Release notes

NXLog Agent 6.3

New

Added new functionality to the xm_nps module:
- Parsing of DTS (XML-style) log format
- Automatic detection of the log format
Enhanced the event coverage of the im_maces module up to macOS API v13
Added new functionality to the xm_pattern module and configuration language:
- Exact string matching can now be performed using contains, startswith, and endswith
- Case sensitivity can be turned off
Modules that support TLS/SSL on the Windows platform now accept patterns to match the host and CA certificates, in addition to the exact thumbprint
Enhanced internal log messages:
- The message "Host not resolved" now includes the hostname
- It’s now possible to enable logging the exact cipher and protocol version of SSL connections for audit purposes
Added support for Debian 12

Known issues

Microsoft Windows Server 2022 and Windows 11 exhibit an error, causing the Event Log API to return fewer fields than expected. A workaround has been implemented for the problem. Microsoft fixed this issue from the following versions: Windows Server 2022 - Version 10.0.20348.740, Windows 11 - Version 10.0.22000.739.
Due to missing build dependencies, the Ubuntu 22.04, Red Hat Enterprise Linux 9, and Amazon Linux 2022 packages do not include the im_checkpoint module.
The om_googlelogging and om_googlepubsub modules do not support the BatchFlushInterval directive.
The following modules are not supported on Debian 8 Jesse and Debian 9 Stretch: om_chronicle, im_ms365, im_salesforce, im_googlelogging, om_googlelogging, im_googlepubsub, om_googlepubsub, im_amazons3, om_amazons3, and om_azuremonitor.
There is a small possibility that the im_ms365 module generates multiple events or the same email caused by a duplicate Reporting Web Service API response.
NXLog Agent relies on the external systemd library, which is usually a part of the operating system. Some container-related software may truncate the systemd journal and trigger an operating system-level SIGBUS error, which in turn may cause NXLog Agent to crash. This bug is already fixed on some operating systems, but the following were still affected on May 1 2024: Amazon Linux 2023, Debian 11.

New

Added new functionality to im_file and im_fim modules:
- Implemented new FollowSymlinks directive to uniformly support file and folder symlinks
- Improved Recursive directive to support traversing nested folders
Added new functionality to the om_azuremonitor module:
- Added an alias StreamName to the TableName directive to match the log stream name configured in the data collection rule (DCR) in Azure Monitor
- Implemented autofill feature for the mandatory TimeGenerated outgoing message field if the field is empty or has incompatible data
Improved the om_kafka module to handle incompatible Compression options.
Improved the im_wseventing module to stop ignoring authentication
Modified the SetUid function of the xm_admin module to remove forceful reboot of NXLog Agent

Known issues

Microsoft Windows Server 2022 and Windows 11 exhibit an error, causing the Event Log API to return fewer fields than expected. A workaround has been implemented for the problem. Microsoft fixed this issue from the following versions: Windows Server 2022 - Version 10.0.20348.740, Windows 11 - Version 10.0.22000.739.
Due to missing build dependencies, the Ubuntu 22.04, Red Hat Enterprise Linux 9, and Amazon Linux 2022 packages do not include the im_checkpoint module.
The om_googlelogging and om_googlepubsub modules do not support the BatchFlushInterval directive.
The following modules are not supported on Debian 8 Jesse and Debian 9 Stretch: om_chronicle, im_ms365, im_salesforce, im_googlelogging, om_googlelogging, im_googlepubsub, om_googlepubsub, im_amazons3, om_amazons3, and om_azuremonitor.
There is a small possibility that the im_ms365 module generates multiple events or the same email caused by a duplicate Reporting Web Service API response.