Version History

<< Click to Display Table of Contents >>

Navigation:  Support, FAQ, Version History >

Version History

This page lists all versions of EventSentry that were released since its initial launch in December 2002. To learn more about our numbering system click here.


Version 3.4.1    September 2017

Windows Monitoring

oAdditional capabilities to detect and prevent against new types of Ransomware infections, including variants that modify the boot sector.

oNew software version check identifies outdated software on your network to help you reduce your attack surface. This new feature supplements EventSentry’s software inventory component.

oDisk space alerts now include a list of the largest files and folders of a volume

oUPS & Battery monitoring now inventories all attached UPS batteries as well as integrated batteries (laptops) regardless of the manufacturer

oEffective audit settings on a Windows host can sometimes deviate from group policy settings - due to conflicts, errors and so forth. A new Audit Policy Status page periodically inventories the current audit settings so you can verify the actual audit settings.


Network Monitoring

oNetFlow monitoring now supports calculating the bandwidth of an interface, including additional statistics such as packet count, bytes per packet and more.

oPing response time now provides packet loss stats



oEventSentry agents can now be integrated with many open source and commercial log solutions with additional Syslog options - even custom JSON formatting is supported!


Web Reports

oNow available in 64-bit and support larger reports and increased performance

oNew user activity tracking page makes seeing all activity by a user as easy as never before!

Version 3.3.1    December 2016


oNetFlow with support for NetFlow v1, v5, v9 & sFlow. NetFlow supports visualization, geolocation, alerts, correlation with workstation logon events to map flows to ActiveDirectory users, filtering and more


Web Reports

oNotes & Documentation: Web reports users can submit notes to document infrastructure updates, maintenance, fixes and more. Documentation files can be uploaded and associated with hosts

oAdded ISO 27001:2013 compliance reports

oNew security features

oNew dashboard tiles

oTreemap visualization available for most pages

oUpdated look and improved menu


Management Console

oDeployment: Agents using the collector can receive configuration and agent binary updates automatically through the collector without user intervention.

oDeployment: MSI installers can now be created in a few seconds directly from the management console (requires free WiX Toolset)

oAbility to reset the configuration to post-installation defaults (new v3.3 installations only)

oRemote configuration can now removed when uninstalling an agent even when remote registry service is unavailable

oVersion checks and update/patch downloads are now performed over TLS for enhanced security



o64-bit agent is now available for 64-bit Windows

oRemoved limit and improved management of custom event logs

oSupport for chaining events

oAgent / Collector: Emails containing IP addresses sent through collector can be enhanced to display geolocation and reverse lookup data inline.

oEmails from security event log will automatically be enhanced with descriptions for many status and error codes

oDatabase performance of delimited log files has been significantly improved

oInsertion strings of events can be created or replaced using regular expressions

oInstall date of software is now available for most software even if it was installed before EventSentry

oUSB drives are now detected in real-time



oHeartbeat Agent: Agent status is now retrieved directly from collector and/or database for faster and more efficient monitoring

oNetwork Services: Database performance for Syslog component has been improved for MSSQL databases

oNetwork Services: License count for network devices is now more accurately enforced

oDatabase: Built-In database now uses PostgreSQL v9.6, optional upgrade path is available

oConfiguration: Improved out-of-the-box filter rules for less noise

Version 3.2.1    February 2016


Central collector service which enables a 3-tier architecture between an action (e.g. database, email server) and the EventSentry agents

Supports compression and secure data transmission via TLS encryption



Management Console: Ability to import computers from a network (subnet) scan

Management Console / Remote Update: Record activity in log files

Management Console / Remote Update: Toggle fields in result list

Management Console: Export all configured filters to CSV file

Switch inventory with switch port to MAC/hostname mapping

Detection of highest supported USB version


Web Reports

Additional language support for French, Spanish, Polish, Portuguese and Italian

Out-of-the-box compliance reports for PCI-DSS, FISMA, Sarbanes Oxley, HIPAA and GLBA

Improved & faster performance trend reporting with ability to display multiple trend charts on a single page

New Bulk assignment for easier report management

Report jobs can be saved to a folder

Improved host inventory page now shows switch port (if available), USB version and VM hosts (if available)

Health matrix displays computer notes

Improved usability throughout

Improved connection pool support

Version 3.1.1    December 2014

Windows & General Monitoring

Task Scheduler inventory and change detection

Large File enumeration

Inventory of virtual machines (Hyper-V & ESXi)

HTTP action now supports POST/PUT for better interoperability with web-based APIs

Disk space monitoring now supports multiple disk space packages assigned to a single host

Improved remote update / host management, especially of Non-Windows hosts in management console


Heartbeat & SNMP Monitoring

Process Monitoring support for SNMP-enabled hosts

Improved router functionality, configure routers based on IP subnet

Status change detection and uptime calculation is more reliable

Overall stability improvements in the heartbeat agent


Web Reports

Support for multiple dashboards, including automatic iteration between dashboards

Dashboards can be shared

Support for graphical gauges (Clock, meter, number, bullet)

New heat-map tile for uniquely visualizing log, syslog and performance data

New generic search tile supports embedding data from any feature in dashboard

Support for TV mode and dark/light theme in dashboard

Various tweaks and improvements to existing dashboard tiles

Version 3.0.1    December 2013

New Web Reports

Scheduled Jobs: Receive reports via email

PDF & JSON Output

UTC Support

Cross-platform: Supports Windows, Linux and OS X

Complex queries for all features

Full API

Easier installation & setup

Better dashboards

Better summary pages

Do no longer require Flash

Access control with LDAP integration


Network Monitoring (Heartbeat Agent)

Poll SNMP counters (integrates with performance monitoring)

Retrieve disk space information from SNMP-enabled hosts

Retrieve basic system & hardware information from SNMP-enabled hosts

Retrieve uptime from SNMP-enabled hosts


Windows Monitoring

Log file monitoring supports sub folders

Compliance "Logon By Type" tracking can exclude logons by computer accounts

Event Log filters can override email subject & message body

Packages can by dynamically assigned based on platform (32bit vs 64bit)

Threshold filters can utilize insertion strings

Disk space prediction feature (predicts when disk will be full)

Identify reasons why hosts were shut down or rebooted

Desktop notification supports Growl

Network notification supports remote desktop services

Application scheduler support process isolation

New email format "HTML Modern"



New management console features ribbon & visual improvements

New authentication manager

Many common tasks have been simplified

Improved built-in event viewer for Application & Services Logs

ARP daemon detects & tracks new MAC addresses and MAC to IP mappings

Version 2.93    June 2012

New Features:


New installer for a better installation and upgrade experience

Now includes a built-in (PostgreSQL) database

Added support for PostgreSQL 9.x

ODBC drivers for PostgreSQL and MySQL are now installed automatically (when needed)

New installation includes performance monitoring packages for Exchange Server and others

Preliminary support for Windows 8 and Windows Server 2012

Support for USB-only temperature & humidity sensors

Introducing the Configuration Assistant, which supersedes the database setup wizard, and introduces additional functionality

Heartbeat monitoring can now scan hosts in parallel using multiple threads

Heartbeat monitoring: Maintenance schedule can be set to the "nth" weekday (e.g. 2nd Tuesday)

Performance Monitoring supports floating point counter values

Performance Monitoring can log counter data to multiple databases

Performance Monitoring can combine values from two different counters

Performance Monitoring can detect leaks in performance counters

Performance Monitoring can suppress alerts based on past values

Performance Monitoring alerts are more verbose and include additional information, including counter descriptions

Process Monitoring: Supports wildcards and can evaluate the command line of a process

Event Log Backups: Better alerts and alerts now include SHA checksum of .evt(x) files

Event Log Monitoring: Content filter supports perl regular expression syntax

Event Log Monitoring: Day/Hour filter can be set to the "nth" weekday (e.g. 2nd Tuesday)

Event Log Monitoring: For Windows 2008 and later, processing performance has been optimized for higher throughput and lower CPU utilization

Process Tracking: Now collects process elevation level when UAC is enabled

Embedded scripts now verify temp file contents with checksum

Embedded scripts called from the applications scheduler now support command-line arguments

Hardware Inventory: On DELL & HP servers (when required manufacturer management tools are installed), collects fan speed, redundant power supply status, remote management card information, temperature information, detailed RAID information

Hardware Inventory: Retrieves warranty information for DELL, HP, IBM and Lenovo hardware

Hardware Inventory: Retrieves configured UAC level

Actions: Filter notes can now be posted to HTTP action

Management Console: Saving configuration is about 10 times faster

Management Console: Added better keyboard and mouse scroll wheel navigation for better user experience and section 508 compliance

Management Console: Status of all local EventSentry services is now monitored in the background

Management Console: Environment monitoring dialog now shows serial ports with descriptions

Web Reports: Performance Status and Heartbeat Status pages load significantly faster

IIS: IIS no longer has to be switched to 32-bit mode on 64-bit systems

Bug Fixes:


Added support for 64-bit event numbers (Vista and later)

Audit policies for compliance tracking features are now set correctly on Vista and later systems

Resolved problems in various features when Japanese file names were processed

Computer names exceeding the maximum NetBIOS length of 15 characters are now properly stored in the database

Event message text is now properly formatted before submitting to SNPP (Pager) server

Software Inventory: Internet Explorer is now properly detected on Vista and later

Software Inventory: Patches are new enumerated even when TrustedInstaller.exe is active

Event Log Backup: Resolved small memory leak

Heartbeat Monitoring: Improved reliability

Heartbeat Monitoring: Resolved memory leaks

Environment Monitoring: Location is now included in alerts

Performance Monitoring: Performance Status and other related pages (including network status, mobile apps) now load significantly faster

Fixed bugs in Console Logon Tracking

Agent startup speed has been improved when service monitoring is enabled

File Access Tracking: Fixed issue on Windows 2008 and later

Network Services: Japanese Syslog messages and SNMP traps are now correctly logged to the event log and database

Version 2.92     April 2011

New Features:


SNMP trap daemon is introduced and logs v1, v2c and v3 SNMP traps either to the event log or the database

Syslog daemon has been moved from the EventSentry agent into the "Network Services" service, together with the SNMP daemon. Stability as well as reliability have been improved in the new Syslog daemon

Performance (optional) as well as environment email alerts now include an attached chart which shows recent performance / environmental data

Management Console: Clicking a computer icon now displays a summary page

Event Log Monitoring: Insertion string matching can now match empty strings

Event Log Monitoring: Number of supported custom event logs has been increased to 30

Service Monitoring: A recurring alert can be configured when a service remains in the "Stopped" state

Hardware Inventory: Network adapter speed is now collected, and speed changes are logged to the event log

Hardware Inventory: Addition and removal of Removable drives (e.g. USB drives) are now detected and logged to the event log

Hardware Monitoring: The S.M.A.R.T. status of physical drives (when supported) is monitored.

Disk Space Monitoring: Volumes linked to by junction points are now included when disk space alerts are evaluated / generated. Note: Disk space information in web reports does not yet take junction points into consideration

Process Monitoring: The number of required instances of a process can now be specified

Print Tracking: Print tracking now works with Vista and later operating systems

Network Logon Tracking: When capturing "Logon By Type" events, "Audit Success" can now be excluded

A new HTTP action submits events to web pages via http or https

The SMTP action dialog now includes a wizard to build email addresses for common email to SMS gateways

Additional variable support for the Process, Syslog and Snmp action

Heartbeat Agent: Improved detection of remote agent status

Removed: Microsoft Access is no longer officially supported, and no MS Access database is shipped with the installer

Bug Fixes:

All bug fixes since the initial 2.91 release have been incorporated into version 2.92, additionally:


Hosts configured with multiple NICs that are added to the configuration with just the IP address, will properly determine their group membership.

Print tracking works with Vista, Win7 and Windows 2008

Version 2.91     November 2009

New Features:


Event Log Monitoring: Filtering capabilities have been improved to allow for insertion string matching, including the ability to interpret insertion strings as numbers, usernames or file names

Actions: SNMP action now supports v2c and v3 traps

Service Monitoring: Now collects service account as well as executable, in both alerts as well as reporting

Service Monitoring: Service history report now shows every service change per line, with easier readability

Process Tracking: Command line arguments of an active can now be collected

Logon Tracking: Group information is now collected

Software Monitoring: Uninstallation events now include same information as installation events

Software Monitoring: Windows updates are now collected on Vista, Windows 2008 and Windows 7, and more easily searchable in the web reports

Hardware Monitoring: IP addresses are now collected, and changes updated dynamically in the background

File Monitoring: Processing of a file's checksum can now be skipped if the size has not changed

Management Console: Authentication can now be set globally, in addition to being set on a per-group and per-computer level

Management Console: Computers in AD-linked groups can be sorted.

Management Console: Notes can now be added to computers

Environment monitoring: The minimum monitoring interval has been reduced to 5 minutes

Reporting: Health status of multiple computers can be displayed in a visual health matrix, scalable to display hundreds of computers in a single page

Reporting: The network status page now allows the customizations of performance counters as well as disks displayed

Reporting: Reports are more accessible, and can now be accessed from every page

Reporting: Most pages have been overhauled and improved for improved usability

Performance Enhancements:


Event Log Monitoring: Filter processing has been improved, resulting in a lower CPU usage

Checksum generation (File Monitoring, File Access Tracking) has been improved resulting in lower CPU usage

Bug Fixes:

All bug fixes since the initial 2.90 release have been incorporated into version 2.91.


Software Monitoring: Duplicate records of software is not longer shown in the software inventory

Compliance Tracking: Temp file was used even when its maximum size was set to 0 Mb

Network Status: This feature has been improved to avoid problems with computers missing, being displayed in the wrong group or not showing up at all

Disk space Monitoring: Alerts for low disk space are no longer generated when the total disk space is less than the alert (hard) limit to begin with

Hardware Inventory: Virtual machine detection, as well as Hyper-V detection has been improved for more reliability

Version 2.90     October 2008

New Features:


Vista, Windows 2008 are monitored with new API

Event Log Backup feature supports .evtx files

Database Import Utility supports .evtx files

New NTP monitoring and synchronization feature

Event Log Filter Timers now support insertion strings for easier setup & more flexibility

Scripts can now be embedded into the EventSentry configuration and referenced in application schedules & process actions

Actions: Jabber action supports chat rooms

Actions: Process action supports time-based termination and more event logging options

Actions: Fields in SMTP action can now be customized

Actions: In addition to controlling services, processes can be terminated (with support for insertion strings)

Actions: Certain actions can track their trigger history in database

Actions can now be enabled/disabled based on weekday and time of day

Compliance: New File Access Tracking feature

Compliance: Account Management Tracking

Compliance: Successful & Failed network logon tracking

Compliance: Audit, Domain & Kerberos policy tracking

Compliance: Trust Relationship tracking

Compliance: User & Logon Right change tracking

Compliance: Improved logon tracking to include domain role and indicate administrative logons

Compliance: Process tracking includes domain role

Variables can now be assigned to computers in addition to global & groups

Service Monitoring: Events now distinguish between services and drivers

File Monitoring: Can detect alternate data streams (ADS)

Performance Monitoring: Added "between" condition and "divide by # of processors"

Software Monitoring: Monitors and records system uptime

Hardware Inventory: Detects more details about the OS (e.g. editions) as well as hardware

Management Console: Group-Level Inheritance can be blocked on a per-computer basis

Management Console: Remote update feature now uses threads for much faster update speeds

Management Console: Added "Quicktools" to execute any application against a remote computer

Heartbeat Monitor: Can now utilize credentials set on group or computer items

Heartbeat Monitor: Can notify you via email when the EventSentry agent is not running

Web Reports: Extremely granular, built-In authentication has been added

Web Reports: Users can customize their settings in web reports without affecting global profile settings

Web Reports: Network Status includes switch to only show erroneous machines

Web Reports: Network Overview shows disk & performance alerts and event log trends

Web Reports: Network Overview shows overdue reports and most active machines

Web Reports: Computer Overview includes event log trend, overview and common errors

Web Reports: Report management has been improved

Web Reports: Reports support review as well as a report trigger history

Web Reports: Right-click menu for column headers allows toggling columns

Web Reports: Maintenance wizard supports deleting multiple computers at once, and much more

Web Reports: Database usage page shows storage details of database

Web Reports: Database can now be created and/or updated using the web reports

Web Reports: Print output has been significantly improved

Three completely redesigned widgets using the Yahoo Widget Engine

Bug Fixes:


Several bug fixes in the database import utility for importing log files

Issues with filter times have been resolved

Filter test feature has been improved

Event Log Monitoring has been improved for better reliability

Version 2.81     September 2007

New Features:


Database Setup Wizard now supports database connection strings and EventSentry Actions as a destination in addition to System DSNs

Nessus Import Utility and reporting now supports XML files from Nessus v3 as well

Web Reports: New "Network Status" overview page

New SMTP engine now supports TLS/SSL connections

Event Log Backup files can now be automatically compressed

Line delimiter can now be specified for non-delimited files as well

Actions now support a limit feature

Management Console can automatically check for new versions and patches

Event Log Database Import utility is now called "Database Import Utility" and supports importing delimited and non-delimited log files

You can now specify a router for a Heartbeat-Enabled group to suppress duplicate alerts when a router goes down

Hardware inventory can now distinguish between logical and physical CPUs and show more detailed CPU information

Web Reports: Computer Overview page supports automatic iteration between computers

Web Reports: Weekly Logon Reports in Logon Tracking

Web Reports: Ability to email event records and copy event records to the clipboard

Web Reports: Calendar popup improved on newer browsers

Bug Fixes:


Improved SQL queries drastically improve speed of most searches on the web reports

Detailed hardware inventory information (NIC, memory, etc.) would sometimes not be recorded correctly

Host names / IP addresses of remote Syslog hosts would not be included in events or the database if the IP address of the remote host could not be resolved

Resolved bug in environment monitoring dialog

Computers logging on to Citrix or Terminal Servers would show up in the "Computers" field of the Logon Tracking page

Active Directory Auto-Refresh: Computers that were removed from AD would not automatically be removed from the corresponding group

Web Reports: Improved Correlation between logon and process tracking

Web Reports: Several bug fixes in combination with MySQL, profile editor

Version 2.80     May 2007

New Features:


Log File Monitoring allows you to monitor both non-delimited and delimited files. You can either consolidate content into the database or receive alerts based on text logged to the log files

File Monitoring allows you to be notified when files in a monitored directory are changed (includes checksum hashes), and you can either track changes in the database or receive alerts

Directory Monitoring alerts you when a monitored directory exceeds a preset size

Jabber notifications allow you to send IM notifications, e.g. using Google Talk!

The hardware inventory feature now includes detailed information about installed memory and available slots, installed network cards, optical drives and you can remotely power on computers using WakeOnLAN!

Logon Tracking now includes more detailed information such as remote IP address, session connections/disconnections and workstation unlocks

The heartbeat agent now supports recurring alerts

As always we also fixed minor bugs and optimized various aspects of the agent to continuously increase the availability of the agents

Two new wizards were added for the log file monitoring and for setting up thresholds

A “filter test” utility has been added that allows you to test events against your filter rules by simply right-clicking an event in the built-in event viewer

Insertion Strings of events can now be displayed in the subject of an email ($STR1, $STR2, ...)

System Health features now include an "Alerts" button to easily create filters for events logged by the respective feature

Package summary pages now include description of packages

Hardware inventory feature can generate alerts when memory, CPU count or number of installed drives change

Bug Fixes:


Custom event log settings are now completely transferred to remote machines when pushing the configuration

Some events would not be transferred correctly with the SNMP action

On 64-bit systems, EventSentry now shows 32-bit and 64-bit installed software

Version 2.72     8th September 2006

New Features:


Remote configuration updates do not require the Remote Registry Service anymore, but instead use the ADMIN$ share. A work-around without the ADMIN$ share exists

Remote update shows the total and average time it took to perform an action

Event Log Backup Files  (.evt) can be imported into the EventSentry database

Event Message Browser lets you view and test all installed event messages

Two wizards where added to accomplish common tasks

Disk space alerts are now cleared after an alert, the volume name is also shown in alerts

Disk space web-reports can be filtered/grouped on the group level

Speed of performance charts was improved significantly

Expanded the "toggle" functionality to most search pages

A user-configured IP address will now be used on the web reports


Bug Fixes:


Deleting a database action could incorrectly configure the notifications of existing health and tracking features, including notifications set on the package-level

Remote update would not work correctly when the EventSentry was not installed locally

Creating a new package and immediately configuring it to be global would not work

The automatic configuration backup feature would not correctly delete old files

A temperature-only sensor could not be configure for a position other than 1

The temperature and/or humidity sensor would not work correctly

Remotely connected event logs would sometimes not be restored correctly

Filters and folders with the same name would crash the GUI

The event log summary dialog would display incorrect data when connected to remote hosts

Finding Event IDs works correctly now

Creating multiple SNPP action notifications was not possible

Resolved problems with event reports on SQL Server 2005

Resolved problems with IP address lookup

Resolved problems with the performance reports


Version 2.71     6th July 2006

New Features:


Filter Timers for event-log relation

Additional hardware sensors: Motion-, Smoke- and Water sensors

Nessus reporting support

Database purge utility (command-line based)

Installer now supports MySQL

Agent: New Shutdown/Reboot and Service Control action

Agent: Support for more runtime variables in SMTP Header/Footer

Heartbeat Monitoring: Ping tracking

Heartbeat Monitoring: Maintenance schedule can be accounted for in uptime statistics

Improved hardware inventory (now also detects serial numbers, model and graphic adapter/resolution)

Remote Update utility to automate remote update tasks

Improved dashboard

Ability to save the configuration as a HTML file

Maximum temp file size mechanism change

Various improvements in the web reports

Bug Fixes:


Pushing the agent to a remote host running the x64 edition Windows Server 2003 would sometimes not work

Fixed problems with application scheduler that would not execute certain files properly

Fixed various small bugs in management console application

Fixed problem with certain threshold settings

Fixed bug with performance monitoring

Fixed XSS vulnerability in web reports

Fixed minor issues in database setup wizard

Fixed problem with event log backup assignments

Fixed problem when computers where added with FQDN instead of NetBIOS name

Version 2.70     9th February 2006

New Features:


Management console now supports filter, health and tracking package for easier and more flexible administration

NETIKUS.NET offers standard filter and health packages that can be updated directly from the management console over the Internet

Performance monitoring to track performance information (e.g. CPU usage, memory usage) in a database and/or receive performance alerts via notifications (e.g. email)

Filter packages can be configured to be automatically active when one or more services are installed

Environment monitoring now supports temperature and humidity ranges and also clears previously issued alerts

Pager support for paging providers that support the SNPP protocol

Service monitoring now includes database support, allowing you to query service status, history and uptime through the web reports

Autorun Monitoring is now called "Software Monitoring"

Software inventory is now included as Software Monitoring now includes database support. This allows you to query installed applications and installation history through the web reports.

Software monitoring also monitors the ActiveSetup registry key

3rd Party Application is now called "Application Scheduler" and supports running custom monitoring tasks in a recurring fashion, e.g. every 30 seconds.

Logon tracking monitors logon's and logoff's, enabling you to view detailed logon/logoff information about users through the web reports

Print tracking monitors all print jobs and allows you to see print job data and statistics through the web reports, including the ability to assign cost to print queues for invoicing

The threshold feature has been simplified and offers new features

The built-in event log viewer supports opening .evt files, you can also open .evt files directly from explorer

Remotely connected event logs can automatically be restored after restarting the management console

The remote update computer list can automatically be sorted

Heartbeat agent now supports maintenance schedules that can be set for individual computers and/or groups

Management console supports searching for filters and computers

Management console can automatically backup the entire configuration at preset intervals

The completely redesigned web reports now offer a dashboard, event log reports, a profile editor, a maintenance wizard and much more!

Bug Fixes:


Reduced size of configuration in registry for faster remote updates

Increased agent stability

Fixed problems with moving and cutting/pasting filters

Several problems in the web reports have been fixed

Duplicate computers cannot be entered anymore and no longer cause problems with the heartbeat agent

Version 2.60     1st June 2005

New Features:


SNMP Support (sending traps)

Monitoring of application installation/uninstallation

Monitoring of machine-based autorun registry keys and directories

Web reports now feature an uptime calculation page

Ping option for remote update can be toggled

System health options can now be set to block inheritance

Process Monitoring can be configured to start after X seconds

Various enhancements in the management application, including proxy server support for feedback and news feature

Added ping dependency in heartbeat monitoring

Added additional monitoring options in heartbeat monitoring

Added database backup feature (if database is temporarily unavailable) to heartbeat monitoring

Agents installed through remote update can now be uninstalled on target machines using "Add/Remove Programs"

Desktop action notification now supports remote hosts in addition to the local host

"Online Configuration Update" feature was improved for higher stability

Map IP address to alias in remote update

Changed MSI installer from Wise to InstallShield for higher stability and more future features

Bug Fixes:


Some SIDs were not resolved to usernames correctly

Clicking on the "Computers" container would show a wrong path in an error message

Computers would randomely not show up in the web reports computer list

Saving the configuration would increase the memory usage on the agent, without freeing it (~200kb)

Some processes in "Process Tracking" would incorrectly show up as "still running" when they had exited

Bootscan feature of Process Tracking would not record all activity correctly

Recurring event filters would not work 100% correctly when a schedule would end exactly at midnight

SMTP Footer would not appear in Mini Emails

Under certain circumstances on very busy event logs (e.g. security event log on domain controllers) some event records would be skipped and not processed by EventSentry.

The EventSentry agent would crash under special circumstances when using the summary notification feature.

When clearing an event log the EventSentry agent would not continue to monitor this log.

Fixed various issues with SP1 of Windows Server 2003

Various bug fixes in the management application

Various bug fixes in the EventSentry agent

Fixed problems in combination with DEP (data execution prevention) in SP1 of Windows Server 2003

Version 2.50     26th January 2005

New Features:


Temperature & Humidity monitoring with external device

Heartbeat monitoring of remote hosts (ES agent monitoring, PING and TCP port checks)

Local computername may now be added to remote update list

ODBC Target supports ODBC connection strings in addition to DSN names for easier deployment

"Audit Process Tracking" can now also be switched off through "Process Tracking" feature

Recurring event feature lets you define events that you expect to appear (such as a tape backup) during a certain time period, and become notified if they are not

Computer field added to event log filter properties

Event Log Backup feature now supports environment variables in file name

Event Log Full detection now also supports the ODBC, NET SEND, SYSLOG and DESKTOP actions

GUI: Event Log Viewer supports sorting

GUI: Remote Update results window allows for sorting

GUI: Remote Update also sends computer names

GUI: Remote Update "Computers" container supports sorting and drag/drop

GUI: Targets support drag/drop

GUI: Active Directory linked groups now show the actual computers under the "Computers" container and allow for  authentication to be set on a per-host level

GUIDs in event log records are resolved to display name

Filter Source, Category and Users allow for multiple values, separated by comma

Filter Source, Category and Users support negation with exclamation mark

Binary data of events now also available in all notifications, GUI and web reports

Additional variable support for the FILE action

ASP and PHP Web reports now work with all supported databases (Access, MSSQL, MySQL, Oracle), the PHP web reports have been switched to use ODBC

A new Database Wizard now creates all tables, indexes and permissions automatically on MSSQL, MySQL and Oracle

The new MSI installer optionally creates a virtual IIS directory and/or sets up the MS SQL Server database automatically

SMTP action now supports an optional header and footer that can be added to every email

Service Monitoring: Included/Excluded services now support wildcards

Process Tracking: Included/Excluded processes now support wildcards

Bug Fixes:


Database layout completely redesigned for faster web reporting

Event Log Scanning engine significantly improved

Memory Leak in filter processing removed

Absolute diskspace limits now work for values > 4Gb

Selecting a particular set of logical drives would not work

ASP Web pages corrected to support Access databases without restrictions

ASP Web pages corrected to support non-US date formats

Threshold feature incorrectly counting excluded events towards limits

Filtering of "Filter Text" would not work correctly when filter text attempted to match the last character of an event log record

Password for group (remote update) not saved correctly

GUI will not allow more than one instances anymore on computers running Terminal Services to avoid data corruption

GUI will not freeze while performing remote updates and switching to another application

Several bug fixes in ASP and PHP web reports

Unsupported characters were allowed in filter names, resulting in configuration corruption

Version 2.43     22nd July 2004

New Features:


Process Tracking records all process activity in a database and allows you to see a process history on all monitored hosts

Service monitoring can control services and maintain a set status. Failed services can now be automatically restarted

Disk Space Monitoring allows for more granular settings for warnings and database connections

Disk Space Monitoring will now recognize when new (fixed) disks are added or removed during runtime

Event Log Backup allows for backups of all event logs for faster configuration

Database table names can now be specified for each of the features requiring a database (ODBC action, disk space trend collection and detailed process tracking)

GUI: "Force News Update" reloads latest news

GUI: Filters can be commented

Bug Fixes:


Handle leak in eventsenry_svc.exe.

Memory leak in NonPaged pool when using the TCP syslog action and remote syslog host is not accepting TCP connections

Launching applications with the "3rd Party Applications" feature might show error "Invalid access to memory location" and the application would not run.

An error with the summary notification feature could crash the application when a large amount of events (more than the configured maximum) were summarized.

Right-Click on SYSTEM event log in tray icon opens security log (no other logs are affected)

Version 2.41     7th June 2004

New Features:


Added $HOSTNAME variable to event log backup feature

Bug Fixes:


Warning messages in PHP interface removed

Wrong $DAY, $MONTH and $YEAR variables in event log backup feature

OLE DB error in index.asp file removed when using an MS Access database

Version 2.40     25th May 2004

Version 1.x Compatability mode will no longer be supported starting with Version 2.40 of EventSentry. If you are still running 1.x agents in your network then you will need to upgrade them to version 2.40.

New Features:


GUI: Tree in navigation pane restructured for easier navigation, general usability improvements

GUI: Maximum groups, actions were increased

GUI: Active Directory Import (with "Link" feature) added

GUI: Up to 5 remote event logs can be added to navigation pane

GUI: Change detection added, GUI tries to determine whether changes were made and only prompts to save then

GUI: Event Log Viewer filter added (filter for errors, warnings, information, audit success & failure)

GUI: Only active group is sent to remote computers with remote update

GUI: One-Button remote agent installation

GUI: Tree status is now also saved/restored when connecting to remote computers

GUI: ODBC action has a test button now too

SMTP Target: Mini-Emails can now be customized

SMTP Target: Dial RAS connections before sending emails

SYSLOG Target: This action has been optimized and should offer higher throughput

Custom variables are introduced, variable processing improved

Variable $EVENTMESSAGE for SMTP subject added

Automatically backup and clear event logs on a regular basis

Run command-line applications and log their output to the event log

Monitor memory consumption of processes to detect possible memory leaks

Monitor diskspace, including trend change detection

Trial Version & Full Version are now one product

Bug Fixes:


GUI: Remote Update: Health settings of a group could be deleted when only updating filters

GUI: Service Monitoring would not save changes when adding services that don't exist on local machine

GUI: Feedback forms do not disappear when connection was unsuccessful

GUI: Renaming groups could yield random results

SERVICE: Filter processing has been optimized

SERVICE: Some boot time events could be ignored

SERVICE: Formatting of event log records has been corrected and improved

SERVICE: SMTP message now contain a Message ID

Removed Features:


1.x Compatability Mode was removed. If you are upgrading from version 1.x then you will need to upgrade to version 2.30 first to preserve existing filters.

Version 2.30     3rd December 2003

New Features:


EventSentry now monitors services

Small enhancements in the management interface

Filter Groups are now referred to as "Groups"

Filter Groups can be added/removed in Remote Update, System Health and Filters tree

PHP version of web interface added (ASP + PHP now supported)

Added links to, google, etc. to web files

Sylog facility/level now mapped to event category for incoming syslog packets

Bug Fixes:


Long date format problem in event viewer resolved

Rename problem in GUI resolved

Import Problem in GUI resolved

Version 2.21     5th November 2003

New Features:


Syslog target now supports TCP in addition to UDP

Remote Update speed improved

Remote Update displays more informative error messages

Remote Update now supports different credentials

Added troubleshooting section in help file and GUI for every target

Numerous enhancements in the management application

Added EventSentry Quickstart Guide

Bug Fixes:


Event records containing a single dot per line could cut off email

Potential problems in wildcard feature

Problem in built-in Event Log viewer with certain events resolved

Version 2.20     8th September 2003

New Features:


(X)HTML emails are sent in multi part/alternative including a non-HTML version of the content. This is useful for email clients that are not capable of displaying HTML messages and for filtering (rules) in MS Outlook

Wildcard support for filters was added

The following additional variables for the SMTP target were included: $EVENTSOURCE, $EVENTCATEGORY, $EVENTTYPE, $EVENTID

The $HOSTNAME variable is now supported in the SMTP Sender email field

The built-in event log viewer allows you to query web sites to obtain information on a particular event

Installer features (Management package) improved

Bug Fixes:


The syslog hostname (as logged & reported by the syslog daemon) was truncated

The welcome screen might show an invalid event log summary when connected to a remote machine

Day/Time summaries are sometimes not read correctly on the fly, a service restart is necessary

Changing the debug logging level requires a service restart

Various improvements in the management application

Version 2.11     18th August 2003

New Features:


A customizable Welcome Screen shows important information such as EventSentry news, event log summary and more

Display speed of the built-in event viewer was greatly improved

Invalid filter order is detected by management interface

For better usability some menu options were renamed

Sample ASP pages for querying an ODBC database were added

On German Operating Systems EventSentry logs German messages to the event log

Bug Fixes:


The service (agent) underwent a major security code review

Memory usage was reduced and optimized

Exclude filters using more than one target would not exclude events properly

Drag & Drop would sometimes not work properly

Creating filters or targets would fail when clicking with mouse instead of hitting enter

Remote Update would sometimes not connect to certain machines

Import Wizard would only import ~250 computers

Size & positioning issues with desktop notification feature were corrected

Potential problems in the network target have been resolved

Problems with the summary notification have been resolved

Version 2.10     3rd July 2003

New Features:


Custom event logs can now be managed and monitored

Bug Fixes:


Fixed problems in the built-in event viewer and other minor problems

Version 2.01     18th June 2003

New Features:        


Added check box functionality for remote update

All groups can now be updated at once

Bug Fixes:


Fixed problems in the remote update feature (including service installation)

Fixed problems in built-in Event Viewer

Version 2.00     5th June 2003

New Features:


Added installer software

Completely redesigned the management interface (GUI)

Filters can be assigned to multiple targets

Smtp target enhancements

Added network target (ala net send)

Added process target

Added sound target

Added desktop target

Bug Fix:


Permanent summary notification on Windows NT4 might not work due to missing %TEMP% variable

Version 1.15     11th March 2003

New Features:        


Summary features events are now stored throughout service restarts

Filter option "Filter Text" is not case sensitive anymore

Bug Fixes:


"Stop processing other filters" didn't work in combination with summary feature under some circumstances

Other minor bug fixes

Version 1.14     25th February 2003

New Features:        


Targets can now be enabled/disabled

Multiple concurrent instances of the GUI are prevented

Bug Fixes:


The "stop processing other filters" option didn't work correctly under some circumstances

Bootscan would report too many events under some circumstances

Using ODBC with a MS SQL Server would sometimes not write events to the database

Excluding filters for particular targets would under some circumstances not work

Version 1.12     10th February 2003

Bug Fixes:


The filter summary dialog box is cleared/reset under some circumstances

A filter group update does not correctly set the active filter group on the target computer

Sending emails with certain mail servers would fail

Version 1.10     4th February 2003

New Features:


Introduced filter groups (see help for an explanation)

Added the parallel ASCII-printer target

Added email importance flags

Added/improved computer list import/export

Added GUI tips

Bug Fixes:


A special kind of event log entry could crash the service

Database DATETIME field was not used (text was used instead)

Event log entries would sometimes be ignored

Fixed GUI ALT-F4 issue.

Other minor fixes in both GUI and service

Version 1.03      16th January 2003

New Features:


Added the $HOSTNAME variable for the SMTP subject and FILE filename, added HTML customization options.

Bug Fix:


If an event log is configured to "overwrite events as needed" and events are being overwritten (because the event log is full) then EventSentry can stop monitoring this particular event log under certain circumstances.

Version 1.02     22nd December 2002

Bug Fix:


Under some circumstances the GUI could crash when performing any kind of batch update.

The EventSentry service is not affected by this problem.

Version 1.00     19th December 2002

This was the initial public release of EventSentry.