Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.


This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.

uberAgent Event Generator Changelog

Version 6.0

Release notes

  • Removed dependency to the Splunk Event Generator app. uAEventGen is now a .NET Core application.
  • Added sample data for new ESA hash calculation feature.
  • Added sample data for new ESA activity monitoring engine.
  • Added sample data for ESA scheduled task monitoring.
  • Added sample data for Microsoft Edge (Chromium).

Improvements

  • Configuration: configure number of RDSH servers (e.g. 2x Citrix + 1x VMWare + 3x RDP).
  • Configuration: processes started during boot, login, or in-session are now configurable.

New Sourcetypes

  • Sourcetype: new sourcetype uberAgentESA:Process:ProcessStop with fields: Timestamp, ProcName, ProcUser, ProcLifetimeMs, AppId, ProcID, ProcParentID, SessionID, ProcGUID, SessionGUID, ProcParentName, ProcPath, ProcCmdline, IsElevated, AppVersion, ProcParentGUID, ProcHash, HashType, IsProtected.
  • Sourcetype: new sourcetype uberAgentESA:ActivityMonitoring:ProcessTagging with fields: Timestamp, EventType, ProcName, ProcParentName, ProcUser, ProcLifetimeMs, ProcID, ProcParentID, ProcGUID, ProcParentGUID, ProcPath, ProcCmdline, ProcTag1, ProcRiskScore1, ProcHash, IsElevated, SessionID, SessionGUID, AppId, AppVersion, HashType, ImageName, ImagePath, ImageHash, NetTargetIp, NetTargetName, NetTargetPort, NetProtocol, IsProtected, EventCount.
  • Sourcetype: new sourcetype uberAgentESA:System:ScheduledTasks with fields: Timestamp, TaskEventType, TaskFolder, TaskName, TaskUserName, TaskPrincipal, LogonType, Elevated, TaskAuthor, TaskHidden, WakeToRun, HasActions.
  • Sourcetype: new sourcetype uberAgentESA:System:ScheduledTaskActions with fields: Timestamp, TaskPath, IsDeprecated, ActionType, ActionListIndex, ExePath, ExeArguments, ExeWorkingDir, ComClsid, ComData, ComBinary, ComHandlerDescription, ComRemoteComputer, ComServiceName, AutoElevated, EmailBcc, EmailCc, EmailFrom, EmailServer, EmailSubject, EmailTo, MsgTitle, MsgContent.
  • Sourcetype: new sourcetype uberAgentESA:System:ScheduledTaskTriggers with fields: Timestamp, TaskPath, TriggerId, TriggerType, EventTriggerSubscription, EventTriggerNumValues, TriggerUserId, LogonTriggerPossiblyGroup, TriggerEnabled, TriggerStartBoundary, TriggerEndBoundary, TriggerRepetitionDuration, TriggerRepetitionInterval, TriggerRepetitionStopAtDurationEnd, TriggerListIndex, DayDisplayName, WeekDisplayName, MonthDisplayName, DayOfMonthDisplayName, DailyTriggerDaysInterval, WeeklyTriggerWeeksInterval, MonthlyTriggerRunOnLastDayOfMonth, MonthlyDowTriggerRunOnLastWeekOfMonth, StateChangeId, WnfTriggerStateName.
  • Sourcetype: uberAgent:Process:ProcessStartup has new field(s): IsProtected.
  • Sourcetype: uberAgent:Process:ProcessStartup has new field(s): ProcHash, HashType and ProcParentGUID (these requires ESA to be enabled).
  • Sourcetype: uberAgent:Process:NetworkTargetPerformance has new fields: NetTargetSendLatencyInitialMs and NetTargetSendLatencyInitialCount.
  • Sourcetype: uberAgent:OnOffTransition:BootProcesses has new fields: SortOrder2 replaces SortOrder because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:Session:SessionDetail has new fields: SessionClientHwIdCtx2 replaces SessionClientHwIdCtx because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:Session:SessionDetail has new fields: SessionRpLatencyMs2 replaces SessionRpLatencyMs because the Kafka data type was incorrect (int instead of double).
  • Sourcetype: uberAgent:CitrixADC:AppliancePerformance has new fields: NumCpus2, MemSizeMB2, and MemUseInMB2 replaces NumCpus, MemSizeMB, and MemUseInMB because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:CitrixADC:Gateway has new fields: TotalRequests2, TotalResponses2, and SessionTimeout2 replaces TotalRequests, TotalResponses, and SessionTimeout because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:CitrixADC:vServer has new fields: ActSvcs2, TotHits2, TotalRequests2, TotalResponses2, VSLBHealth2, and SessionTimeout2 replaces ActSvcs, TotHits, TotalRequests, TotalResponses, VSLBHealth, and SessionTimeout because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:CitrixADC:ApplianceInventory has new fields: SSLCards2 and SSLCardsUp2 replaces SSLCards and SSLCardsUp because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:Application:Errors has new field(s): HangType.
  • Sourcetype: uberAgent:System:MachineInventory field BatteryWearLevelPercent does not report negative numbers anymore if the full charged capacity is higher than designed capacity.
  • Sourcetypes: merged the following KV sourcetypes into the new CSV sourcetype uberAgent:Logon:LogonDetail: uberAgent:Logon:SessionLogonTime, uberAgent:Logon:ProfileLoadTimeMs, uberAgent:Logon:GroupPolicyProcessingTimes, uberAgent:Logon:GroupPolicyLogonScriptTimeMs, uberAgent:Logon:SessionEnd, uberAgent:Logon:ADLogonScriptTimeMs, uberAgent:Logon:ResWmProcessingTimeMs, uberAgent:Logon:ShellStartupTimeMs, uberAgent:Logon:TotalLogonTimeMs, uberAgent:Logon:LogonPerformance.
  • Sourcetypes: merged the following KV sourcetypes into the new CSV sourcetype uberAgent:Logoff:LogoffDetail: uberAgent:Logoff:SessionLogoffTime, uberAgent:Logoff:ProfileUnloadTimeMs, uberAgent:Logoff:GroupPolicyLogoffScriptTimeMs, uberAgent:Logoff:TotalLogoffTimeMs, uberAgent:Logoff:LogoffPerformance.
  • Sourcetype: replaced KV sourcetype uberAgent:Logon:GroupPolicyCSEDetail with CSV sourcetype uberAgent:Logon:GroupPolicyCSEDetail2. No changes to the fields.
  • Sourcetype: uberAgent:Process:NetworkTargetPerformance has new fields: NetTargetSendJitterMs and NetTargetSendJitterCount.
  • Sourcetype: uberAgent:Process:ProcessDetail has new fields: ProcIOLatencyReadMs2 and ProcIOLatencyWriteMs2 replaces ProcIOLatencyReadMs and ProcIOLatencyWriteMs because the Kafka data type was incorrect (int instead of double).
  • Sourcetype: uberAgent:Process:LogonProcesses has new fields: ProcIOLatencyReadMs2 and ProcIOLatencyWriteMs2 replaces ProcIOLatencyReadMs and ProcIOLatencyWriteMs because the Kafka data type was incorrect (int instead of double).
  • Sourcetype: uberAgent:Process:LogonProcesses has new fields: SortOrder2 replaces SortOrder because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:Process:LogoffProcesses has new fields: SortOrder2 replaces SortOrder because the Kafka data type was incorrect (string instead of int).
  • Sourcetype: uberAgent:Process:LogoffProcesses has new fields: ProcIOLatencyReadMs2 and ProcIOLatencyWriteMs2 replaces ProcIOLatencyReadMs and ProcIOLatencyWriteMs because the Kafka data type was incorrect (int instead of double).
  • Sourcetype: uberAgent:Logoff:ProfileUnloadTimeMs (now merged into uberAgent:Logoff:LogoffDetail) has new field: ProfileUnloadTimeMs2 replaces ProfileUnloadTimeMs because the Kafka data type was incorrect (string instead of number).
  • Sourcetype: uberAgent:Citrix::Licenses has new fields: LicenseEdition2 replaces LicenseEdition because the Kafka data type was incorrect (int instead of string).
  • Sourcetype: uberAgent:System:GpuUsage has removed fields: ComputeUsagePercentEngine0 through ComputeUsagePercentEngine11 because a much more useful alternative exists with the sourcetype uberAgent:System:GpuUsageEngine.
  • Sourcetype: uberAgent:Session:SessionCount has been removed.
  • Performance counters: changed the sourcetype names from uberAgent:System:PerformanceCounter to uberAgent:PerformanceCounter:TimerName (where TimerName is the timer name from uberAgent’s configuration).

Comments

Your email address will not be published. Required fields are marked *