                        
               CyberSafe Log Analyst
             Version 1.0 Release Notes
                     08/25/99
-----------------------------------------------------

Thank you for your interest in CyberSafe Log Analyst 
(CLA). CLA is designed as a snap-in to the Microsoft 
Management Console (MMC) used with Windows 2000.
It is a Windows 2000 security event log analysis tool
that uses predefined analysis techniques. CyberSafe
Log Analyst assists you in organizing and interpreting
security event logs from Windows 2000, providing more
effective, system-wide user activity analysis.

-----------------------------------------------------
Installation
------------

CyberSafe Log Analyst is easy to install. Be sure that 
you have installed Windows 2000 and that it is
operating correctly. In addition, Microsoft Management
Console must be installed before you install CLA. 

  ----------------------------------------------
  NOTE  To install CLA, you must be logged on
  as a user with full Administrative rights.
  ----------------------------------------------

To install the Intel version of CLA, in Windows 2000
Explorer, double-click Setup.exe located in the \Intel
subdirectory. To install the Alpha version of CLA, in
Windows 2000 Explorer, double-click Cla.exe in the
\Alpha subdirectory. The only information you need
during installation is the location where you want to
install CLA.

The installation program automatically adds CLA as 
a snap-in to the MMC. To launch both CLA and MMC, 
simply choose Start > Settings > Control Panel >
Administrative Tools > CyberSafe Log Analyst.

The first time you run CLA, you are prompted to enter 
your name and company name. Your company name is used 
when you generate reports.

-----------------------------------------------------
Hints and Warnings
------------------
* To effectively use CLA, you must have effective
security audit policy applied on the computers you
want to analyze. Your audit policy must include the
events you want to analyze. For more information,
see "Applying Effective Audit Policy" in the CLA
online help.

* If new items do not immediately appear in the 
results pane (for example, when you create a new 
report template or save event logs directly into the
Pending subdirectory), you can Refresh the display. 
To use Refresh, right-click the node in the scope pane 
(for example, the Report Templates node) and choose 
Refresh from the shortcut menu.

* If you use the "Large Fonts" setting in Windows
2000, we recommend that you set your VGA display to
a setting higher than 800x600.


Known Issues in CLA Version 1.0
-------------------------------

1. You will not see a progress meter when you com-
press the event database (right-click the CyberSafe 
Log Analyst top node and choose Utilities). However,
a confirmation message appears when the database
compression is complete.

2. You will not see a progress meter when you choose 
to purge your database (right-click the CyberSafe Log
Analyst top node and choose Utilities). However, a
confirmation message appears when the database has
been purged. In addition, you will not see a progress
meter, timer, or confirmation message if you choose 
to copy event logs back to the Pending subdirectory 
so they can be reanalyzed.

3. When you attempt to purge your database while the
Report Generator dialog box is open (this could occur
when the MMC window covers the dialog box), a file-
sharing violation ("Codebase") error will occur. To
purge your database, close the Report Generator
dialog box.

4. When you choose to delete an event log (in the
results pane), you are not asked to confirm if you
want to delete the file, and the file is deleted.

5. When you choose to uninstall CyberSafe Log Analyst,
two subdirectories are not deleted -- Database and
Archive. These subdirectories contain the files and
data that were analyzed. If you want to completely
uninstall CyberSafe Log Analyst, you can delete these
subdirectories using Windows 2000 Explorer.

6. When you create or modify a report template, the 
check box for Count in the Include Table Fields (in
the Report Template Designer dialog box) is always
enabled. This option is included so you can choose
how you want it included in the sort order.

7. When you generate reports, the Y-axis title does not
display when generating a 3D Chart report with a large
number of elements. In addition, legend labels are
truncated to display the last 45 characters.


-----------------------------------------------------
Getting Help
------------

You can reach CyberSafe Technical Support by email.
You can also reach Support on the World Wide Web.

  Email:      support@cybersafe.com
  Web:        www.cybersafe.com/cla.html


-----------------------------------------------------

Copyright 1998-1999 CyberSafe Corporation
All rights reserved.
August 1999