Release notes

NXLog Agent 6.3

Release date

13 May 2024

New
  • Added new functionality to the xm_nps module:

    • Parsing of DTS (XML-style) log format

    • Automatic detection of the log format

  • Enhanced the event coverage of the im_maces module up to macOS API v13

  • Added new functionality to the xm_pattern module and configuration language:

    • Exact string matching can now be performed using contains, startswith, and endswith

    • Case sensitivity can be turned off

  • Modules that support TLS/SSL on the Windows platform now accept patterns to match the host and CA certificates, in addition to the exact thumbprint

  • Enhanced internal log messages:

    • The message "Host not resolved" now includes the hostname

    • It’s now possible to enable logging the exact cipher and protocol version of SSL connections for audit purposes

  • Added support for Debian 12

Known issues
  • Microsoft Windows Server 2022 and Windows 11 exhibit an error, causing the Event Log API to return fewer fields than expected. A workaround has been implemented for the problem. Microsoft fixed this issue from the following versions: Windows Server 2022 - Version 10.0.20348.740, Windows 11 - Version 10.0.22000.739.

  • Due to missing build dependencies, the Ubuntu 22.04, Red Hat Enterprise Linux 9, and Amazon Linux 2022 packages do not include the im_checkpoint module.

  • The om_googlelogging and om_googlepubsub modules do not support the BatchFlushInterval directive.

  • The following modules are not supported on Debian 8 Jesse and Debian 9 Stretch: om_chronicle, im_ms365, im_salesforce, im_googlelogging, om_googlelogging, im_googlepubsub, om_googlepubsub, im_amazons3, om_amazons3, and om_azuremonitor.

  • There is a small possibility that the im_ms365 module generates multiple events or the same email caused by a duplicate Reporting Web Service API response.

  • NXLog Agent relies on the external systemd library, which is usually a part of the operating system. Some container-related software may truncate the systemd journal and trigger an operating system-level SIGBUS error, which in turn may cause NXLog Agent to crash. This bug is already fixed on some operating systems, but the following were still affected on May 1 2024: Amazon Linux 2023, Debian 11.

NXLog Agent 6.2

Release date

4 December 2023

New
  • Added new functionality to im_file and im_fim modules:

    • Implemented new FollowSymlinks directive to uniformly support file and folder symlinks

    • Improved Recursive directive to support traversing nested folders

  • Added new functionality to the om_azuremonitor module:

    • Added an alias StreamName to the TableName directive to match the log stream name configured in the data collection rule (DCR) in Azure Monitor

    • Implemented autofill feature for the mandatory TimeGenerated outgoing message field if the field is empty or has incompatible data

  • Improved the om_kafka module to handle incompatible Compression options.

  • Improved the im_wseventing module to stop ignoring authentication

  • Modified the SetUid function of the xm_admin module to remove forceful reboot of NXLog Agent

Known issues
  • Microsoft Windows Server 2022 and Windows 11 exhibit an error, causing the Event Log API to return fewer fields than expected. A workaround has been implemented for the problem. Microsoft fixed this issue from the following versions: Windows Server 2022 - Version 10.0.20348.740, Windows 11 - Version 10.0.22000.739.

  • Due to missing build dependencies, the Ubuntu 22.04, Red Hat Enterprise Linux 9, and Amazon Linux 2022 packages do not include the im_checkpoint module.

  • The om_googlelogging and om_googlepubsub modules do not support the BatchFlushInterval directive.

  • The following modules are not supported on Debian 8 Jesse and Debian 9 Stretch: om_chronicle, im_ms365, im_salesforce, im_googlelogging, om_googlelogging, im_googlepubsub, om_googlepubsub, im_amazons3, om_amazons3, and om_azuremonitor.

  • There is a small possibility that the im_ms365 module generates multiple events or the same email caused by a duplicate Reporting Web Service API response.