WLS 220.127.116.11 has been released!
Database alternate location
An alternate DB location can now be specified.
Decoding for provider message IDs
Some Vista+ logs contain values that start with %%. These can now be optionally decoded and added as a field or replace the %% values.
Disk space limits
A minimum disk space may now be specified, and if the disk space falls below the threshold, WLS will stop queuing logs and send a notification directly to the syslog server. Normal behavior will resume when disk space returns above the threshold.
Enhanced network interface logs
Logging of network interfaces on start-up and after a network change now includes more data about each adapter.
Legacy log parsing
Optionally now include the remaining log data from XP logs after all replacement strings have been parsed.
When a user is added or removed from a group, the log did not always contain the user name. Now when a log contains MemberSid but not MemberName, WLS will fill-in MemberName.
Workstation IP resolution
Disabling workstation IP resolution for logs containing WorkstationName is now an option.
CommandMonitor now includes the user name associated with each command.
When debugging interactively, output now includes greater detail.
JSON output has been improved.
Rewritten log parsers and db caching
Faster parsers for XP and Vista+. Higher concurrency log processing through the caching database.
SessionMonitor now caches information where applicable to maintain user tracking.
For more information on WLS, click “WLS Information” at the top, or here: WLS Information
If you’d like additional information about WLS, send me a note via the contact form. WLS is currently available to US entities, but does require a signed license agreement.