By a wide margin, the support issues we hear about are resolved by revisiting the steps provided in the Troubleshooting section of the LOGbinder application’s Getting Started Guide. Our support desk reports that most customers “self-serve” by checking that section or even the Windows Event Viewer for details, but only after first submitting a trouble ticket. We are happy to have such feedback by the way; it helps us to make sure our installation guides are comprehensive.

But here’s a tip for all the other support issues where such “Tier 1” steps don’t fix the problem: review the LOGbinder diagnostic log file(s). Here’s how to generate this troubleshooting file(s):

1. Choose “File | Options” from LOGbinder control panel.

2. Set “Logging level” to 1 and start or restart the service.

3. Waiting for the issue to happen again, find all log files in C:\ProgramData\LOGbinderXX folder (where XX=SP, SQL or EX for the SharePoint, SQL Server or Exchange audit solution). The log files will have a “.log” suffix to the file name. The number of log files in the folder will depend on the LOGbinder application.

Very often the bit of information needed to resolve a problem is contained in the LOGbinder-generated diagnostic log file. Customers often successfully troubleshoot their issues by perusing these files.

If you need our technicians to help you with a particular problem connected to LOGbinder, attach these level 1 diagnostic files to the email requesting support. Doing so will greatly decrease the time it takes our technicians to help you solve the problem. Many of the initial questions the support desk will have are answered in one or more of these diagnostic log files.

Some of you may be seeing a new word crop up in recent Microsoft communications about its applications’ audit: “legacy”. This word is now distributed liberally in TechNet articles. What does it mean? In Microsoft terminology, and in the context of their just-released public and beta versions of their applications’ security audit, it means “current” or “existing”.

A new audit, called “Unified Audit Logging” or UAL, is expected to be introduced by Microsoft later in 2016. UAL will replace the current audit function (or at least be released in tandem), which is why the word “legacy” has started to show up in recent communications from the people in Redmond.

LOGbinder supports Microsoft’s “legacy” audit and, we can assure you we are on the bleeding edge of development for improved and meaningful SIEM security audit solutions—including the coming Unified Audit Log.