Known issues

The following is a list of current known issues.

Issue	Affected version(s)	Fixed version
Google Cloud Pub/Sub modules trim messages containing a NULL byte	6.11 and newer
Events counted twice when FlowControl is active	6.8 and newer
OpenTelemetry Collector limitation when using gRPC+TLS	6.4 and newer
Missing Check Point input module	6.2 and newer
Unsupported modules on Debian 8 and 9	All
The Microsoft 365 input module generates duplicate events	All
Log rotation failure caused by a third party service	All
Events collected from Windows Server 2022 and Windows 11 have missing fields	All
NXLog Agent is not tested with OpenSSL 3.2.x	All

Issue

Affected version(s)

Fixed version

6.11 and newer

6.8 and newer

6.4 and newer

6.2 and newer

All

All

All

All

All

Google Cloud Pub/Sub modules trim messages containing a NULL byte

Affected version(s): 6.11 and newer
Description: The Google Cloud Pub/Sub input and output modules trim messages containing a NULL byte (\x00), discarding all subsequent data.
Workaround: Ensure that messages do not contain NULL byte characters at the event source or contact us if this is not possible.

Affected version(s): 6.8 and newer
Description: When FlowControl is active and it pauses a module instance, agent statistics may count events twice—once in the evt-fwd metric of the paused module instance and again in the evt-recvd metric of the next module instance.

Affected version(s): 6.4 and newer
Description: The OpenTelemetry Collector input module does not support gRPC+TLS when specifying an IP address for the listen address.
Workaround: Specify a domain name when when using gRPC+TLS.

Affected version(s): 6.2 and newer
Description: Due to missing build dependencies, the Ubuntu 22.04, Red Hat Enterprise Linux 9, and Amazon Linux 2022 packages do not include the Check Point OPSEC LEA input module.

Affected version(s)

All

Description

The Debian 8 (Jesse) and Debian 9 (Stretch) packages do not include the following modules:

Input modules	Output modules
Amazon S3 Google Cloud Logging Google Cloud Pub/Sub Microsoft 365 Salesforce	Amazon S3 Google Cloud Logging Google Cloud Pub/Sub Google SecOps Microsoft Azure Logs Ingestion

Input modules

Output modules

Affected version(s): All
Description: There is a small possibility that the Microsoft 365 input module generates multiple events for the same email. This issue is caused by a duplicate Reporting Web Service API response.

Affected version(s): All
Description: NXLog Agent relies on an external systemd service, which is usually a part of the operating system. However, there are several operating systems, such as CentOS 8 and 9, RHEL 9, Debian 12, Ubuntu 22 and 24, Amazon Linux 2023, and possibly others, that contain a known bug causing a failure during NXLog Agent log rotation. This issue results in an NXLog Agent crash (version 6.2 and earlier) or manifests as a log entry containing "BAD MESSAGE" (versions 6.3 and 6.3HF1).

This situation cannot be resolved by NXLog Agent alone. We implemented a recovery procedure to restore log acquisition, but during the failure, NXLog Agent cannot guarantee the acquisition of all events without losses.
Workaround: Contact us if you require technical support regarding this issue.

Affected version(s): All
Description: Microsoft Windows Server 2022 and Windows 11 contain a bug that causes the Event Log API to return fewer fields than expected.
Workaround: Upgrade Windows Server 2022 to version 10.0.20348.740 and Windows 11 to version 10.0.22000.739, where Microsoft addressed this bug.

Affected version(s): All
Description: NXLog Agent is not yet tested on operating systems that ship with OpenSSL 3.2.x, such as RHEL 9.5, and may have compatibility issues due to major changes introduced in OpenSSL 3.2.2.
Workaround: Downgrade OpenSSL to version 3.0.x.