DORIAN SOFTWARE CREATIONS, INC. PIONEERS
WINDOWS VISTAT LOG FILE MANAGEMENT
New Release of Event Archiver ® Adds Valuable Features For Managing EVT Files While Preparing Users For the New EVTX Format
For immediate release
7/10/2007 - Atlanta GA
Dorian Software Creations, Inc. (www.doriansoftware.com) today announced the release of Event Archiver 7 (www.eventarchiver.com), the latest version of its automated log file collection and consolidation tool.
Having announced earlier in the year a U.S. patent for its Total Event Log Management Solution ™, the globally recognized leader in log management is again charting new territory within the SEM and SIEM markets. This time, Dorian is striking early at the looming onslaught of EVTX files – logs generated by the new Windows Vista and upcoming Windows Server ® 2008 operating systems – that compliance and security specialists face.
Dorian’s development team has been warning for some time in its blog at http://eventlogs.blogspot.com/ that the change in log formats from the existing EVT format to the new EVTX is rife with pitfalls - for admins and particularly, compliance and security specialists seeking consistency and reliability for log audits. The warnings have not articulated a preference between the log types but have instead stressed the importance of understanding the pitfalls before moving forward with Windows Vista and Windows Server 2008 migrations.
Arguably, the EVT format was a big enough challenge for administrators to learn. Now, within the Windows ® platform alone, these security professionals face disparate formats and all the problems those differences bring: new event IDs; different formatting of data; and last but not least, changes in the way logs are handled for collection, monitoring, and reporting.
Dorian's response to the shift places the emphasis on the management of these log types side-by-side - rather than forced upgrades or adoption of the new format.
After all, the adoption of the new log format within the private and public sectors is just beginning, and many requirements force organizations to store years-worth of log data. That means, in many cases, auditors and forensic investigators will be looking at the “old” EVT logs for another 5-10 years at least.
As a result, Dorian Software Creations, Inc. is introducing its exclusive LogRefiner ™ technology. The focus of this new technology is the careful management of both log formats side-by-side, streamlining the management of both formats via consistent logic and methodology. Therefore, early adopters of Windows Vista and Windows Server 2008 - the operating systems that generate the new EVTX format - can take advantage of log management capability in Event Archiver today. This again sets Dorian Software apart from other log management vendors - almost all of which have been notably mute or at least guarded in their response to the major changes facing SEM and SIEM efforts.
Because the management of both log file formats will be necessary for years to come, Dorian Software stresses that any releases including the LogRefiner technology will not abandon those who continue to work with the EVT format.
As a result, the features that ship with Event Archiver 7 help address the log files of yesterday, today, and tomorrow:
Cryptographic Hashing of Flat Files
Event Archiver can now be configured to automatically generate an MD5 hash immediately after collecting an EVT or EVTX file, as well as immediately after converting an EVT or EVTX file to a comma-delimited text file. The MD5 hash is logged separately by the Event Archiver Service at the time of the archive. This way, administrators can compare older archived files against the hash at a later date to detect any type of tampering.
Save Time and Bandwidth With Event Archiver’s Working Directory
Event Archiver now includes a Working Directory feature for log processing. Administrators can effectively specify a log file size that is "too big" to work with across the network, and Event Archiver will automatically transport any archived log greater than that size to a special folder on the machine where Event Archiver is installed.
Then, most all processing – such as zip compression, MD5 hash calculation, and conversion - will take place locally, substantially speeding up these activities and saving bandwidth.
Windows Vista EVTX File Support
Event Archiver has the capability to collect and convert EVTX log files. This is the new logging format first introduced in Windows Vista and planned for use in Microsoft Windows Server 2008. Simply install Event Archiver to a Windows Vista workstation to start collecting EVTX files from other Vista workstations.
LogRefiner ™ Technology Makes Downlevel EVT File Processing in Windows Vista Possible
Dorian's exclusive LogRefiner technology can archive and convert EVT files from downlevel systems directly alongside the EVTX files from Windows Vista and newer operating systems - the converting and reading of EVT files being the very thing that the Microsoft Event Viewer on Windows Vista has difficulty doing correctly.
With Event Archiver's special new technology, no information goes missing when converting downlevel EVT files into new formats – all event log fields are processed properly the first time.
Streamlines Fields Between EVT and EVTX Logs With LogRefiner Technology
Did you know that Windows Vista’s EVTX logs have even more fields? Event Archiver 7 can be instructed to automatically consolidate these fields - the Keyword and Opcode fields specifically - into the Task (Category) field so that you can have a uniform data structure for EVT and EVTX exported log files.
LogRefiner Technology Maintains Field Consistency Across Logs
In the Windows Vista Security Log, no information about the user performing the action or affected by the action is recorded in the User field when an event is logged. Instead, all user information is placed in the Description of the event.
Event Archiver 7, however, has the ability to place the most relevant user information back into the User field as it converts EVTX files into new formats. By helping maintain the consistency of log data and its formatting, this feature greatly aids the administrator or compliance officer in charge of reviewing the consolidated data.
Defines Success Audits Versus Failure Audits Using LogRefiner Technology
Another major change in the Windows Vista security log is that all events are recorded as “Informational.” To discern whether or not the event represents a failed or successful action, the administrator must refer to the Keyword of the event.
But, Event Archiver 7 - when converting security EVTX Files - has the ability to properly record whether or not the event was a Success Audit or Failure Audit, greatly aiding the reviewer of log data generated from both EVT and EVTX log files.
Though Event Archiver’s improvements are many, the price remains the same: It starts at just $90 per server generating logs to be collected. Support service options as well as deep volume and workstation discounts are available.
For more on Event Archiver and a free 30 day fully functioning evaluation, visit www.doriansoftware.com/eventarchiver. For information on the Total Event Log Management Suite, visit www.doriansoftware.com/totalsolution. Dorian Software can also be contacted by phone at 1-866-682-3646 in North America and 678-222-3443 internationally.
Copyright © 2001-2007 Dorian Software Creations, Inc. Event Archiver, Total Event Log Management Suite, LogRefiner, and the Dorian word mark are trademarks or registered trademarks of Dorian Software Creations, Inc. Microsoft, Microsoft Windows, Windows Server, and Windows Vista are trademarks or registered trademarks of the Microsoft Corporation. All other trademarks are the trademarks of their respective companies.
|
