Releases: spaghettidba/XESmartTarget
1.4.2
New TelegafAppender response type
- Added TelegrafAppenderResponse: writes to stdout line protocol data that can be used by telegraf execd plugin
- Signed setup kits with certificate
- Upgraded CommandLineParser to 2.8.0
- Added param --Quiet to suppress console output
- Added param --GlobalVairables to accept key/value pairs like key1=value1 key2=value2. These Global Variables can be used in json config files to replace the string $key with its value.
- Added param --NoLogo to suppress writing copyright information at startup
New Graylog response type
New Graylog response type by Andrew Wickham (@awickham10 )
1.3.0
In this release you can have multiple servers in the "ServerName" node of your JSON configuration file and each server will process the same Response configuration. In the attributes of each response you can use the {ServerName} placeholder to refer to the currently executing server.
Here is an example:
{
"Target": {
// use a list of servers
"ServerName": ["(local)\\SQL2017","(local)\\SQLEXPRESS2016"],
"SessionName": "login_audit",
"FailOnProcessingError": false,
"Responses": [
{
"__type": "TableAppenderResponse",
// each server will refer to itself with the {ServerName} placeholder
// this means that in this case each server will upload the event to itself
"ServerName": "{ServerName}",
"DatabaseName": "xedemo",
"TableName": "loginaudit",
"AutoCreateTargetTable": true,
"UploadIntervalSeconds": 10,
"Events": [
"login"
],
"OutputColumns": [
"database_name",
"collection_time",
"server_principal_name"
]
}
]
}
}1.2.3.0
Fixes a bug when aggregating data on a GroupedTableAppenderResponse when one of the non aggregated columns is NULL. The old behavior was to match old and new data comparing with the "=" operator, but NULL is notoriously equal to nothing, so whenever NULL was present in one of the non aggregated columns, a new row with the same exact data was added to the target table. The new behavior is to match on
''' sql
(src.column = dest.column OR ( src.column IS NULL AND dest.column IS NULL ))
'''
1.2.2.0
1.2.1.0
1.2.0.0
Implemented GroupedTableAppenderResponse. You can now use this response type to aggregate data before merging it to a target table.
Here is an example .json configuration:
{
"Target": {
"ServerName": "MyServer",
"SessionName": "loginaudit",
"FailOnProcessingError": false,
"Responses": [
{
"__type": "GroupedTableAppenderResponse",
"ServerName": "MyServer",
"DatabaseName": "xedemo",
"TableName": "loginaudit",
"AutoCreateTargetTable": true,
"UploadIntervalSeconds": 10,
"Events": [
"login"
],
"OutputColumns": [
"client_app_name",
"server_principal_name",
"client_hostname",
"database_name",
"MIN(collection_time) AS firstseen",
"MAX(collection_time) AS lastseen",
"COUNT(collection_time) AS logoncount"
]
}
]
}
}Based on this configuration, XESmartTarget writes to the target table using the non aggregated columns to match any existing data and merge it, depending on the aggregation type.
In this case, it matches (client_app_name, server_principal_name, client_hostname, database_name) and updates the aggregated columns accordingly:
MIN(collection_time)is updated only if the new value is<existing valueMAX(collection_time)is updated only if the new value is>existing valueCOUNT(collection_time)is added to the existing value
The data aggregated on the target table looks like this:
| client_app_name | server_principal_name | client_hostname | database_name | firstseen | lastseen | logoncount |
|---|---|---|---|---|---|---|
| .Net SqlClient Data Provider | SQLCONSULTING\gsartori | SQLCLP01 | XEDemo | 2018-09-27 11:46:43.423 | 2018-09-27 12:21:24.427 | 220 |
| SQLServerCEIP | SQLCONSULTING\SQLCSRV04$ | SQLCSRV04 | master | 2018-09-27 11:48:15.847 | 2018-09-27 12:18:19.107 | 15 |
| SQLAgent - Job Manager | SQLCONSULTING\sqlservice | SQLCSRV04 | msdb | 2018-09-27 11:50:00.830 | 2018-09-27 12:20:01.193 | 16 |
| SQLAgent - TSQL JobStep | SQLCONSULTING\sqlservice | SQLCSRV04 | master | 2018-09-27 11:50:00.883 | 2018-09-27 12:20:01.060 | 4 |
| SQLAgent - TSQL JobStep | SQLCONSULTING\sqlservice | SQLCSRV04 | distribution | 2018-09-27 11:50:00.890 | 2018-09-27 12:20:01.163 | 4 |
| SQLAgent - Update job activity | SQLCONSULTING\sqlservice | SQLCSRV04 | msdb | 2018-09-27 11:50:00.913 | 2018-09-27 12:20:01.200 | 8 |
| Microsoft SQL Server Management Studio | SQLCONSULTING\gsartori | SQLCLP01 | master | 2018-09-27 11:57:10.723 | 2018-09-27 12:03:29.763 | 17 |
| sqlops-GeneralConnection | SQLCONSULTING\gsartori | SQLCLP01 | master | 2018-09-27 11:57:31.957 | 2018-09-27 11:57:39.767 | 4 |
| sqlops-languageService | SQLCONSULTING\gsartori | SQLCLP01 | master | 2018-09-27 11:57:32.243 | 2018-09-27 11:57:32.243 | 1 |
| sqlops-Dashboard | SQLCONSULTING\gsartori | SQLCLP01 | master | 2018-09-27 11:57:32.367 | 2018-09-27 11:57:33.307 | 2 |
| Core .Net SqlClient Data Provider | SQLCONSULTING\gsartori | SQLCLP01 | master | 2018-09-27 11:57:33.327 | 2018-09-27 11:57:33.327 | 1 |
| sqlops-Query | SQLCONSULTING\gsartori | SQLCLP01 | master | 2018-09-27 11:57:33.477 | 2018-09-27 11:57:33.477 | 2 |
| SQLAgent - Schedule Saver | SQLCONSULTING\sqlservice | SQLCSRV04 | msdb | 2018-09-27 12:01:42.050 | 2018-09-27 12:01:42.050 | 1 |
1.1.0.0
XESmartTarget now supports x86 and x64 builds, thanks to incorporating Smo dlls via Nuget.
From now on, select the installation package that matches your platform.
1.0.8.2
Introduced centralized assembly versioning via SharedAssemblyInfo