Release Notes for WhatsUp Event Log Management Suite

In this File

Release Notes for WhatsUp Event Log Management Suite v9

Release information

Product name

WhatsUp Event Log Management Suite v9. Includes four modular event log management titles:

WhatsUp Event Archiver

Version: 9.0.164

WhatsUp Event Analyst

Version: 9.0.214

WhatsUp Event Alarm

Version: 9.0.401

WhatsUp Event Rover

Version: 9.0.174

Version

Release date

November 2010

Introducing the WhatsUp Event Log Management Suite

The WhatsUp Event Log Management Suite is a modular set of applications that can automatically collect, store, analyze and report on both Windows Event and Syslog files for near real-time security event detection and response as well as historical compliance assurance and forensics. Depending on your environment and the specific challenges you are facing – you can select individual products that independently provide pinpoint solutions or opt for the comprehensive suite that gives you everything that you need.

With the WhatsUp Event Log Management Suite you can:

Collect Windows Event log (from Windows systems and hosted applications) and Syslog information (from routers, switches, firewalls, IDS, IPS and Unix and Linux servers) for comprehensive analysis and audit
Access custom reports for IT personnel, compliance officers and even law enforcement agencies
Monitor network security threats in real-time and facilitate appropriate incident response
Provide on-the-fly access to event log data for routine viewing or operational triage
Analyze, filter and report on network security and regulatory compliance goals
Automate the warehousing and cleansing of log data over time as per regulatory requirements
Manage end-to-end IT operations in conjunction with WhatsUp Gold and related plug-ins:
- WhatsUp Event Archiver automatically collects Windows event logs and archives them in flat file and/or database formats.
- WhatsUp Event Analyst can prepare ad hoc and scheduled reports using your log data for security and/or compliance reasons.
- WhatsUp Event Alarm sends alerts when security, compliance, or other critical events are logged on your Windows computers or syslog devices.
- WhatsUp Event Rover can search individual Windows event logs to find incidents or perform forensic analysis on Windows log files after an event occurs.

New in WhatsUp Event Log Management Suite v9

A uniform, guided installer now replaces the four individual installers (one for each product) used in the past to install each log management tool. Simply place a checkmark by the products you wish to install when prompted, and the common installer will do the rest.
WhatsUp Event Archiver, WhatsUp Event Analyst, WhatsUp Event Alarm, and WhatsUp Event Rover now offer support for managing custom Windows event logs. Administrators can browse and connect to various computers on their domain, and then add any custom Windows event logs found into each user interface, so they can be scheduled for collection, monitoring, or reporting.
WhatsUp Event Archiver, WhatsUp Event Rover, and WhatsUp Event Analyst now can collect, analyst, and report on Microsoft EVTX log files from Windows Vista, Windows Server 2008, and Windows 7 machines even when installed on a legacy operating system, such as Windows XP or Windows 2003. If you will be monitoring live EVTX log files with WhatsUp Event Alarm, you will still need to install this particular tool on a Windows Vista or later operating system.
Various bug fixes. Please see the Fixed in WhatsUp Event Log Management Suite v9 section for more details.

System requirements

Software requirements

The WhatsUp Event Log Management Suite runs on several 32-bit and 64-bit Windows operating systems. The following is a list of the Windows operating system and release requirements for the WhatsUp Event Log Management Suite.

Windows 7 Professional / Ultimate
Windows Vista Business / Ultimate
Windows XP Professional SP2
Windows Server 2003 SP2
Windows Server 2003 R2 SP2
Windows Server 2008 SP2
Windows Server 2008 R2 SP1

Database requirements

Previous versions of the WhatsUp Event Log Management suite supported the sending and receiving of data from Microsoft SQL Server 2000 and Microsoft SQL Server 2005. Support for Microsoft SQL Server 2000 has been dropped with this release. The WhatsUp Event Log Management Suite v9 has been tested against:

Microsoft SQL Server Express 2005 (local installation only)
Microsoft SQL Server 2005 Workgroup or greater installation (local or remote installation)
Microsoft SQL Server Express 2008 R2 (local or remote installation)
Microsoft SQL Server 2008 Workgroup or later edition (local or remote installation)

For small organizations with 5 or fewer servers who do not own a license of Microsoft SQL Server, Microsoft SQL Server Express 2008 R2 is the recommended platform, as it provides the greatest maximum database size (e.g. 10GB) in a free version. However, networks who wish to collect and analyze logs from over 5 servers should acquire license(s) for the Workgroup or later edition of Microsoft SQL Server 2005 or 2008, as there is no maximum database size limit in those versions.

Hardware Requirements

Dual-core 2GHz or faster processor
2 GB RAM or greater
4 GB available hard disk space minimum for data and/or database storage. The hard disk space required is completely dependent on the volume of log data stored, how long the data is stored, and how the data is stored (e.g. in compressed EVT/EVTX files and/or in database tables)

Installing and Upgrading the WhatsUp Event Log Management Suite

Upgrading the WhatsUp Event Log Management Suite

Important: Attention Existing WhatsUp Event Log Management Customers. Do not attempt to directly install over a previous version of WhatsUp Event Log Management software.

If you are an existing WhatsUp Event Log Management customer, and want to upgrade your previous software version(s) to Version 9, please logon to MyIpswitch licensing portal, and click My Downloads. Next to each download link, there is a link to upgrade instructions. You must read and follow the upgrade instructions for each product prior to installing the new version, so that your existing software configuration can be preserved during the upgrade process.

Installing the WhatsUp Event Log Management Suite

To Install the WhatsUp Event Log Management Suite:

Log in directly to Microsoft Windows using:
1. a full Domain Admin account if managing servers/workstations across a domain
2. an OU admin account if managing servers/workstations in a specific OU
Note: This OU admin account must be in the local Administrators group on each server/workstation located in said OU.
1. a local Administrator account if installing to a workgroup or to a standalone machine that will only be managing its own logs.
Note: The account above should be the same as the account you will later assign to the WhatsUp Event Archiver Service, WhatsUp Event Alarm Service, and/or WhatsUp Event Analyst Service.
Navigate to the directory where you downloaded the electronic version of the WhatsUp Event Log Management Suite (WUELM.exe), and double-click on the file.
Read the welcome screen. Click Next. The License Agreement dialog appears. If you accept the terms of the license agreement, select I accept the terms of the license agreement.
- To print a copy of the license agreement, click Print. The license agreement is sent to the default printer.
- If you do not accept the terms of the license agreement, click Cancel to exit the installation program.
Select the top-level parent installation directory for the WhatsUp Event Log Management Suite components. Individual products will be installed underneath this parent directory in subfolders. By default, this directory corresponds to C:\Program Files\Ipswitch. After you select the installation directory, click Next. The Product Chooser dialog appears.
Using the guides, place a check mark by each individual log management title you wish to install.
Click Next. The Ready to Install dialog appears.
Click Install. The setup program installs each requested log management title.
When the installation completes, the InstallShield Wizard Complete dialog appears.
Click Finish. The setup program closes.
Tip: Any log management title you choose not to install in step 5 above can still be installed later. You can access each non-installed product's individual installer via the Start Menu->WhatsUp Event Log Management Suite Installers program group.
Run each installed program for the first time. As prompted, supply the service account information and default domain/workgroup information requested by each log management title.

Activating the WhatsUp Event Log Management Suite

Activation of the WhatsUp Event Log Management Suite is done manually on a product by product basis. To start this process, please enter your information, including the service number provided by Ipswitch customer service after your purchase, in the Licensing Dialog. Here's how to access the licensing dialog in each product:

WhatsUp Event Archiver - From the Help menu, select Register WhatsUp Event Archiver...
WhatsUp Event Analyst - From the Help menu, select Register WhatsUp Event Analyst...
WhatsUp Event Alarm - From the Help menu, select Register WhatsUp Event Alarm...
WhatsUp Event Rover - From the Help menu, select Register WhatsUp Event Rover...

To later add licenses to any installed instance of one or more of the above products, visit the Help menu, and this time, select Upgrade WhatsUp [Product Name] Licenses...

For complete help on how to use the Licensing Dialog, press F1 when this dialog is actively displayed.

Uninstalling the WhatsUp Event Log Management Suite

To uninstall any of the individual log management titles:

Start the un-install program:
Navigate to the Windows system Control Panel, select Add/Remove Programs (on Windows 2003 or earlier operating systems) or Programs and Features (on Windows Vista or later operating systems). Select WhatsUp Event Archiver, WhatsUp Event Analyst, WhatsUp Event Alarm, or WhatsUp Event Rover, and click Uninstall. The setup dialog prompts you with the following question, Do you want to completely remove the selected application and all its features?
Click Yes. The un-install program runs and the Uninstall Complete dialog appears.
Click Finish. The setup program closes.

Note: You can also uninstall the individual setup packages associated with each log management title from disk. To do this, repeat the steps above, this time selecting the WhatsUp Event Log Management Suite from the list. This does not uninstall the individual log management titles, only the setup packages.

Fixed in WhatsUp Event Log Management Suite v9

Previous versions of WhatsUp Event Analyst were affected by Microsoft Security Update (KB960715). After this update was applied, the charts in certain Event Analyst reports would stop displaying properly in Internet Explorer. This has now been fixed in WhatsUp Event Analyst.
A bug in WhatsUp Event Alarm relating to the construction of SMTP message headers was fixed - certain European clients may have experienced an issue where the time zone was not formatted properly in email alerts from Event Alarm, resulting in improper sorting in their mail client of choice.
A bug in WhatsUp Event Archiver was fixed that could result in an error message when attempting to archive a zero-entry EVT log file when Event Archiver was installed on a Windows Vista or later operating system.

For more information and updates

The following are information resources for the WhatsUp Event Log Management Suite.

Context-sensitive Help from within each log management title. Pressing F1 from within WhatsUp Event Archiver, WhatsUp Event Analyst, WhatsUp Event Alarm, or WhatsUp Event Rover will summon that product's help system.
User Guide. Each log management title ships with its own comprehensive User Guide. These can be found under the Program group for each log management title in the Start Menu.
Quick Setup Guide. Each log management title also ships with a Quick Setup Guide that helps users quickly configure each program and other network/security settings for optimal performance. These can be found under the Program group for each log management title in the Start Menu.
Creating a Microsoft SQL Server Database. For log management titles that can utilize a database server, this guide explains how to create, configure, and initially size a Microsoft SQL Server database for use with WhatsUp Event Archiver, WhatsUp Event Analyst, or WhatsUp Event Alarm. These can be found under the Program group for each log management title in the Start Menu.
Licensing Information. Licensing and support information is available on the MyIpswitch licensing portal. The web portal provides enhanced web-based capabilities to view and manage Ipswitch product licenses.
Knowledge Base. Search the Ipswitch Knowledge Base of technical support and customer service information. The knowledge base is available on the WhatsUp Gold web site.
Technical Support. Use the WhatsUp Gold Support Site for a variety of WhatsUp Gold product help resources. From here you can view product documentation, search Knowledge Base articles, access the community site for help from other users, and get other Technical Support information. The Support Site is available on the WhatsUp Gold web site.