WLS 3.0.0.58 has been released!

New Features

Database alternate location

An alternate DB location can now be specified.

Decoding for provider message IDs

Some Vista+ logs contain values that start with %%. These can now be optionally decoded and added as a field or replace the %% values.

Disk space limits

A minimum disk space may now be specified, and if the disk space falls below the threshold, WLS will stop queuing logs and send a notification directly to the syslog server. Normal behavior will resume when disk space returns above the threshold.

Enhanced network interface logs

Logging of network interfaces on start-up and after a network change now includes more data about each adapter.

Legacy log parsing

Optionally now include the remaining log data from XP logs after all replacement strings have been parsed.

MemberName resolution

When a user is added or removed from a group, the log did not always contain the user name. Now when a log contains MemberSid but not MemberName, WLS will fill-in MemberName.

Workstation IP resolution

Disabling workstation IP resolution for logs containing WorkstationName is now an option.

Improvements

CommandMonitor

CommandMonitor now includes the user name associated with each command.

DebugMode

When debugging interactively, output now includes greater detail.

JSON

JSON output has been improved.

Rewritten log parsers and db caching

Faster parsers for XP and Vista+. Higher concurrency log processing through the caching database.

SessionMonitor

SessionMonitor now caches information where applicable to maintain user tracking.

---

For more information on WLS, click “WLS Information” at the top, or here: WLS Information

If you’d like additional information about WLS, send me a note via the contact form. WLS is currently available to US entities, but does require a signed license agreement.