25. 03. 2019 Oreste Attanasio Log Management, Log-SIEM, NetEye, Unified Monitoring

Safed improvements since 1.10.1

The Safed agent keeps track of the events it receives from the Eventlog by keeping the LastEventID in registry. At start time the agent tries to retrieve all events from Windows Eventlog since starting from the LastEventID. When the amount of events since LastEventID is too large or the LastEventID has been removed from the EventLog, the Safed Agent may hang and apparently do nothing.

The new Safed version (1.10.1) introduces an important bugfix that avoids the agent to hung. This has been accomplished by modifying the agent’s behavior at start time. The LastEventID ist still taken into account at start time, but it can’t be older than the maximum cache days defined in the agent configuration.

Hence, to maximize performance when using Safed for realtime event monitoring it is advised to set the cache, expressed in days as Number of Cache files under Network Configuration to 0.
This way the agent won’t try to retrieve old events on start.

On the other hand, if Safed is used to collect data for auditing purposes, we advise to keep the above value higher, in order for the agent to try to retrieve all events received by the Eventlog during the agent’s downtime.

Please keep in mind that because of the EventLog design, Safed may slow down anyways if the amount of events it has to receive/recover upon start is too large. We recommend to keep the agent monitored by NetEye itself and to add a restart policy on the service, in order to avoid these situations.

Please find the new version under Downloads

Oreste Attanasio

Oreste Attanasio

Team Leader Service & Support at Würth Phoenix
I graduated in Applied Computer Science at the University of Bolzano in 2006. After 3 years of experience as consultant in a small IT business IT I decided to move on, and found Würth Phoenix as a good starting point for a career. After serving several years as a developer, consultant and support engineer, I now lead the Service & Support Team and aim to deliver best quality services to our customers, by helping them using our products together with the strength of Open Source, in which I strongly believe.

Author

Oreste Attanasio

I graduated in Applied Computer Science at the University of Bolzano in 2006. After 3 years of experience as consultant in a small IT business IT I decided to move on, and found Würth Phoenix as a good starting point for a career. After serving several years as a developer, consultant and support engineer, I now lead the Service & Support Team and aim to deliver best quality services to our customers, by helping them using our products together with the strength of Open Source, in which I strongly believe.

Latest posts by Oreste Attanasio

09. 03. 2021 Contribution, NetEye, Unified Monitoring
NeDi 1.9 security advisory
04. 02. 2020 NetEye, Service Management
Microsoft will Deny Plain LDAP Connections to AD Beginning March 2020
14. 08. 2018 Unified Monitoring
NagMap and Google Maps
14. 07. 2016 NetEye
Aktivieren Sie Ihren Account für unser neues Service Desk Portal
14. 07. 2016 NetEye
Accesso al nuovo portale service desk
See All

Related Content

Tags: , ,

01. 07. 2019 Downloads / Release Notes

Updated Safed Agent v1.10.1 for UX

The Safed agent for AIX version 7.1 now supports TLS 1.3 based on WolfSSL 3.15.7. The Safed agent 1.10.1 for UX is available on our github repository. Follow the steps described in the README file to compile and install both Read More
29. 03. 2019 Log Management, NetEye

Host Creation via Icingacli Commands for Monitoring and Deploying a Safed Agent Configuration

Creating hosts in NetEye’s Director module can sometimes be time-consuming and a repetitious, tiring and boring job. Especially if you have to populate Director with a large number of hosts for setting up a test environment, for example. One solution Read More
07. 02. 2019 Log-SIEM, NetEye

Secure Connections for the Safed Agent

The Safed agent can be configured via https and send its collected logs to the log collector though a TLS connection. The latest released version - 1.9.1 - supports TLS 1.2 (at a minimum) and TLS 1.3. The first step Read More
03. 12. 2015 Log Management, NetEye

Trace Windows Administrators Login Activities with Safed

Sometimes it is required to trace login/logoff activities of the administrator in order to be compliant with legal guidelines or simply for security reasons (see also our article "What to do with all those logs"). The Safed agent for Windows can be Read More
06. 12. 2013 Log Management, NetEye

Windows process tracking with Safed

As well known, the Safed agent for Windows can collect events from the event log, filters them and forward the matched records to a centralized syslog server. There are some preconfigured set of events concerning basic activities that have to Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive