewed and managed with the in-built incident management console.

Enhancements
- The correlation user interface has been upgraded with an all new look and feel, incorporating all the above new features.
- The time between each individual pair of actions can now be specified when creating a rule.

New Features
- The new features are same as in the Standalone Edition.

Fixes
- All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Service Packs

Build 11073

Released on 4 October 2017

Standalone Edition
Distributed Edition

New Features
- EventLog Analyzer now supports WatchGuard firewall devices. Exhaustive reports and predefined alert profiles makes it easier to audit WatchGuard firewall.

Fixes
- White space characters that caused issue in mail server configuration has been fixed.
- Predefined Symantec reports now display graphs.
- "Windows unexpected shut down" report was not updated. This issue has been fixed now.
- I18N issue in the device and status tab of admin server fixed.
- Issue with exporting loaded archives in admin server fixed.
- Issue with parsed product names in Checkpoint logs fixed.
- Receiving alerts that logs are not being collected from various servers while they are actually being collected. This issue has been fixed.
- Display issue with EventLog Analyzer's centralized archive page in Linux has been fixed.
- Issue with "root" being not accepted as a username in centralized admin server is fixed.
- Changes made in centralized archives setting page was not saved. This bug has been fixed.
- Operator access to Syslog Listener Port Settings restricted.

New Features
- The new features are same as in the Standalone Edition.

Fixes
- All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Service Packs

Build 11072

Released on 22 September 2017

Standalone Edition
Distributed Edition

Enhancements
- EventLog Analyzer's security is further strengthened by using unique key to encrypt database for every installation.
- The solution now correlates the logs from Cisco firewalls with that of the threat feeds and global IP threat database data to instantly detect traffic from malicious URLs and domains.
- Custom log patterns (or regex patterns) can be created for specific devices and can be saved for future log imports.
- Symantec Endpoint Protection support is now enhanced with the set of prebuilt reports on successful logons, failed logons, admins added, admins modified, admin deleted and policy changes.

Fixes
- Multiple vulnerability issues including XSS, XML injection, authorization issues, and path traversal has been fixed.
- New entries in registry were not added when databases was changed. This issue has been fixed.
- All fields in 'Manage Agents' under 'Admin Settings' tab now supports non-ASCII characters as well.
- IP address of configured devices were not updated properly. This issue has been fixed.
- Parsing errors occurred when importing multi-line logs. This issue has been fixed.

Enhancements
- The enhancements are same as in the Standalone Edition.

Fixes
- All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Service Packs

Build 11070

Released on 29 August 2017

Standalone Edition
Distributed Edition

New Features
- Transport layer security (TLS) based log collection is now supported.
- Port management options have been enhanced for better usability.
- Out-of-the-box support for NetScreen and Checkpoint firewall devices log data. The new version comes with exclusive predefined reports and alert profiles that makes NetScreen and Checkpoint device auditing and monitoring easier.
- The new version supports Nexpose vulnerability scanner log imports.
- Exclusive reports for monitoring SonicWall VPN activities comes bundled with the new version.
- The new version includes predefined reports that provide information on web traffic for Cisco firewall and routers.

Enhancements
- External agent support is now being provided for Windows server core machines.
- TLS 1.2 is used for enhanced agent-server communication.
- File integration monitoring support has been extended for Windows file servers.
- It is now possible to get the details of the users who renamed the file or folder in the predefined file integrity monitoring reports.
- You can now directly apply the self-signed certificate directly from within EventLog Analyzer web-console.
- EventLog Analyzer now extends the log querying capability to Nessus, OpenVas, Nmap and Qualys vulnerability scanner log data.
- Reports for "Host migration in vCenters" and "VM Relocated Events" is now provided.
- Option to search for a specific managed server from admin server console is now being provided.
- Device display name enhancements has been done.

Fixes
- The issue in displaying host count in the "Home" tab of "Device details" page in distributed edition is fixed.
- Occasional sync error between managed server and admin server in distributed edition is fixed.
- Log count aggregation in trend table has been revamped.
- File integrity monitoring report profile now accepts file extension with spaces.
- Bugs in Apache report's status code has been fixed.
- The issue with log format icon in log collection filter profile is rectified.
- Multiple bugs fixed for Fortinet and Juniper firewalls reports.
- Bug fix for the summary count in the scheduled file integrity monitoring reports.
- The Username is now parsed for event IDs 4658 and 4952 in event logs.
- False alerts for "log collection failure" fixed for syslog.
- Encoding issue for non-English languages in CSV export reports is fixed.
- Multiple log parsing issues fixed.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.7 Build 11056.
- No changes specific to Distributed Edition Admin Server in this release.

Service Packs

Build 11066

Released on 15 August 2017

Standalone Edition
Distributed Edition

Enhancements
- Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
- Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

Enhancements
- Enhanced threat intelligence platform: The solution now supports STIX/TAXII threat feeds. The global threat feed database will be updated automatically.
- Malicious IP and URL alerts: Upon analysing the threat feeds and log data from the network, the solution sends out real-time alerts if suspicious traffic or out going traffic to malicious domain is detected.

Service Packs

Build 11065

Released on 04 August 2017

Standalone Edition
Distributed Edition

Enhancements
- Elastic Search is enhanced to handle unprocessed files.
- In the search option, custom fields are pre-populated with values that are previously configured by users.
- In a current session, if you navigate to other tabs while viewing a specific report, the 'Reports' tab saves the view and shows it to you when you're back.

Fixes
- Issues with Cisco parsing have been fixed.
- Issues in parsing VNC logs from Mac OS have been fixed.
- The values used in the compliance reports are directly taken from the indices to avoid value mismatch.

Enhancements
- The enhancements are same as in the Standalone Edition.

Fixes
- All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Service Packs

Build 11060

Released on 19 July 2017

Standalone Edition
Distributed Edition

New Features
- EventLog Analyzer now offers exclusive reports and alert profiles for Fortinet device to help to detect anomalous activities, monitor user activities, changes in configuration, and more.

Enhancements
- EventLog Analyzer supports all SonicWall device log format. Previously, we had been supporting only SonicWall firewall logs.
- Active Directory user import feature has been revamped for better user experience.
- Configuring domains and workgroups is made easy with a dedicated log configuration page for the same.
- The solution can now import AD users at regular intervals using schedules along with provisions to view the schedule history.

Fixes
- The alert profiles that are being created as tickets in ServiceDesk Plus have been provided with the l18n option.
- The values for graphical representation in the dashboard is directly taken from the indices to avoid value mismatch.
- Issue with loading archives in MSSQL Windows authentication has been fixed.
- The issue with importing users with same username from multiple domains has been fixed.
- Issue with adding users has been fixed now.
- When users were moved to different host groups, the change wasn't reflected in the 'All host group' list. This issue has been fixed.
- Issues with the single-sign-on feature have been fixed now.
- Importing users from some organizational unit had some issues . This has been fixed now.
- Authentication of users imported from AD groups didn't happen. This has been fixed now.
- Technician roles can be assigned to multiple users at one go.
- Vulnerabilities in 'Keep me signed in' option in the login page has been fixed using dynamic key based encryption.
- Issues with log collector have been fixed.
- False positives for Windows device down alerts has been fixed.
- You can now collect event logs through a fully qualified domain name (FQDN).
- Issues with index archiving have been fixed now.
- Issue with searching a renamed device in 'Device' page, has been fixed.
- Synchronization issues with Admin and Managed server in MSSQL database have been fixed.
- In File Monitoring Summary page, the device names were not listed, if it's included in the DHCP device list. This issue has been fixed.

Enhancements
- Admin servers can now be assigned groups from multiple managed servers.
- Exact host count was not reflected in the licence page of admin server. This has been fixed now.
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.6 Build 11060.

Service Packs

Build 11056

Released on 30 May 2017

Standalone Edition
Distributed Edition

Enhancements
- Reports to track user VPN connections and disconnections on Cisco ASA devices have been added.
- The 5424 log format is now supported for Juniper devices.
- Juniper traffic reports have been enhanced.

Fixes
- The log collector quit occasionally while parsing Oracle logs. This has been fixed.
- SSL versions 2 and 3 have been removed.
- SSL weak cipher suites have been changed.
- The following vulnerabilities have been removed from several pages of the product:
  - Stored and reflective cross site scripting
  - Cross site request forgery
  - Clickjacking
  - Username harvesting

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11056.
- No changes specific to Distributed Edition Admin Server in this release.

Service Packs

Build 11055

Released on 3 May 2017

Standalone Edition
Distributed Edition

New Features
- A separate ticket can be created for each incident, and assigned to any specific administrator for resolution.
- Includes a provision to add notes, in the ticket, once it is resolved. This makes it easier to resolve similar issues that might arise in the future.
- Integrates with popular help desk tools – ServiceNow and ManageEngine’s ServiceDesk Plus to allow creation of tickets using them.

Enhancements
- The GUI of alerts reporting page has been enhanced for better usability.
- Users can now configure the alert profiles based on time frames viz., working hours, non-working hour, and even custom time range.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11055.
- No changes specific to Distributed Edition Admin Server in this release.

Fixes
- Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.

Service Packs

Build 11050

Released on 17 Apr 2017

Standalone Edition
Distributed Edition

New Features
- Juniper and Palo Alto device logs; offers predefined reports and alert profiles exclusively for Juniper and Palo Alto devices to audit them easily.
- TCP based log collection for Syslog devices.

Enhancements
- New SonicWall device reports have been added for IDS/IPS and under the user account management category.
- View the top and least values of the log data fields in all the predefined reports.
- Full support for SolarWinds Windows Log Forwarder.

Fixes
- The issue with IBM AS/400 date format has been fixed.
- AS400 alerts were getting sent for devices not specified in the alert profile. This has been fixed.
- Shared files and folders deleted via right clicks were not showing in the reports. This has been fixed.
- The elastic search engine now resets the date in the log message and shows the results for the last 30 days if the start or end time in the log message time stamp exceeds the elastic search engine time range limit.
- The issue with working of FTP scheduled import option when the file is specified as the root path has been fixed.
- The issue with the working of Windows Snare agent has been fixed.
- The issue with the working of log filter for Windows log collection via Snare agent has been fixed.
- The issues with the update of 'Last Message Time' for devices in the Device Management page have been fixed.
- The issue with generation of removable disk auditing reports has been fixed.

Enhancements
- Managed server contains all the features of EventLog Analyzer Standalone Edition Version 11.5 Build 11050.

Fixes
- Users with roles other than the default admin and guest were not able to view the dashboard. This has been fixed.

Service Packs

Build 11045

Released on 30 March 2017

Standalone Edition
Distributed Edition

New Features
- The 'Settings' tab now has a search option with which you can search for options available in configuration, system, and product settings sections.

Enhancements
- The GUI of 'Settings' page has been enhanced for easy accessibility.
- I18N is now supported for "Log Me" tab.

Fixes
- Issues in archiving log data from Elasticsearch index has been fixed.
- Minor i18n issues have been fixed.

Enhancements
- There are no changes specific to Distributed Edition Admin Server in this release
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11045

Service Packs

Build 11043

Released on 28 Feb 2017

Standalone Edition
Distributed Edition

Fixes
- The logs processed using SolarWinds logs forwarder was only partially compatible. This has been fixed now.
- Issue in receiving Cisco logs that represented severity with numbers instead of letters has been fixed.
- While scheduling reports, filter option wasn't working consistently in non-English user interfaces. This has been fixed.
- While searching for logs using event numbers, the search bar malfunctioned in non-English user interfaces. This has been fixed.

Enhancements
- No changes specific to Distributed Edition Admin Server in this release
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11043

Service Packs

Build 11042

Released on 9 Feb 2017

Standalone Edition
Distributed Edition

New Features
- EventLog Analyzer simplifies the log collection and device configuration by automatically discovering Syslog devices on your network based on the IP and CIDR range values. SNMP (Version 1) credentials is used for automatic device discovery.
- The solution also enables automatic log forwarding for UNIX devices with the root credentials.

Enhancements
- Email notification option has been provided for the default threat alert profile.

Fixes
- The issue with EventLog Analyzer's log collector when the database password is encrypted has been fixed.
- The issue in updating IBM AS400 password has been fixed.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11042
- No changes specific to Distributed Edition Admin Server in this release

Service Packs

Build 11040

Released on 6 Jan 2017

Standalone Edition
Distributed Edition

New Features
- SonicWall firewall. You can now use exhaustive reports and predefined alert profiles that make SonicWall firewall auditing easier.
- RFC 5424 log format for Unix and Linux machines.

Enhancements
- Syslog data processing performance has been enhanced.
- ‘Pick device' option has a new filter, 'username', for enhanced usability.
- CSV files with just two columns can also be imported.
- For devices that use agent for log collection, "Device down" alerts are enabled.
- 'Network Logon' event has been included under one of the rules in 'Correlation'.
- Error message for logon authentication failure events is displayed for firewall devices.

Fixes
- Issues with event source based database filter have been fixed.
- Issue when exporting alert profile into XML format have been fixed.
- Issues with Run Program Notification Setting in correlation have been fixed.
- Issue with the SysEvtCol process in Linux-64 bit machine has been fixed now.
- When alert profile is set up for certain devices in a group, all the devices in that group are included in the 'Devices' criteria. This issue has been fixed.
- The issue with the 'Archive>Settings' option in Chrome browser has been fixed now.
- Issues with the administrator and operator privileges for managing alert profiles have been fixed.
- The issue with 'contains' filter option in log search has been fixed now.
- Issues with generating File Integrity Monitoring reports for DHCP agents have been fixed now.
- File or folder rename events were not reflected in File Integrity Monitoring reports. This has been fixed now.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.4 Build 11040
- No changes specific to Distributed Edition Admin Server in this release

Service Packs

Build 11030

Released on 19 Dec 2016

Standalone Edition
Distributed Edition

New Features
- Auto-discovery of domain and non-domain devices for enhanced user experience in adding Windows devices.

Enhancements
- Devices management and configuration has been improved for better usability. You can now check the log collection status, change the log monitoring interval, and enable or disable the device from a single window.
- FIM events for agent directory folders are excluded by default.

Fixes
- Archive location path containing special characters has been aligned with Windows standards.
- XSS vulnerability issue in rebranding and index pages has been fixed.
- Server has been optimized for FIM folders exclusion to accept several agent requests.
- JVM crashes no longer occur when importing log files.
- Changes in filenames are dynamically reflected while updating the schedule.
- Trend Reports does not reflect event counts with zero logs.
- The issue with the count in the report export list has been fixed.
- IP address based device search is now possible.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 11.3 Build 11030
- No changes specific to Distributed Edition Admin Server in this release

Service Packs

Build 11025

Released on 17 Nov 2016

Standalone Edition

Fixes
- The file integrity monitoring template update has been fixed.
- Working of script notifier in Linux installations has been fixed.
- Displaying the archive status during archive loading has been fixed.
- Export report download (due to special character references in the report name) has been fixed.
- Compliance report graph's drill-down functionality has been fixed.
- Time criteria for archive report exports has been fixed.
- Syslog collection has been fixed.
- The email address field now has a limit of 250 words.
- We now monitor SSH2 sessions as well for Unix/Linux SSH session reports.
- If Oracle application log data contains raw commands executed in the database, then that log data will not be categorized under reports.

Service Packs

Build 11020

Released on 26 Aug 2016

Service Pack build 11023 released on 24 Oct 2016

Standalone Edition
Distributed Edition

New Features
- Threat analysis: Without any configuration, automatically get alerted whenever you receive traffic from blacklisted or suspicious IPs.
- All new UI: EventLog Analyzer now comes with a flat user interface
- Monitor log data of EventLog Analyzer: Offers the capability to forward EventLog Analyzer's log data (in syslog format) to any source.

Enhancements
- Log search engine performance has been enhanced.
- The product's log trend graph, event category graph and host count variable are now directly loaded from the 'Elastic Search' module so as to facilitate better
- Now, the report, alerts for the client console uses the local (client) machine's time zone for better interpretation.
- IBM AS400 BRMS log parsing is now supported.
- EventLog import for non-english languages is now supported.

Fixes
- Alignment issues in 'Settings', 'Hosts', 'Search' and 'Correlation' tabs had been fixed.
- The log search event count mismatch when hovered over the graph has been fixed.
- The issue in knowing the exact number of event types in dashboard graphs has been fixed.
- The issue with triggering action upon clicking 'Calendar' icon has been fixed.
- Alignment issues in displaying the content
- The export as report feature was not working for archive search results when using MSSQL database. This has been fixed.
- Edit report feature under My Reports section was not working when reports were sorted. This has been fixed.
- When exporting reports in PDF format, username fields above 8 characters were getting truncated. This has been fixed.
- Some hosts were not getting listed under the Hosts tab due to a data mismatch. This has been fixed.
- Parsing timestamp from Apache logs has been tuned.
- The issue in parsing timestamp from ESXi logs has been fixed.
- The issue in parsing Unix FTP logs has been fixed.
- When upgrading an agent, if any error is encountered, an error message is now displayed under the Agent Status.
- Issues causing agent installation and upgrade failure have been fixed.
- Issues with agent deletion, and agent association when its corresponding host was renamed, have been fixed.
- The issue in displaying File Monitoring for Shared Deleted Events for Windows 2012 R2 has been fixed.
- The issue with registering when file monitoring is in DHCP environment has been fixed.
- The issue with event log skipping after applying Windows anniversary update, or when recordID is wrapped in WMI, has been fixed for both agent and agentless methods.
- The issue with logon failure when logs are being collected from EventLog Analyzer has been fixed.
- Script notification under alert profiles was not working in case of space constraints in the installation directory. This has been fixed.
- Multiple issues with File Integrity Monitoring configuration and templates have been fixed.
- The issue with syncing after editing Managed Server details in Admin server has been fixed.
- Logagent quit when path length in File Integrity Monitoring was very large. This has been fixed.
- The record ID mismatch between multiple hosts in an agent has been fixed.
- Auditing is now enabled when adding hosts for File Integrity Monitoring, instead of when enabling the username.
- SQL Injection vulnerability in Hosts tab has been fixed.
- Session ID getting exposed in Access Log vulnerability has been fixed.

Enhancements
- The features, enhancements and fixes are same as in Standalone Edition.

Service Packs

Build 11012

Released on 23 Jul 2016

Standalone Edition
Distributed Edition

Enhancements
- EventLog Analyzer now provides you with an option to export the generated alert messages.
- You now have the option to select all the available host groups while creating a report, alert profile, or filter.
- We have now enhanced the edit, disable, and delete icons available in the alert message section.
- EventLog Analyzer's calendar will be automatically updated every 10 minutes.
- You can now edit the report schedules to change the report formats (PDF or CSV).
- Help card is now added to assist the vulnerability import option.

Fixes
- The alignment in CSV reports has been fixed
- The deletion of original file while importing application logs using Internet Explorer browser has been fixed.
- Scheduling the predefined reports for large number of hosts has been fixed.
- The 'Pick host' option in correlation rule filter page has been fixed.
- The option to disable AD authentication has been fixed.
- Archive status change in Internet Explorer 11 has been fixed.
- 'View Per Page' option in 'Hosts' page has been fixed.
- Selected hosts count in 'the Search' and 'Pick host' feature has been fixed.
- Feature request link for Log360 has been fixed.

Enhancements
- The enhancements are same as in the Standalone Edition.

Fixes
- All fixes to the Standalone Edition are applicable to the Distributed Edition as well.

Service Packs

Build 11010

Released on 17 Jun 2016

Standalone Edition
Distributed Edition

Enhancements
- The EventLog Analyzer web client language is automatically set based on the language setting of the browser. Also, the server side language is automatically set based on the machine in which it is installed.
- Search option added within Pick Hosts option (found in add new report/alert/filter and report schedule pages).
- vCenter log collection process enhanced in performance.
- Support for AS400 log collection through secure ports.
- CEF format support for FireEye logs.
- 'Message' column added to FireEye overview report.
- 'Username' column added to following Windows predefined reports: Software installed/uninstalled/updated, Failed software installation due to privilege mismatches.

Fixes
- Username was not getting parsed from logs with event ID 104. This has been fixed.
- Username is now parsed from the object string if not present in log message.
- The issues in parsing time and source from syslog messages are now fixed.
- Logs from add-on sources were not getting parsed upon restart of the log collector service. This has been fixed.
- The issue causing failure in updating logs to the database, due to inaccessible data files, has been fixed.
- Only Key_Read permission (rather than all permissions) is granted when required to read RemoteRegistry values.
- Issue with agent-server communication in DHCP environment has been fixed.
- Log collection status shown as 'Access Denied' if a filter was created which dropped all logs. This has been fixed.
- The issues causing memory leak due to object access events are fixed.
- Historic log collection was not occurring for few log types. This has been fixed.
- Multiple log collector crashes fixed.
- Invalid log types were queried during the log collection process. This has been fixed.
- Log indexing was not occurring if device type was changed manually from Syslog to Cisco. This has been fixed.
- Unnecessary escape characters were added while importing archived logs from PGSQL. This has been fixed.
- Application log archive files were getting duplicated due to scheduling clash. This has been fixed.
- Loading status would not be updated when attempting to access an archive file that was moved or deleted. This has been fixed.
- The issue in using the 'AND' boolean operator in predefined report searches has been fixed.
- Search page queries with single quotes were not working. This has been fixed.
- The issue causing failure to refine data by double-clicking host names in reports has been fixed.
- Application sub tab under Reports was not opening. This has been fixed.
- Criteria field was missing under edit predefined reports schedule window. This has been fixed.
- Uploading of log files to database was not occurring if PGSQL database was password protected. This has been fixed.
- Vulnerability fixes:
  - Guest user could change the admin password. This has been fixed.
  - Reflected XSS and Store XSS vulnerabilities are fixed.
  - Clickjacking vulnerability has been fixed.
  - Username harvesting vulnerability has been fixed.

Enhancements
- The enhancements are the same as in Standalone Edition.

Fixes
- Centralized archive issue in Admin Server has been fixed.
- All fixes to standalone edition are applicable to Distributed Edition as well.

Service Packs

Build 11005

Released on 28 Apr 2016

Standalone Edition

Fixes
- The issue leading to LogAgent crash while decrypting the password for the added host has been fixed.
- The issue leading to LogAgent crash while decoding the server response has been fixed.
- The issue leading to LogAgent does when File Integrity Monitoring is set up has been fixed.
- The issue causing LogAgent memory growth has been fixed.

Service Packs

Build 11001

Released on 7 Mar 2016

Service Pack Build 11003 released on 15 Mar 2016

Standalone Edition

Enhancements
- EventLog Analyzer and ADAudit Plus have been integrated into a single log management and auditing solution viz., Log360.

Fixes
- The issue with edit filter has been fixed.
- The users can now provide space in the account name while logging into EventLog Analyzer.
- The issue related to the import action after the field extraction operation has been fixed.
- The issue with auto upgrade of LogAgent while applying the PPM over 8.0 has been fixed.
- The issue during the application of SACL from LogAgent for huge folders has been fixed.
- While applying PPM, the issue related to agent's auto upgrade when domain name is NULL has been fixed.
- The issue with report zipping when the save type is 'Save Alone' has been fixed.
- The issue related to parsing of cisco logs when the device type is manually changed, has been fixed.
- The issue with the log collector stopping the remote registry service of the host from which it is collecting logs, has been fixed.
- The issue related with the password update while editing the host details has been fixed.
- The issue related with log parsing when Cisco meraki logs are forwarded from the relay server, has been fixed.
- File Integrity Monitoring can now record the registry events as well.
- The vulnerability issue of guest user changing the admin credentials has been fixed.
- In LogAgent, if the users are providing any other credentials other than administrator, and if they do not have credentials to access the WMI namespace, then log collection will fail.
- In SysEvtCol, if the local host is added with a user who doesn't have credentials to access WMI namespace, then log collection will fail.
- The issue related to back up and restoration operation for MS SQL 2012 server has been fixed.
- During log collection, if a single log is not returned within 2 seconds, then the log collection will be skipped after retrying 5 times with the same interval of 2 seconds.
- The issue related with the installation of FIM agent after renaming the host, has been fixed.
- The issue of considering the DB filter string's tab sequence as a space has been fixed.
- The issue with advanced search criteria not getting updated in the database has been fixed.
- The time delay with the log collection while applying FIM with user name option on a folder which contains many sub folders, has been fixed.
- Only image file formats can now be uploaded for rebranding.
- The issue with html tags injection through error messages has been fixed.
- Fixed various SQL injection vulnerabilities.
- Fixed the alert script arguments issue.
- Fixed the bug related to 'Keep me signed in' option for AD and radius login.
- Fixed directory traversal vulnerability through URL parameter.
- Fixed the issue with the import file check for evt files.
- Restricted non administrator users from accessing other users' data via parameter manipulation.

Service Packs

Build 10081

Released on 12 Jan 2016

Service Pack build 10081 released on 12 Jan 2016

Standalone Edition
Distributed Edition

Enhancements
- EventLog Analyzer server can now be configured to run in the HTTPS protocol as well. Option to provide the corresponding port numbers is also available.
- Option to encrypt the Keystore password is now available.
- You can now set the web session expiry time limit.
- The solution now provides you the flexibility to change the language of EventLog Analyzer web client, after the solution had been installed.
- Get to know the status of the report export process with the help of sleek progress bar.
- We've now provided an option to get administrator credentials during service mode installation.
- Log collection capability is strengthened to include both log type and time in the query mechanisms.

Fixes
- File Integrity Monitoring feature
  - The 'Select All' option in the 'Settings' tab wasn’t working. This issue has been fixed.
  - The 'Back' button issue in the drill down pages has been fixed.
- The issue related to the inclusion of Japanese, Chinese characters in 'Schedule' names has been fixed.
- The blank home page issue when the Managed Servers are down has been fixed.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.8 Build - 10080
- No changes specific to Distributed Edition Admin Server in this release

Service Packs

Build 10072

Released on 5 Nov 2015

Standalone Edition

Enhancements
- Application Local User Enable / Disable option integrated.
- Agent Installation error and status messages in the tool-tip.
- Apache logs common log format supported.

Fixes
- Test port not working in SMS configuration in Alerts (due to the page being opened in new window) - has been fixed.
- Criteria for scheduling Predefined Reports - OR function not working properly - has been fixed.
- Unix mail server reports - username classified as undefined - has been fixed.
- Uninstallation of agent with different username (from the username used for installation) not working - has been fixed.
- Loss of data during transfer from agent due to check-sum error - has been fixed.
- All check box selection functions have been fine tuned.
- AllLogsCurrentHourlyTrend and AllLogsHistoricalHourlyTrend are ordered by hour.
- FIM - Not able to enable username for the directories with space - has been fixed.
- When same agents are installed, slid is not updated during fresh install in agent side - has been fixed.

Service Packs

Build 10071

Released on 25 Sep 2015

Build 10070 released on 25 Sep 2015

Standalone Edition
Distributed Edition

New Features
- High availability feature has been integrated within the product.

Fixes
- Fixed the issue in field extraction that arise while creating more than two fields or whenever a special cha racter is included in the field value
- Fixed issue with alert delay in case of slow log rate
- Fixed time stamping issue for syslogs.
- Fixed the time range selection issue in report and correlation data generation
- Guest user promotion as Admin by accessing user management page has been fixed
- Vulnerabilities on session hijacking using cookie value JSESSIONID has been fixed
- XSS vulnerability in EventLog Analyzer server login page has been fixed

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.6 Build 10600
- No changes specific to Distributed Edition Admin Server in this release

Service Packs

Build 10060

Released on 29 May 2015

Standalone Edition
Distributed Edition

New Features
- Supports vulnerability data analytics - EventLog Analyzer 10.6 supports log collection and analysis of vulnerability scanners such as Nessus, Qualys, NMAP, and OpenVas.It provides 50+ predefined reports and alert conditions exclusively for vulnerability data analytics that help prioritizing the vulnerabilities and thus help to proactively mitigate security attacks.
- Supports threat intelligent solution's log data - The latest version of EventLog Analyzer supports log data analysis of endpoint security solutions such as FireEye, Symantec Endpoint solution, and Symantec DLP application. The solution provides predefined reports and alert criteria that helps identifying and containing security threats at the earliest
- vCenter log monitoring - EventLog Analyzer 10.6 supports vCenter log monitoring. It provides on-the-fly reports and alert conditions that help monitoring vCenter activities such as Datastore changes, permission changes, host changes, Resourcepool changes and more.
- Supports GPG13 compliance- as EventLog Analyzer now provides out-of-the-box reports and alerts that help HMG organizations comply to GPG13 compliance.

Enhancements
- Added new rule to parse the shun-attacks.

Fixes
- Fixed the issue of Database folder increase due to improper cleaning of throwaway tables.
- Fixed Firefox Unix icon display issue.
- Fixed the issue associated with Universal Log Parsing and Indexing (ULPI) for user specified logs.
- Fixed the parsing issue with IBM AS400.
- Issues related to juli log growth and serverout growth had been fixed.
- emoved weak cipher 'Ephemeral DH ciphers' from the secure connection.
- Fixed the time order issue on trend reports.
- Fixed the false disk space alert with remote desktop connection.
- Issue related to RunQuery.do has been fixed.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.7 Build 10070
- No changes specific to Distributed Edition Admin Server in this release

Service Packs

Build 10000

Released on 23 Jan 2015

Standalone Edition
Distributed Edition

New Features
- Log collection and processing rate has been improved to 10x from the previous mark. EventLog Analyzer version 10 and above can handle 20,000 logs per second with the peak log handling capacity of 25,000 logs per second
- 1000+ out-of-the-box reports for security, compliance and operations needs
- Enhanced real-time event response system with 600+ predefined alert criteria for Windows, Linux/Unix, Applications and Network Device environment.

Enhancements
- File Integrity Monitoring
  - Ability to filter critical changes to files/folders based on the file type
  - Ability to display the process name and domain name in file integrity monitoring reports
  - Option to enable and disable File Integrity Monitoring
  - Addition of more default templates
  - Ability to save/edit alert and report enhancement with option to select User Name & Change Type
  - Ability to drill down the file integrity monitoring report graph
  - File attribute changes and ownership changes are now being captured under critical file/folder changes
- Search
  - Ability to save the search results as alerts
  - Inclusion of auto suggestions for field values
  - Sorting of the index data for improved search performance
- Correlation
  - Custom correlation rule builder that allows to create pattern based alerting by selecting the existing correlation rules
  - Ability to specify the threshold limits for each rule in the defined pattern.
- Session Activity Changes
  - Added Duration and Log off time fields at 'Session Activity' page
  - Ability to search through the session activity reports
  - Session activity reports can now be saved

Fixes
- Fix to enabling AD authentication issue while importing user from AD groups.
- Fix to the search pagination issue
- Vulnerability fixes - URL Injection
  - Authentication problems
  - Database injection
  - Stored password encryption changes
  - Agent zip extraction
- Fix to the User based and iSeries User based Reports breaks while exporting with no user name in the database
- Fix to the PDF export issue that occurred after mouse hover search from Custom Reports, while exporting all the events instead of filtered events.
- Fix to Event ID based direct export breaks when severtity parameter is not appended in URL
- Custom alert 'Not Equals' was not working for option 'Type'. This issue was fixed.

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 10.0 Build 10000
- No changes specific to Distributed Edition Admin Server in this release

Service Packs

Build 9000

Released on 23 Apr 2014

Standalone Edition
Distributed Edition

New Features
- Real-time Event Correlation
  - Real-time correlation for proactive threat management
  - 50+ out-of-the-box correlation rules on various categories viz., File Management, Group Management, Authentication, Authorization, Audit Policy, Software Management and more
- Out-of-the-box reports for ISO 27001:2013 Standards
- Supports Terminal Server Log Analysis out-of-the-box
- Supports EventLog Analyzer user audit trail

Enhancements
- File Integrity Monitoring
  - File Integrity Monitoring reports now include the name of the user who made the change
  - Modified File Integrity Monitoring Report page
- Field Extraction for SFTP application log import is now added
- Archive encryption using AES 256 algorithm is now supported
- Supports EventLog Analyzer user audit trail
- Reports Enhancements
  - Performance of Report Extraction in PDF and CSV format is enhanced
  - Summary details for User Based Reports is now included
- Adding Hosts
  - Supports import of host list from a CSV file
  - Existing hosts that are added will be automatically hidden from the Pick List Window
- Customize Notification settings
  - Supports sending notification only once and pausing the notification for a day/week/month

Fixes
The following issues have been fixed in this release:
- In predefined compliance alert profile creation can now have the Windows 2008 type event IDs
- EventLog Analyzer version 9.0 can now handle the string '\' in Log message fields of reports, alerts and filters
- Issue with the resetpwd.bat file in troubleshooting folder is fixed
- Out of memory error during log import is fixed
- 'Notes' field in the Custom Report Creation wizard now has the character limit of 250
- Issue with the specification of multiple log messages separated by a comma, in report creation wizard is fixed
- Issue with the working of Radius Authentication is fixed
- Supports syslog import with 'Automatically Identify' option
- Issue in log import schedule for a multiline log is now fixed
- Issue in archive purging of Postgres database is fixed
- 'Advanced Alert' option in 'Custom Alert Profile' creation page
  - Supports specification of multiple Event IDs separated by a comma
  - Supports alert criteria edit even if the criteria is specified within double quotes
- Issue with updation of SQL information in ChangeDBServer.bat file with $ in the password section is fixed
- Specific Scheduled AD User import issue is fixed

Enhancements
- Managed Server contains all the features of EventLog Analyzer Standalone Edition Version 9.0 Build 9000
- No changes specific to Distributed Edition Admin Server in this release

Need a feature?

Let us know and we will roll it out as soon as we can!

Name
Email
Country
Feature

By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

Your requests matter.
Help us to help you solve your
IT security challenges!

Roadmap

We are constantly looking to add new features to meet market requirements and to improve usability. Why are we disclosing this? Because we value your inputs!

Out-of-the-box support for more log formats

The number of log sources and log formats supported by EventLog Analyzer out of the box will continue to increase this year with expected additions like MySQL, SNMP traps, H3C, and many more.

Remote deployment of correlation engine

Users will be allowed to deploy the powerful correlation engine in a separate remote server, offering them more flexibility. This will allow you to allocate more computing power to the module, which has the potential of doubling its operational efficiency.

Events

Seminar

View All
Webinars

View All
Training

View All

All upcoming events

What’s New in EventLog Analyzer?

New Features

Stop more attacks with correlation

Augmented threat intelligence

Built-in incident management console

Release Notes

Build 12126

Build 12125

Build 12123

Build 12121

Build 12120

Build 12115

Build 12110

Build 12100

Build 12060

Build 12050

Build 12041

Build 12040

Build 12030

Build 12020

Build 12012

Build 12010

Build 12000

Build 11212

Build 11211

Build 11210

Build 11204

Build 11200

Build 11140

Build 11134

Build 11133

Build 11130

Build 11123

Build 11122

Build 11120

Build 11110

Build 11102

Build 11101

Build 11100

Build 11090

Build 11080

Build 11073

Build 11072

Build 11070

Build 11066

Build 11065

Build 11060

Build 11056

Build 11055

Build 11050

Build 11045

Build 11043

Build 11042

Build 11040

Build 11030

Build 11025

Build 11020

Build 11012

Build 11010

Build 11005

Build 11001

Build 10081

Build 10072

Build 10071

Build 10060

Build 10000

Build 9000

Need a feature?

Roadmap

Out-of-the-box support for more log formats

Remote deployment of correlation engine

Events

Seminar

Webinars

Training

Try EventLog Analyzer for free