GITS Sawmill 8.7.3 已發行

版本 8.7.3, 發行於2014年5月6日

8.7.3 版新功能:
[1285416] Display a "Before you start" section in Admin/Profiles to new users, it is only shown after a new setup. The section reminds new users to disable Antivirus software for the Sawmill directory and shows some links to best practice guides when processing large datasets.
[1299190] Added support for IronPort S-Series with pseudo-W3C (pattern) headers.
[1301348] Added support for WebLogic 10 log format (by extending the existing WebLogic 8 plug-in so it can handle both).
[1301358] Added support to show a warning message for missing log fields in the New Profile Wizard. The warning message will be shown if required log fields are defined in a warn_on_missing_log_fields node in the log format plug-in and if these log fields are not detected in the log files.
[1301531] Added support for Kerio Control security log format.
[1301630] Added rendering of very large byte counts as Terabytes, Petabytes, and Exabytes.
[1301689] Substantially rewrote support for the OpenVPN plug-in so it supports the latest format of log data, parses faster, supports any syslog header, and more.
[1301696] Enhanced IPCop Syslog support to handle date header lines.
[1301859] Added support for NPR Reporting log format.
[1301902] When reporting on Cisco PIX/IOS log data, dynamic Teardown lines are ignored, resulting in lower than expected reported duration.
[1301976] Added support for Cisco IronPort S-Series (WSA) CSV export format.
[1302060] Added option to Report Options/CSV Export to convert the "(empty)" value to any custom defined value.
[1302205] Display operating system and architecture in About window.
[1302286] Display a warning message in File Manager/Network Shares when the "Map drive letter" is selected.
[1302301] Added support for F-Secure HTTP Access log format
[1302454] Added support for Zimbra mail server log format
[1302671] Added support for IPCop Snort multiline log format.
[1302844] Added support for FreeProxy log format
[1303041] Added support for Sophos UTM Web Application Firewall log format.
[1303190] Display best practice tips in New Profile Wizard on log source and database page and in Scheduler.
[1303191] Improved styling of the Help Manual and added a Best Practice Guides section.
[1303424] Added support for Websense Server log format.
[1303461] Added "Show/Hide Created By Column" in Profiles/View menu. The column can now be set per user. User access can be set in Admin/Roles.
[1303462] Moved "Show/Hide Database Info Column" from Profiles View Editor to Profiles/View menu. The column can now be set per user. User access can be set in Admin/Roles.
[1303794] Added support for FortiGate 300 Series log format.
[1304249] The "database info column" is now visible by default in the Profiles list.
[1304335] Added support for InterMapper Chart log format.

8.7.3 版修正項目:
[1296642] When "Use overview for totals" is checked, the Other Items row can show a negative number. (This is fixed by showing a dash in this case).
[1299899] If a report is generating, and a database-writing task like a rebuild or update runs, the database will be altered underneath the running report, possibly causing an error in report generation. This is now fixed by delaying the rebuild or update until no reports are running.
[1301487] Apache Custom profiles are created with a duplicate file_type field, resulting in a build error, "Trying to compute 'file_type' field, but there is no 'page' field to compute it from."
[1301592] Added info text to Profiles View feature permission in Roles, visible when Edit is checked.
[1301593] Added Admin Tools feature permission in Roles.
[1301594] Internet Explorer 8, IE9 and IE10 hangs when loading the profiles page and when Internet Explorer's "View all websites in Compatibility View" option is checked.
[1301596] Fixed minor language variable issues in Admin/Profiles and Admin/Tools.
[1301665] Remainder row shows negative values for fields with aggregation method unique when "Use overview for totals" is checked.
[1301907] In the analysis of Juniper SSL VPN log data, "VPN Tunneling: Session ended for user with IP" lines are ignored, possible resulting in very long reported session durations for those sessions.
[1301918] When using the internal database, indices do not improve the performance of single-value report filters on single fields.
[1302023] Multiprocessor SSQL queries (e.g., from main table reports generated with "query splitting" turned on) crash or generate an internal error.
[1302306] Attempting to create a profile from log data in Windows 2000/2003/2008 DNS Log Format, given an error "no date_time in snapons" during the Create Profile Wizard.
[1302380] Reports generated from MDaemon 13 logs show no events.
[1302651] Sending a report by email with multiple recipient email addresses causes a SMTP server error in some mail servers.
[1302908] When analyzing servuftp logs, the Log Detail report fails with an error, "Unexpected text at end of SSQL field description: '_file'"
[1303189] The profiles list is not properly sorted after a profile has been renamed.
[1303428] Editing the last action in scheduler overrides the first action with the last action.
[1303868] Report filter items of type within/matches are not added and not editable in Reports/Filters.
[1303979] Manage fields in an overview report element allows to add non-aggregating fields which cause an error in reports. Fixed so that only aggregating fields can be added in overview report elements.
[1304170] A report element which displays one or more chronological graphs without a table and with no filters applied causes an "Unable to read file" error. The error only occurs if the profile uses the internal database, profiles with an external database are not affected.
[1304248] Sawmill Lite displays a "No Permission" page when navigating to the Config/Log Source page or to a Tools page.
[1304349] When creating a MySQL profile with a non-default port, an error occurs at the end of profile creation like, "Failed to connect to MySQL database at with username 'user'"
[1304406] When a regular expression table filter, or "omit parenthesized items," is used on a report column of type non-aggregating integer, an error occurs like, "Internal: attempt to get string value from non-varchar column 0 of table 'xref2' with GetStringCell()".