2014-06-13 MonitorWare Agent 9.3 released

Friday, June 13th, 2014

Adiscon is proud to announce the 9.3 release of MonitorWare Agent.

This is the maintenance release and contains mainly bugfixes.

Most notably, this version includes OpenSSL library 1.0.1h. This fixes all security issues from the OpenSSL Security Advisory (2014-06-05).

Detailed information can be found in the version history.

Version 9.3 is a free download. Customers with existing 8.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

MonitorWare Agent 9.3 Released (Build-IDs: Service 9.3.438, Client 9.3.1409)

Friday, June 13th, 2014

MonitorWare Agent 9.3 Released

Build-IDs: Service 9.3.438, Client 9.3.1409

Features

  • Updated embedded OpenSSL library to 1.0.1h.

Bugfixes

  • SETP Protocoll: Fixed a bug in zlib decompression.
  • RELP Action: The RELP Action failed when no other network related Actions/services was configured.
  • Configuration Client: Fixed minor bugs in the configuration client.

You can download Free Trial Version of MonitorWare Agent.

2014-04-11 MonitorWare Agent 9.2 released

Friday, April 11th, 2014

Adiscon is proud to announce the 9.2 release of MonitorWare Agent.

This is the maintenance release and contains mainly bugfixes.

Most notably, this version includes OpenSSL library 1.0.1g. This fixes the latest openssl security issues known as heartbleed.

Remote Eventlog Monitoring in Eventlog Monitor V2 has been improved.

Detailed information can be found in the version history.

Version 9.2 is a free download. Customers with existing 8.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

MonitorWare Agent 9.2 Released (Build-IDs: Service 9.2.433, Client 9.2.0.1402)

Friday, April 11th, 2014

MonitorWare Agent 9.2 Released

Build-IDs: Service 9.2.433, Client 9.2.0.1402

Features

  • Updated embedded OpenSSL library to 1.0.1g.

Bugfixes

  • EventLog Monitor V2: Fixed a problem reading the "Process unknown/unconfigured Eventlog Channgels" option which was added in the last minor update.
  • EventLog Monitor V2: Fixed a problem when using "Remote EventLog Monitoring". Now logsources are read from the remote machine properly.
  • Engine: Fixed startup issues reading windows registry. This problem only applied if you configured the service to run with an user account that has insufficient write rights into the windows registry.

You can download Free Trial Version of MonitorWare Agent.

2013-12-09 MonitorWare Agent 9.1 released

Monday, December 9th, 2013

Adiscon is proud to announce the 9.1 release of MonitorWare Agent.

This new minor release contains some new features and bugfixes.

Logs can now be normalized into XML, CSV and JSON formats. Furthermore, the normalization result is now fully available as regular properties and can be used both for output actions as well as filtering decisions.

This version permits monitoring remote machines via the V2 Event Log Monitor. This enables even better and remote monitoring capabilities.

International character set support has been improved. The email action now supports subject field encoding in UTF8, SHIFT-JIS, JIS and EUC-JP.

Detailed information can be found in the version history.

Version 9.1 is a free download. Customers with existing 8.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

MonitorWare Agent 9.1 Released (Build-IDs: Service 9.1.430, Client 9.1.0.1388)

Monday, December 9th, 2013

MonitorWare Agent 9.1 Released

Build-IDs: Service 9.1.430, Client 9.1.0.1388

Features

  • EventLog Monitor V2:
    Added support for Remote EventLog Monitoring. In order to work, make sure that the following requirements on the remote machine are met:

    • 1. The Service is configured to run with a administrative user who has rights on the local and remote machine.
    • 2. The Windows Event Collector Service is enabled and running on the remote machine.
    • 3. The Firewall on the remote machine (if enabled) allows access to Remote Event Log Management.
    • 4. The configured User is member of the "Event Log Readers" group on the remote machine.
  • Added new option "Process unknown/unconfigured Eventlog Channgels" which is enabled by default. Uncheck this option if you want to make sure that only selected Eventlog Channels should be monitored.
  • Updated librelp library to last v1 stable version 1.0.7.
  • File Action: Added file segmentation support for files above 2gb
  • Send Email Action: Added support for UTF8, SHIFT-JIS, JIS and EUC-JP encoded subjects.
  • Lognorm Action:
    Added option to specify output type as XML, CSV, JSN (Stored into a custom property)
    Event Fields are stored into the Property Engine now.

Bugfixes

  • File Action: File Size checking is now done before writing into files, this avoids writing into files that already reached their limits.
  • SNMP Trap Receiver: Fixed minor memory leak which occurred when receiving SNMP Traps.
  • HTTP Probe: Fixed HTTP Connection Close handling causing http 400 error log entries on IIS.

You can download Free Trial Version of MonitorWare Agent.

2013-02-18 MonitorWare Agent 9.0 released

Monday, February 18th, 2013

Adiscon is proud to announce the 9.0 release of MonitorWare Agent.

This new major release adds full support for Windows 8 and Windows 2012.

It can now also monitor dynamic *.evt files generated by NetApp devices. This permits to process all types of NetApp Event Log Records, no matter how the NetApp device is configured. Also, the "overrun protection delay" preciseness has been enhanced, providing even finer-grain control over how fast syslog messages are emitted. This can be very important for UDP-only based receivers, which need to receive data at a high rate, but slow enough so that no packet loss occurs.

To better support using both the old-style and new-style Windows Events Logs, an Event ID conversion capability has been added (for security events). This permits to use unified event IDs for both styles of the Windows Event Log. Most importantly, this also permits existing (customer) scripts to continue to run with the new style Event Log system.

For OEMs, the integration capabilities have been enhanced. So it now is possible to use customized service names and registry keys. This permits seamless integration into turnkey solutions. Also, for ultra-secure envrionments, this permits increased security hardening as an attacker needs to guess the actual service name if it was custom-set.

Increased SSL security by updated the Core Engine to the latest OpenSSL library 1.0.1e.

Detailed information can be found in the version history.

Version 9.0 is a free download. Customers with existing 8.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

MonitorWare Agent 9.0 Released (Build-IDs: Service 9.0.0.425, Client 9.0.0.1377)

Monday, February 18th, 2013

MonitorWare Agent 9.0 Released

Build-IDs: Service 9.0.0.425, Client 9.0.0.1377

Features

  • Added Support for Windows 8 and Windows 2012
  • Increased Timer accuracy in all Services. This mainly effects accuracy of "Overrun Protection Delay" settings.
  • Added support to load settings from a customized registry key. The key can be changed using the Configuration Client.
  • Added support to install the Service with a custom Servicename.
  • Updated to more secured OpenSSL Library 1.0.1e.
  • EventLog Monitor V1:
    When processing .evt files, it is now possible to use date replacements characters and wildcards. An offset parameter can be configured to generate filename’s from yesterday for example. For more details see the manual.
  • EventLog Monitor V2:
    Added new Option "Convert to EventLog Monitor V1″ which changes the InfoUnitID back to V1, and converts the EventIDs for the Security EventLog.
  • Added new properties syslogpriority_text and syslogfacility_text.

Bugfixes

  • FilterEngine: TRUE and FALSE filters were not correctly evaluated in certain cases (Like when used below an OR filter).

 

You can download Free Trial Version of MonitorWare Agent.

How to perform a mass rollout?

Wednesday, January 2nd, 2013

How to perform a mass rollout?

Last Update 2013-01-02 by Florian Riedl

A mass rollout in the scope of this topic is any case where the product is rolled out to more than 5 to 10 machines and this rollout is to be automated. This is described first in this article. A special case may also be where remote offices shall receive exact same copies of the product (and configuration settings) but where some minimal operator intervention is acceptable. This is described in the second half of this article.

The common thing among mass rollouts is that the effort required to set up the files for unattended distribution of the configuration file and product executable is less than doing the tasks manually. For less than 5 systems, it is often more economical to repeat the configuration on each machine – but this depends on the number of rules and their complexity. Please note that you can also export and re-import configuration settings, so a hybrid solution may be the best when a lower number of machines is to be installed (normal interactive setup plus import of pre-created configuration settings).

Before considering a mass rollout, be sure to read "The MonitorWare Agent". This covers necessary background information and most importantly the command line switches.

Automated Rollout

The basic idea behind a mass rollout is to create the intended configuration on a master (or baseline) system. This system holds the complete configuration that is later to be applied to all other systems. Once that system is fully configured, the configuration will be transferred to all others.

The actual transfer is done with simple operating system tools. The complete configuration is stored in the the registry. Thus, it can be exported to a file. This can be done with the client. In the menu, select “Computer”, then select “Export Settings to Registry File”. A new dialog comes up where the file name can be specified. Once this is done, the specified file contains an exact snapshot of that machine’s configuration.

This snapshot can then be copied to all other machines and put into their registries with the help of regedit.exe.

An example batch file to install, configure and run the service on “other” servers might be:

copy \\server\share\mwagent.exe c:\some-local-dir
copy \\server\share\mwagent.pem c:\some-local-dir
copy \\server\share\Microsoft.VC90.CRT.manifest c:\some-local-dir
copy \\server\share\msvcm90.dll c:\some-local-dir
copy \\server\share\msvcp90.dll c:\some-local-dir
copy \\server\share\msvcr90.dll c:\some-local-dir
cd \some-local-dir
mwagent -i
regedit /s \\server\share\configParms.reg
net start "AdisconMonitoreWareAgent"

Please note: These files are needed if you are using MonitorWare Agent 8.1 and above. If you are using a older version, you additionally need the files "libeay32.dll" and "ssleay32.dll".

The file “configParams.reg” would be the registry file that had been exported with the configuration client.

Of course, the batch file could also operate off a CD – a good example for DMZ systems which might not have Windows networking connectivity to a home server.

Please note that the above batch file fully installs the product – there is no need to run the setup program at all. All that is needed to distribute the service i.e. mwagent.exe and its helper dlls, which are the core service. For a locked-down environment, this also means there is no need to allow incoming connections over Windows RPC or NETBIOS for an engine only install.

Please note that, in the example above, "c:\some-local-dir" actually is the directory where the product is being installed. The "mwagent -i" does not copy any files – it assumes they are already at their final location. All "mwagent -i" does is to create the necessary entries in the system registry so that the MonitorWare Agent is a registered system service.

Branch Office Rollout with consistent Configuration

You can use engine-only install also if you would like to distribute a standardized installation to branch office administrators. Here, the goal is not to have everything done fully automatic, but to ensure that each local administrator can set up a consistent environment with minimal effort.

You can use the following procedure to do this:

  1. Do a complete install on one machine.
  2. Configure that installation the way you want it.
  3. Create a .reg file of this configuration (via the client program).
  4. Copy the mwagent.exe, mwagent.pem, libeay32.dll, ssleay32.dll, Microsoft.VC90.CRT.manifest, msvcm90.dll, msvcp90.dll, msvcr90.dll and .reg file that you created to a CD (for example). Take these executable files from the install directory of the complete install done in step 1 (there is no specfic engine-only download available).
  5. Distribute the CD.
  6. Have the users create a directory where they copy all the files. This directory is where the product is installed in – it may be advisable to require a consistent name (from an admin point of view – the product does not require this).
  7. Have the users run "mwagent -i" from that directory. It will create the necessary registry entries so that the product becomes a registered service.
  8. Have the users double-click on the .reg file to install the pre-configured parameters (step 3).
  9. Either reboot the machine (neither required nor recommended) or start the service (via the Windows "Servcies" manager or the "net start" command).

Important: The directory created in step 6 actually is the program directory. Do not delete this directory or the files contained in it once you are finished. If you would do, this would disable the product (no program files would be left on the system).

If you need to update an engine-only installation, you will probably only upgrade the master installation and then distribute the new exe files and configuration in the same way you distributed the original version. Please note that it is not necessary to uninstall the application first for an upgrade – at least not as long as the local install directory remains the same. It is, however, vital to stop the service, as otherwise the files can not be overwritten.

2012-09-21 MonitorWare Agent 8.2a released

Friday, September 21st, 2012

Adiscon is proud to announce the 8.2a release of MonitorWare Agent. This is a minor release.

This release contains a bugfix concerning the EventLog Monitor.

For more details read the version history

Version 8.2a is a free download. Customers with existing 11.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.