LOGbinder Support

LOGbinder for Exchange Version History


LOGbinder for Exchange 4.0.1 (11/13/2019)

  • Redesign mailbox audit actions wizard
  • Add MailboxLogin audit action
  • Add "Apply Now" button for audit policy wizard
  • Speed up outputting to Syslog and Syslog files
  • Utilize Get-AuditLogSearch, if available, to avoid too many audit log request
  • Better error reporting if New-MailboxAuditLogSearch or New-AdminAuditLogSearch errors
  • Delete old transactions based on "Initiated" date, not on "Completed" date
  • Add error handling for corrupted settings file
  • Retry certain failed actions a few times, in case the problem is temporary
  • Many bug fixes and other improvements

LOGbinder for Exchange 3.4.41 (5/2/2019)

  • Retry creating/opening Syslog files on error
  • Add noise event statistics (number of noise events suppressed)
  • Fix noise event filtering for all outputs

LOGbinder for Exchange 3.4.29 (1/1/2019)

  • Renewed certificate

LOGbinder for Exchange 3.4.28 (12/9/2018)

  • Try to reopen runspace if it is in 'Broken' state
  • Delete unused .stg files

LOGbinder for Exchange 3.4.26 (6/3/2018)

  • Corrected some CEF problems (escaping '=' signs and a duplicate field in some events)
  • Added more error resilience during some Exchange operations

LOGbinder for Exchange 3.4.25 (3/9/2018)

  • Handle multiple NICs correctly for Syslog outputs

LOGbinder for Exchange 3.4.23 (12/22/2017)

  • Fixed Syslog date to use US format of month names instead of internationalized versions
  • Added feature to select inputs by searching for text included in their names
  • Added date range to event 551
  • Fixed an issue relating inspection
  • Fixed a small regression bug
  • Increased allowed memory threshold

LOGbinder for Exchange 3.4.22 (9/14/2017)

  • Handle error when not being able to find an organizational unit

LOGbinder for Exchange 3.4.21 (8/31/2017)

  • Added more error resilience while getting mailboxes in the audit wizard
  • Catch and report on certificate errors
  • Fixed a date issue due to regional settings
  • Increased LOGbinder service startup timeout

LOGbinder for Exchange 3.4 (2/24/2017)

  • Added statistics to informational events
    • Information includes processed file names, elapsed time, EPS (events per second)
  • Refined service start/stop process
  • Improved resilience when there are connection problems while creating a PowerShell session
  • Improved resilience when there are connection problems while reading audit data
  • Sort input transaction descending for easier navigation to latest entries
  • Changed some LOGbinder message terminology
  • Added option to specify installation folder other than the default
  • Several other updates and improvements

LOGbinder for Exchange 3.3.5 (7/11/2016)

  • Fixed version number in all Syslog outputs
  • Removed reporting and event nodes from the Control Panel
  • Installer grants permission to the ProgramData folder for the service account
  • Installer removes previous installations before installing new version
  • Improvement in transaction file processing if the LOGbinder service has been stopped for a few days
  • Bug fix related to transaction entries in the input properties transactions list
  • Bug fix for additional audit requests issued when service is restarted
  • Bug fix for disabled "Go" button in Audit Policy Wizard when Groups are selected
  • Added additional details to diagnostic event 552
  • Added warning message to application log if Exchange fails to deliver audit results

LOGbinder for Exchange 3.1.11 (3/25/2016)

  • Bug fix for blank subject emails to the recipient account

LOGbinder for Exchange 3.1.9 (1/16/2016)

  • Bug fix for outputting LEEF in UDP

LOGbinder for Exchange 3.0.12 (6/20/2015)

  • Due to reports from some LOGbiner for Exchange enterprise customers, changes were made to use .NET 3.5 instead of .NET 4.0

LOGbinder for Exchange 3.0.3 (4/24/2015)

  • Mailbox Audit policy
    • Once a day, LOGbinder service will check audit policy on mailboxes that are members of selected groups or organizational units. If policy does not match, LOGbinder will set audit policy, afterward reporting on the results (event 25012)
    • To set mailbox audit policy, click link in Input properties window or Options. Choose which groups, organizational units, then specify the policy.
      • You may select groups, organizational units, or both. Keep in mind it is best to use a fewer number of groups/units, since the greater number of groups/units, the longer it will take LOGbinder to examine them.
      • When pressing Finish, the mailbox audit policy is saved to LOGbinder's settings. Nothing is changed in Exchange until the the LOGbinder service's daily maintenance tasks are done, typically about 1:00 a.m.
  • Autofill defaults for Powershell/Exchange URLs
    • When clicking Powershell button, it will create the URL based on current machine. This can be adjusted afterward. (It will also attempt to find the Exchange URL and autofill that.)
    • When clicking the Exchange button, it will look up the Exchange environments available. If more than one, it will present the user with a choice. If only one, it will fill the box.
    • For both, it will prompt before overwriting existing values.
  • Recipient for audit emails
    • Since Exchange will send audit logs via email, a mailbox must be used as an intermediate step to processing audit logs. Previously, the address had to be the default administrator mailbox. Now, any email address can be used, provided that it has permissions to receive audit logs, and that the LOGbinder service has access to the mailbox's items.
  • Added events 25661-25686, from Exchange service packs
  • Adjusted formatting of events
    • For events that list mail items, instead of including redundant XML, extract the subject lines of each item and present as a list
    • This affects events 25001, 25006, 25007, 25010
  • For audit log search events, determine if the event was triggered by LOGbinder. If so, treat as noise event. Otherwise, handle as previously with events 25210 and 25190.
  • A number of other fixes and improvements

LOGbinder EX 2.5.33 (1/2/2015)

  • Fix incorrect tagging of some Syslog outputs

LOGbinder EX 2.5.32 (12/2/2014)

  • Fix bug which causes overlapping searches

LOGbinder EX 2.5.28 (10/24/2014)

  • Add support for LEEF output

LOGbinder EX 2.5.16

  • Fix bug where enabling security log created error when starting service from Control Panel

LOGbinder EX 2.5.15

  • Fix retried transactions so mark as completed

LOGbinder EX 2.5.13

  • If attached file is not valid XML, will write error message and mark as complete
  • Create default transactions when new input is created
  • Fix transaction writing so does not write A B C D

LOGbinder EX 2.5.5 (9/2/2014)

  • Add to Options the ability to change LOGbinder's output directory
  • Purge settings: completed transactions older than a month will be purged to keep the settings file size manageable
  • Allow to set "Last Processed" for mailbox and admin events
  • Allow to use network location for Syslog output, by changing Alternate Output Directory in Options
  • Add Test button to Output properties of Syslog outputs to test connection
  • Adjust Output window to indicate that date is part of CEF/Syslog file name
  • Make LOGbinder Control Panel / Service start more efficiently
  • Rework caching to ensure efficiency
  • Do not process event backlog when starting
  • Mail message processing: detect known errors contained in messages and mark the transaction 'ERRORED'
  • Throttling: allow no more than 7 queries to the Exchange server at any time
  • Better handling of "transactions" in settings
  • If requests to Exchange take longer than 24 hours, then retry so that it doesn't cause throttling.
  • Set polling interval automatically, based on internal intelligence; remove polling interview from Options
  • Improved way of handling timezones
  • Fix issues with logging, stopping service

LOGbinder EX 2.0.2 (1/18/2014)

  • Handle memory error from Security log

LOGbinder EX 2.0.0 (9/2/2013)

  • Support Exchange 2013
  • Add number of active mailboxes to Options
  • Licensing based on number of enabled mailboxes
  • Give more meaningful message if bad credentials entered during installation
  • Adjust installer so installs for all users properly
  • Truncate large events written via Syslog
  • Not allow getting license count to slow down opening of Control Panel

LOGbinder EX 1.1.8 (7/25/2013)

  • Truncates CEF/Syslog messages being sent via UDP at 65000, because of Syslog limitations

LOGbinder EX 1.1.7 (7/15/2013)

  • Caches mailbox count, to improve performance for large installations

LOGbinder EX 1.1.6 (6/21/2013)

  • Do not perform audit log search if end date is before start date

LOGbinder EX 1.1.4 (4/15/2013)

  • Truncate large events being written to Security log
  • Improve error reporting

LOGbinder EX 1.1.1 (2/14/2013)

  • New event #550 “LOGbinder process report”
  • New event #558 “LOGbinder process warning”
  • Fixed several small issues

LOGbinder EX 1.0.4 (10/19/2012)

  • First release
  • Adjusted for variations in email subject line
  • Fixed mailbox event handling

On a scale of 1-5, please rate the helpfulness of this article

Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!

Still have questions - Submit a new ticket