Released on : 31 October 2014
Applies to Version: 7.6 Build 21
Download

Summary
EventTracker 7.6 Build 21 Service pack 1.

The following updates are included in this service pack.

New Features:

  • Configuring dashboard based on Event Vault Explorer data.
  • Users can import/export the index based dashboard configuration.
  • Excel export of the summary data based on the generated scheduled reports. Can be accessed in the reports dashboard.
  • Added Port Configuration utility. It can be accessed from “EventTracker Control Panel”.

Feature Enhancements and Optimizations:

  • Support for multiline log in Agent LFM.
  • Ability to provide the UNC path manually for EventVault storage.
  • Extract complete domain name instead of considering till first ‘.’ (dot character) while extracting username for default activities. (User, Admin, Process activity)
  • Appending source event details in new activity event. (Update ET76U14-008)
  • A new event id 3506 is generated by EventTracker agent to indicate the status of applying configuration.
  • Added process Id and user name in the description of “High memory utilization” events (Event id 3217 and 3219) and “High CPU utilization” events (Event id 3218 and 3220).
  • Performance enhancements in Direct Log Archiver.
  • Description of ET Agent performance monitoring events indicates the services running under hosting processes (svchost.exe, lsass.exe etc.) if the event is generated for a hosting process.
  • Support for mapping system name in Direct Log Archiver. (Update ET75U14-055)
  • Changed all filter comparisons (Event Filters, Filter Exceptions, NCM include list etc) in agent to be case insensitive.
  • Bulk acknowledging of the incident search results.
  • Additional search options in the Incident advanced search.
  • Admin users can view all generated reports of other users in “My EventTracker->Reports Dashboard”.
  • Storage path of the SparseMatrix index data is configurable.

Bug Fixes:

  • For custom behavior rules configured in learning mode, new activity and out of ordinary activity events are generated even if learning is not complete.
  • Handle leak during archive purging if value for purge frequency is not set.
  • Reset behavior data fails to reset the data for out of ordinary activity and new activity. (Update ET76U14-009)
  • Fix for issue where archiver backlog happens whenever cache mdb gets corrupted.
  • If we delete and re-configure Agent LFM, then agent will not pick up the file as it has the entry for the same in “etlogfilepos.bin” still exists with old information. Until the line number is reached it won’t pick the file.
  • Fix for high memory usage in Agent LFM when processing IIS advanced logs. (Update ET75U14-059)
  • On migrating/renaming Collection Master system; it retrieves incorrect SQL server instance name for storing Collection Point data.
  • Amazon JSON logs processed via DLA and agent LFM do not contain the original Log time from configured log.
  • EventTracker Agent configuration UI: Advanced filters added without Event Id criteria are not evaluated correctly.
  • Change in InstallDefaultReports utility to include offline systems for log volume and disk space status.
  • Fix for error thrown while importing large number of system/groups.
  • Fix for wrong import/export data when advanced search filter is provided for a flex report.
  • EventTracker Agent stops reporting when configuration changes are fetched from manager.

Who should read this document
Customers who use 7.6 Build 21

Severity
High

Affected software
EventTracker Agent, EventTracker Reports, EventTracker Scheduler, EventTracker Alerter, EventTracker EventVault, EventTracker Web, EventTracker Receiver.

Non-affected software
NA

Process to apply Update

  1. Download Update
  2. Place the Update ET76U14-SP1.exe in the destination computer.
  3. Execute the exe.