LogRefinerLogRefiner ™ Technology May Prove Critical To Maintaining Your Log Management Strategy
There are a number of complications associated with existing log strategies - usually designed only for the soon-to-be "legacy" EVT format - and the log data being generated by Windows Vista ™ and upcoming versions of Windows Server ® via the new EVTX format.
But, Dorian's exclusive LogRefiner technology enables you to move to the EVTX format at your speed and on your terms. Many compliance standards require that log data be maintained for a period of years. Therefore, in most - if not all - cases, maintaining EVTX and EVT formats alongside each other will be necessary at least for some time after IT organisations begin to adopt the new format.
Be wary of log products on the market that require management of logs in one but not both formats. Also, be wary of proprietary back end databases. Both of these factors will not only further complicate migration matters for you in the future, they will likely cause serious disruptions in your log management strategy. If your organisation's compliance efforts rely on log management - as many do - such a disruption can not be afforded.
Whether or not your organisation plans on adopting the new format, why not be ready for it anyway? Capabilities powered by LogRefiner technology that appear in Event Analyst 6.0 and later include:
Downlevel EVT File Processing in Windows Vista
Dorian's exclusive LogRefiner technology can read, filter, and report on EVT files from downlevel systems directly alongside the EVTX files from Windows Vista and newer operating systems.
With Event Analyst's exclusive new technology, no information goes missing when converting downlevel EVT files into new formats – all event log fields are processed properly the first time.
Streamlined Fields Between EVT and EVTX Logs
Did you know that Windows Vista’s EVTX logs have even more fields? Event Analyst can now be instructed to automatically consolidate these fields - the Keyword and Opcode fields specifically - into the Task (Category) field so that you can have a uniform field structure when working with EVT and EVTX log files.
Field Consistency Across Logs
In the Windows Vista Security Log, no information about the user performing the action or affected by the action is recorded in the User field when an event is logged. Instead, all user information is placed in the Description of the event.
Event Analyst 6.0 and later, however, has the ability to place the most relevant user information back into the User field as it reads and processes EVTX files. By helping maintain the consistency of log data and its formatting, this feature greatly aids the administrator or compliance officer in charge of reviewing the consolidated data.
Success Audits Versus Failure Audits Defined
Another major change in the Windows Vista security log is that all events are recorded as “Informational.” To discern whether or not the event represents a failed or successful action, the administrator must refer to the Keyword of the event.
But, Event Analyst 6.0 and later - when working with security EVTX Files - has the ability to properly record whether or not the event was a Success Audit or Failure Audit, greatly aiding the reviewer of log data generated from both EVT and EVTX log files.
| 
