Change language:
Get a quote

Documents

Manuals

LOG ANALYZER

User

Release notes

  1. Overview
  2. Release: 2025-04-22
  3. Release: 2025-01-22
  4. Release: 2024-11-29
1. Overview

Log Analyzer

2. Release: 2025-04-22

New Features

  • REST APIs now support custom log fields in search responses.
  • Zendesk Ticketing Tool integration enabled with OAuth 2.0 Authorization Grant Flow configuration.
  • INGOS Asset Management integration now allows creating tickets using custom templates.
  • New SonicWall Opened Connection and Closed Connection reports added to the Firewall Connections report group.
  • Support for RFC 5424 format logs from pfSense/opnSense devices.

Improvements

  • Device status during the addition of new devices for log collection now displays "Logs are yet to be collected" instead of "Success".
  • SophosXG Update Deny Access Rules block added to Firewall Actions in the Workflow builder.
  • Java Runtime Environment (JRE) upgraded.
  • Refined parsing rules for Logon reports on Cisco devices and Traffic Allowed reports on Checkpoint devices.
  • Fields like backup file location, size, and time now available for MS SQL reports in Search and Custom Alert Criteria Builder.

Bug Fixes

  • Fixed issue where non-business hours logs were not displayed for some time zones in the Search tab.
  • Fixed issue where a predefined dark web monitoring alert profile could not be edited.
  • Fixed issue with indexing logs with timestamps near epoch 0 causing incorrect archive file status.
  • Fixed parsing issue causing data enrichment sync with Endpoint Central to fail with "Internal server error".
  • Fixed incorrect flagging of archived files as tampered when timestamping was enabled.
  • Fixed issue with Disk Usage graph failing to render for users with high disk space.
  • Upgraded third-party libraries (PCRE, Libssh2) to more secure versions to address known vulnerabilities.
  • Fixed issue where decommissioned devices affected the license count.
  • Fixed issue in historic log collection where logs were collected from the device addition time instead of the selected time range.
  • Newly added devices are now automatically assigned to the correct log source group based on the detected OS.
  • Fixed parsing issues for event IDs 301, 401, 4688, and 8003.
  • Fixed "Undefined error" displayed in Windows Server statuses.
  • Fixed issue with the collect-only log collection filter for IBM AS400 log sources.
  • Archives can now be stored in AWS S3 without requiring a Cloud license.
  • Fixed issue with archive indices not being deleted after the retention period.
  • Fixed issue in SACL policy verification.
  • Fixed issue where the System Diagnostics page showed the old server name after migration.
  • Fixed issue where archive files showed "access denied" despite restored connection.
  • Fixed issue where storage summary displayed "access denied" when ping was restricted.
  • Changed time interval for automatic syslog device status updates to 1 day.
  • Automatic syslog status interval now aligns with the Log collection failure alert (LFA) interval if configured.
  • Fixed issue during credential synchronization with INGOS Active Directory Audit.
  • Fixed error when deleting a device or technician with MS SQL as the backend database.
  • Fixed issue with bulk device synchronization with INGOS Asset Management by increasing the API threshold to 1500 per minute.
  • Fixed issue where Add/Remove Columns changes were not reflected in CSV exports of Alerts.
  • Fixed erroneous "Mail server not configured" message despite successful SMTP API configuration.
  • Fixed issue with corrupt ZIP files during scheduled export of compliance reports.
  • Improved ambiguous error message during INGOS Asset Management integration due to mandatory ticket fields.
  • Fixed issue with importing log files without an extension.
  • Fixed issue with syncing site configuration changes from IIS servers.
  • Fixed minor issues in the Dashboard module during data refresh and loading.
  • Fixed issues in Custom Reports regarding report criteria, custom field display names, and column modifications.
3. Release: 2025-01-22

Enhancements

  • Automatic Status Updates for Syslog Devices
    • If no logs are received for a certain period (approximately one hour), the status changes to "Logs not forwarded".
    • If the device becomes unreachable, the status changes to "Device not reachable".
  • Additional Router Reports
    • Added Denied Connection and Allowed Connection event reports for Cisco ISR routers under the Router Traffic Report by Protocol.
  • Refined Parsing Rules
    • Improved parsing for Website Traffic reports on Barracuda devices.
    • Enhanced parsing for VPN User Connected reports on Palo Alto devices.

 

Bug Fixes

  • Installation and Credentials
    • Fixed an issue causing account lockouts when installing agents with missing or incorrect credentials.
  • Log Imports
    • Resolved a problem where log imports from shared or remote locations failed if the application server itself was configured as a log source.
    • Addressed an issue with indexing historical logs and collecting logs from AS400 devices.
    • Fixed an SNMP credential parsing issue that caused the log collector to crash.
    • Resolved a credential synchronization problem in log collectors during domain updates.
    • Enhanced log collection filters by adding over 24 sets of criteria for improved customization.
  • Device and Agent
    • Fixed an issue that caused decommissioned devices to appear in the active devices category.
    • Resolved a problem with agent registration triggered by duplicate machine UUIDs.
    • Disabled IP refresh for Syslog devices to improve stability.
  • Backup and Upgrades
    • Fixed a PostgreSQL backup issue during the upgrade process, ensuring successful backups.
  • Vulnerability Patch
    • Patched a SnakeYAML vulnerability (CVE-2022-1471) that could potentially lead to remote code execution.
  • Device Names and Display
    • Corrected a mismatch between device names and their display names in Build 12300.
  • Elasticsearch Indexing
    • Reduced the queue size for failed bulk indexing requests to optimize heap usage.
  • AWS S3 Log Collection
    • Fixed issues affecting machines set to Japanese locales or language settings when collecting AWS S3 access logs.
  • SQL Application
    • Fixed a log collection error in SQL Server Backup and Restore reports.
    • Added sorting capability for the "Number of Records" field in the Most Used table report for SQL applications.
  • Archives
    • Resolved a log archival error caused by extremely high log flow.
4. Release: 2024-11-29

Added:

  • Support for collecting logs from INGOS Asset Management via Syslog for real-time auditing.
  • Predefined compliance reports for:
    • PCI-DSS, updated to version 4.0.
    • ISO 27001-2022.
  • New predefined reports:
    • Configuration changes in Palo Alto devices.
    • VPN logouts in Sophos devices.
  • Action log field for Fortinet IDS/IPS device reports to provide deeper insights for threat analysis.

Enhancements:

  • Updated internal parameters to reduce false positive events in Apache SQL Injection reports.
  • Minor improvements to the PostgreSQL migration process for a smoother service pack upgrade.

Fixed:

  • Resolved an issue with detecting tampered archive files to prevent false positives.
  • Fixed memory allocation issues during the processing of large MySQL log files.
  • Addressed an issue where the product restarted after successful or reverted auto-upgrade installations.
  • Fixed auto-upgrade failures caused by improper schedules and delays in agent and DB shutdowns.
  • Corrected downtime issues for the Managed Server during auto-upgrades when the Admin Server could not locate it.
  • Resolved internal configuration issues with the service pack upgrade for Build 12500
starsstars
line
line