rsyslog

The rocket-fast system for log processing

Rsyslog Windows Agent 2.0 Released

Adiscon is proud to announce the 2.0 release of RSyslog Windows Agent.

This new major release adds full support for Windows 8 and Windows 2012.

It can now also monitor dynamic *.evt files generated by NetApp devices. This permits to process all types of NetApp Event Log Records, no matter how the NetApp device is configured. Also, the "overrun protection delay" preciseness has been enhanced, providing even finer-grain control over how fast syslog messages are emitted. This can be very important for UDP-only based receivers, which need to receive data at a high rate, but slow enough so that no packet loss occurs.

To better support using both the old-style and new-style Windows Events Logs, an Event ID conversion capability has been added (for security events). This permits to use unified event IDs for both styles of the Windows Event Log. Most importantly, this also permits existing (customer) scripts to continue to run with the new style Event Log system.

For OEMs, the integration capabilities have been enhanced. So it now is possible to use customized service names and registry keys. This permits seamless integration into turnkey solutions. Also, for ultra-secure envrionments, this permits increased security hardening as an attacker needs to guess the actual service name if it was custom-set.

Increased SSL security by updated the Core Engine to the latest OpenSSL library 1.0.1e.

Build-IDs: Service 2.0.111, Client 2.0.0.129

Features

  • Added Support for Windows 8 and Windows 2012
  • Increased Timer accuracy in all Services. This mainly effects accuracy of "Overrun Protection Delay" settings.
  • Added support to load settings from a customized registry key. The key can be changed using the Configuration Client.
  • Added support to install the Service with a custom Servicename.
  • Updated to more secured OpenSSL Library 1.0.1e.
  • EventLog Monitor V1:
    When processing .evt files, it is now possible to use date replacements characters and wildcards. An offset parameter can be configured to generate filename’s from yesterday for example. For more details see the manual.
  • EventLog Monitor V2:
    Added new Option "Convert to EventLog Monitor V1″ which changes the InfoUnitID back to V1, and converts the EventIDs for the Security EventLog.
  • Added new properties syslogpriority_text and syslogfacility_text.

Bugfixes

  • FilterEngine: TRUE and FALSE filters were not correctly evaluated in certain cases (Like when used below an OR filter).

 

Version 2.0 is a free download. Customers with existing 1.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

3 thoughts on “Rsyslog Windows Agent 2.0 Released

Comments are closed.