DORIAN SOFTWARE CREATIONS, INC. CONTINUES TO
PIONEER EVTX LOG FILE MANAGEMENT
Newly Released Event Analyst 6 Expands Log Reporting While Furthering EVTX Capabilities
For immediate release
10/30/2007 - Atlanta GA
Dorian Software Creations, Inc. (www.doriansoftware.com) today announced the release of Event Analyst ® 6 (www.eventanalyst.com), the latest version of the event log reporting and correlation tool. New reports and filters among other features ensure value for SEM (security event management) strategies of all sizes and scope.
Following July’s announcement of Dorian’s groundbreaking LogRefiner ™ technology, the globally recognized leader in log management is again expanding on the capabilities of its patented Total Event Log Management Solution ™. This new version of Event Analyst incorporates the LogRefiner technology, giving users and auditors the ability to work with the next generation of event logs in the EVTX format.
Dorian’s development team has been warning for some time in its blog at http://eventlogs.blogspot.com/ that the change in log formats from the existing EVT format to EVTX is rife with pitfalls. The problems are not just merely technical – administrators as well as compliance and security specialists seeking consistency and reliability for log audits should all be concerned.
Event Analyst joins Dorian’s automated log collection tool Event Archiver ® as an industry forerunner in EVTX compatibility. But, the company continues to emphasize that EVTX log format adoption is not yet necessary. The focus is on encouraging IT organizations to only adopt the new format at their speed and on their terms. The approach provides for co-existence, for the forseeable future, between the two log formats in a log management strategy.
After all, the adoption of the new log format within the private and public sectors is just beginning, and many requirements force organizations to store years-worth of log data. That means, in many cases, auditors and forensic investigators will be looking at the “old” EVT logs for another 5-10 years at least.
Because the management of both log file formats will be necessary for years to come, Dorian Software is again stressing that any releases including the LogRefiner technology will not abandon those who continue to work with the EVT format.
As a result, the features that ship with Event Analyst 6 help address the log files of yesterday, today, and tomorrow:
Four New Pre-Built Reports Now Available
This version of Event Analyst adds four new reports, specifically:
Password Change Attempts By Users
Password Reset Attempts By Administrators or Account Operators
Successful Network Logons - Workstations and Servers (Condensed)
Successful Network Logons - Workstations and Servers (Detailed)
New Advanced Filter Features, Including:
Additional Relative Date Ranges
In the past, administrators could create advanced filters that returned log data a given number of days from the time the filter or report was actually executed. Now, administrators can create advanced filters that return log data a given number of days from the day prior to when the filter or report is run (e.g. from 12:00:00AM to 11:59:59PM), providing them with a clearer data boundary for scheduled report generation.
Quick Event ID Lookup
When building Advanced Filters that target one or more Event IDs, administrators can now multi-select them from the Friendly Event ID Manager, making it much easier to find the exact Event IDs that should be targeted.
Quick Computer Lookup
When building Advanced Filters that target one or more computers, administrators can now select them directly from a domain controller, browse list, OU, or custom domain listing.
Log Entry Viewer
The recent history of Event Analyst's scheduled report operations are now simply a menu click away. In addition, administrators can filter the entries by type - information, warning, or error messages, for example - and then export them to HTML if necessary.
Custom Domain Creation
As networks grow and merge, domain and workgroup structures expand in size and complexity. Event Analyst 6 tackles this problem by allowing network administrators to create "custom domains" - logical groups of related computers.
For example, delegation of administration may require that an administrator manage specific servers in three different organizational units of a larger domain. Using Event Analyst, she can now map these individual computer names to a custom domain. Then, she can easily reference that custom domain whenever she needs to summon one of the computers' logs for analysis or reporting.
Scheduled Report "Test" Feature
Now, after administrators create scheduled reports, they can immediately test them with a click of the button to see if they produce the results desired. Additionally, if reports must be run again, this feature reduces workload for the administrator.
Pre-Built Report Summary Exporter
Event Analyst 6 supports the export of all pre-built report titles and what those reports target, making it easy for administrators to share this information with compliance or security officers.
Windows Vista EVTX File Support
Simply install Event Analyst to a Windows Vista workstation to start working with EVTX files from other Windows Vista workstations.
No vaporware promises – Dorian has the technology today and ready for you to download.
LogRefiner Technology Makes Downlevel EVT File Processing in Windows Vista Possible
Dorian's exclusive LogRefiner technology can read, filter, and report on EVT files from downlevel systems directly alongside the EVTX files from Windows Vista and newer operating systems.
With Event Analyst's exclusive new technology, no information goes missing when converting downlevel EVT files into new formats – all event log fields are processed properly the first time.
Streamlines Fields Between EVT and EVTX Logs With LogRefiner Technology
Did you know that Windows Vista’s EVTX logs have even more fields? Event Analyst 6 can be instructed to automatically consolidate these fields - the Keyword and Opcode fields specifically - into the Task (Category) field so that you can have a uniform field structure when working with EVT and EVTX log files.
LogRefiner Technology Maintains Field Consistency Across Logs
Event Analyst 6 has the ability to place the most relevant user information back into the User field as it reads and processes EVTX files. By helping maintain the consistency of log data and its formatting, this feature greatly aids the administrator or compliance officer in charge of reviewing the consolidated data.
Defines Success Audits Versus Failure Audits Using LogRefiner Technology
Event Analyst 6 - when working with security EVTX Files - has the ability to properly record whether or not the event was a Success Audit or Failure Audit, greatly aiding the reviewer of log data generated from both EVT and EVTX log files.
Event Analyst 6 starts at just $69 per server generating logs to be collected. Support service options as well as deep volume and workstation discounts are available.
For more on Event Analyst and a free 30 day fully functioning evaluation, visit www.doriansoftware.com/eventanalyst. For information on the Total Event Log Management Suite, visit www.doriansoftware.com/totalsolution. Dorian Software can also be contacted by phone at 1-866-682-3646 in North America and 678-222-3443 internationally.
Copyright © 2001-2007 Dorian Software Creations, Inc. Event Archiver, Total Event Log Management Suite, LogRefiner, and the Dorian word mark are trademarks or registered trademarks of Dorian Software Creations, Inc. Microsoft, Microsoft Windows, Windows Server, and Windows Vista are trademarks or registered trademarks of the Microsoft Corporation. All other trademarks are the trademarks of their respective companies
|
