NXLog Docs

Changelog

5.5.7535 (29 April 2022)

- [3934] Fixed TLS handshake issue when NXLog is connecting to itself
- [3660] Documentation is now bundled as a multi-page HTML document
- [3678] om_raijin now treats URLs ending with or without / the same
- [3754] Fixed an assertion triggered by xm_admin in str.c/_nx_string_create()
- [3539] Fixed an assertion error in logqueue.c/nx_logqueue_peek()
- [3360] Added Google Chronicle unstructured logging output module
- [3830] Fixed a TCP socket descriptor leak
- [3344] Implemented extract_xml() in xm_xml and extract_json() in xm_json
- [3676] Fixed a logic error causing configcache.dat not being created until the first clean shutdown of NXLog
- [3855] Fixed reconnect throttle during failover
- [3696] Fixed a segmentation fault in om_exec occasionally triggered when the executed script exits with an error
- [3500] Implemented saved positions in im_azure
- [3821] Fixed issue where im_azure caused high CPU usage when an invalid SharedKey is used
- [3449] Added capturing of the resolved address from DNS analytical logs
- [3559] Added im_etw Session directive
- [3346] Fixed issue in macOS where traceId parsing was causing a 64bit int overflow
- [3264] Updated the im_http module to negotiate Accept-Encoding header
- [3741] Fixed issue where flow control is activated when it is set to FALSE
- [3549] im_azure Blob and Table modes updated to use dynamic field mapping
- [3729] Fixed im_maculs segmentation fault when encountering an unknown data object type
- [3516] Fixed im_systemd to add the NXLog user to the systemd-journal group
- [3616] Fixed issue with excessive logging for NetFlow v9 traffic
- [3722] Added support for IEC61850 event and message filtering
- [2801] Added python modules to the Windows package
- [3727] Fixed an issue in im_wseventing with Kerberos auth on Linux/Docker
- [3739] Fixed error reporting in xm_admin in case of "ServerRestart" failure
- [3663] Fixed a typo in the default managed.conf
- [3708] Fixed a false "Malformed logqueue metadata" error message when PersistLogqueue is set to TRUE
- [3669] Fixed an assertion error in om_elasticsearch when dynamic ID directive is used
- [3651] Fixed issue with agent unable to load some patterns sent from Manager
- [3460] Added Support for multiple TCP connections per module
- [3535] Fixed runaway CPU usage in network output modules on Windows when name resolution fails during connection setup
- [3327] Added CAThumbprint directive to om_kafka on Windows
- [2725] Fixed xm_admin/SOAP error message when ModuleStop, ModuleStart, and ModuleRestart calls fail
- [3619] Fixed xm_kvp setting some fields to null when KVPDelimiter is set to ' '
- [3028] Improved the performance of HTTP modules
- [3645] Improved xm_sap fields
- [3638] Fixed im_systemd to save position regularly, to prevent event duplication after an agent crash
- [3644] Fixed memory leak in xm_ruby-libnxruby
- [1595] Updated the macOS GUI installer
- [3561] Fixed assertion error when xm_rewrite drops a record and deletes fields
- [2429] Added xm_sap for parsing SAP audit logs
- [3637] Fixed a potential memory corruption in xm_json when the key length exceeds 500 bytes
- [3576] Fixed a crash in xm_json when parsing specific Windows events and Unflatten is TRUE
- [1775] Implemented field substitution in regular expressions
- [3622] Fixed im_exec not reading script output
- [3606] Fixed a memory leak in im_linuxaudit
- [3636] Fixed an issue in the im_etw module, assertion failing after setting kernelflags
- [3542] Fixed im_linuxaudit failing on ARM
- [2048] Fixed a rare hang in om_tcp caused by a race condition
- [3583] Implemented "AbortOnDoubleSigterm" directive
- [3618] Fixed an issue with im_etw not collecting events from some providers
- [2223] Added support for multiple Provider directives to im_etw
- [2969] Added im_pcap performance improvements
- [3109] Added support for writing a JSON array consisting of multiple events to a file in om_file
- [3609] Fixed an issue in the im_etw module where setting “MatchAllKeyword” and “MatchAnyKeyword” had no effect
- [3489] Updated the Kafka modules to use the librdkafka recommended broker configuration method
- [3621] Fixed an issue where xm_nps fails to parse a record when it contains the MS-RAS-Client-Version field
- [3378] Improved xm_python error message when it fails to open the script file
- [3573] Fixed an issue in xm_json where InputType failed to set $raw_event
- [3599] Fixed segmentation fault when BufferSize is 0 or 1
- [2433] Added feature to report detailed NXLog build information
- [3340] Added feature for NXLog to search the entire Windows certificate store during certificate verification
- [3589] Fixed assertion error in om_zmq.c/_om_zmq_message_alloc()
- [3534] Added copy-truncate rotation strategy to file_cycle()
- [3554] Fixed pm_blocker assertion failure in module.c/nx_module_progress_batch()
- [3268] Fixed an issue with incorrect dropped event count reported via xm_admin for im_internal
- [3509] Fixed SNI related certificate verification failure in im_azure
- [3346] Fixed 64-bit int overflow in xm_json caused by the traceId field on macOS
- [1973] Fixed infinite loop when the "include" directive includes itself recursively
- [1593] Modified im_etw to resolve and display the Channel name using the ID
- [3536] Added support in im_maces for proc_check, pty_grant, pty_close
- [3507] Fixed runaway reconnection when server certificate verification fails with im_azure
- [3503] Fixed exec_async() error causing a file handle leak
- [3322] Fixed om_azure 403:Forbidden failures
- [3061] Improved the performance of im_maculs
- [3395] Added support for the field Level in im_imvistalog and im_etw
- [3389] Fixed memory leaks in im_pcap
- [3422] Implemented failed_over() function for detecting if the module's primary destination failed
- [3352] Fixed a memory leak in nx_record_set_field_value after throwing an exception

5.4.7313 (2 September 2021)

- [3525] Added support for Debian 11
- [3532] Updated OpenSSL to 1.1.1l in generic packages to address CVE-2021-3712 and CVE-2021-3711
- [3544] Patched libapr in generic packages to address CVE-2021-35940
- [3206] Added support for resolving additional fields in im_maculs
- [3537] Changed OS name on macOS systems to "macOS"
- [3224] Implemented JSON array parsing in im_http
- [3503] Fixed assertion failure reported in pm_norepeat
- [3495] Fixed overly noisy warning in putFile logging on Windows
- [3475] Added NXLog version dependency to module packages - DEB
- [3177] Added NXLog version dependency to module packages - RPM
- [2561] Fixed unnecessary ListenAddress logging
- [3492] Fixed runaway reconnection when the output hostname cannot be resolvabled
- [3504] Fixed a crash in im_azure triggered by a missing CA certificate file used in the configuration
- [53] Implemented support for automatically reopening externally rotated output files in om_file
- [3255] Added support for Azure Log Analytics workspaces in im_azure
- [3228] Added support for Apple Endpoint Security framework in im_maces
- [3453] Improved error message in im_ssl when the peer does not return a certificate
- [3430] Added support for NetFlow Enterprise fields
- [2297] Implemented InputType for xm_json
- [2824] Improved include_stdout error handling
- [3463] Fixed multiple parsing errors in the DNP3 dissector
- [3057] Fixed faulty reconnect timer tracking in om_udp
- [3191] Fixed im_fim to handle corrupted key value store files gracefully
- [3174] Fixed xm_admin to track reconnection timeouts per IP address
- [3330] Fixed a hang in xm_admin when getLog pulls a file over StringLimit
- [3384] Fixed an assertion error in im_file when the input file is truncated
- [3259] Fixed xm_admin to handle moduleStop calls to itself
- [2215] Added support for multiple Channel directives in im_msvistalog
- [3278] Added Reconnect directive to xm_admin
- [3320] Fixed an error causing om_http to fail if Binary mode and compression are both enabled
- [2944] Modified the priority of scheduled events to correct behavior on module start
- [3365] Modified field name restrictions to allow '@'
- [3051] Added support for parsing the URL of incoming POST requests in im_http
- [787] Added support for HTTP PUT to om_http
- [3335] Fixed SSL cipher negotiation issue on SLES12-SP5
- [3379] Fixed EvtRender failed error in im_msvistalog
- [2730] Fixed file_cycle() on UNC paths
- [2465] Added OnError directive for customized HTTP error handling
- [3139] Added NegativeCacheExpiry directive to xm_resolver
- [3138] Fixed regex escaping in replacement strings
- [3107] Modified the syslog parser to use int data type for pid
- [3192] Added OS logging to startup log entry
- [3015] Added a new directive DirectoryReadingOrder to im_file
- [3290] Fixed a memory leak in im_linuxaudit
- [1593] Added Channel name resolution using ID to im_etw
- [2755] Unified file-related directive parsing
- [2516] Added automatic configuration recovery option to xm_admin
- [2452] Improved error message for name resolution errors on Windows
- [3193] Modified im_pcap to restart after an interface error
- [3440] Fixed anchor parsing in im_http
- [3372] Fixed segmentation fault in librdkafka
- [3373] Fixed overly narrow implementation of the AllowUntrusted directive
- [3331] Fixed an error in xm_admin causing getLog to hang when a size is not specified
- [3416] Fixed im_exec to capture STDERR of the external command
- [3203] Improved om_elasticsearch _bulk API error handling
- [3339] Improved SSL error message "SSL must be configured"
- [3412] Fixed assertion error in im_msvistalog line 1648
- [3303] Added support for API version 2015-02-21 to im_azure to fix HTTP error 409
- [2281] Added warning for '\ ' at end of line
- [3426] Fixed incorrect pointer type for JAVAHOME
- [3424] Fixed segmentation fault in xm_perl when the script is not found
- [2936] Fixed a memory leak in im_tcp triggered by high reconnect rates with many connections
- [2850] Added ExcludeSize directive to im_fim
- [dependencies#104] Updated expat, libcap, librdkafka, and pcre2 in generic packages
- [3357] Fixed date formatting in JSON functions
- [3001] Fixed an assertion error when the input/output converter's instance name is missing
- [1292] Support for additional fields (Opcode, Category) in im_etw
- [2978] Added output sanitization to xm_admin's getlog
- [2764] Added UNC path support to im_msvistalog
- [3131] Fixed NetFlow processing errors in xm_netflow
- [3162] Improved error message when an external DLL cannot be loaded on Windows
- [3169] Strip all NXLog modules to save space
- [2647] Updated Windows builds to APR 1.7
- [3129] Fixed im_linuxaudit warnings about additional unknown field types
- [3223] Fixed xm_cef field mapping to better match the standard (end->rt )
- [3301] Fixed a potential SSL-related memory leak
- [3296] Added support for Ubuntu 20 and Red Hat 8 on ARM
- [3274] Fixed panic on unresolvable hostname or non-local address in im_udp
- [3275] Implemented to_snare() function in xm_syslog
- [3205] Fixed missing log generation on opening listen port in im_udp
- [3096] Fixed a potential queue overflow in im_fim and im_regmon
- [3267] Fixed a memory leak in im_linuxaudit
- [3306] Fixed "iconv failed: 84" error in im_wseventing

5.3.6735 (19 May 2021)

- [3334] Fixed an incompatibility warning on macOS Big Sur
- [3337] Fixed high CPU utilization when an SSL connection is reset
- [3322] Fixed an error causing om_azure to generate 403 errors
- [3342] Fixed a memory leak in om_msvistalog when ResolveGUID is enabled

5.3.6720 (15 April 2021)

- [2322] Implemented uid_to_name() and gid_to_name() cache
- [1576] Implemented native ULS logging module im_maculs for macOS
- [2930] Fixed flow control issue triggered by unused processor modules in the configuration
- [1665] Cleaned up pointers used for storing data
- [2781] Implemented support for returning route and extension module information in xm_admin
- [3067] Fixed a crash in xm_admin triggered by connection addresses that cannot be resolved
- [3071] Fixed a crash in xm_resolver
- [2550] Fixed a file corruption issue when compressed streams are used together with file rotation
- [3087] Fixed an assertion error in im_maculs triggered by calling the module_restart() procedure
- [2952] Fixed a memory leak in processor modules caused when NXLog starts with a full logqueue
- [3119] Fixed an assertion error in xm_resolver triggered by im_linuxaudit with ResolveValues set to TRUE
- [3086] Fixed a valgrind reported uninitialized value in im_linuxaudit_connect()
- [2753] Implemented multiple input address support in network input modules
- [2827] Implemented failover support in xm_admin Connect mode
- [2869] Implemented NXLog Binary Protocol over HTTP in im/om_http
- [3098] Implemented correct timestamp scaling factor for Apple M1 CPU
- [3137] Fixed a crash triggered by a debug dump happening while NXLog is busy resolving domain names
- [3125] Fixed a bug in im_internal causing runaway CPU usage even when not connected to a route
- [2406] Implemented an IEC-61860 protocol parser in im_pcap
- [3149] Refactored int8_t into portable nx_int8_t because of platform differences
- [2983] Retired and removed UDS socket support from xm_admin
- [3133] Fixed a flow control error in im_systemd
- [2422] All modules and binaries are now stripped
- [3108] Fixed a memory leak in xm_multiline
- [3034] Fixed an assertion error on permission denied in im_file
- [3037] Improved error message about FlushLimit deprecation
- [3023] Fixed error handling for error ORA-12514 in im_odbc
- [2702] Fixed pm_buffer error causing buffer_count() to always return 0
- [3014] Fixed a memory leak in xm_python
- [2955] Fixed an Windows specific im_tcp performance issue
- [3143] Fixed a segmentation fault triggered by a low StringLimit
- [2995] Implemented om_sentinel for sending events to Microsoft Azure Sentinel
- [3153] Fixed a crash in om_raijin and om_elasticsearch triggered by a missing raw_event field
- [3151] Fixed a crash in om_http triggered by a missing raw_event field
- [2673] Implemented pushing executable files in xm_admin
- [3129] Fixed im_linuxaudit warnings about unknown field types
- [3027] Fixed a file descriptor leak in im_maculs
- [3045] Fixed an error in xm_admin resulting in a missing response body when parameter parsing fails
- [3075] Implemented TCP connection statistics in xm_admin
- [3136] Fixed "zlib compression error(0)" in om_batchcompress with certain BufferSize values
- [2925] Implemented logging of response data on HTTP errors in om_elasticsearch
- [3180] Implemented route and extension information in xm_admin's serverinfo response
- [3195] Fixed an error where the SSL session was not started after TCP connection setup
- [2986] Implemented reconnect() procedure in the network output modules
- [3199] Fixed "no space left on device" error when opening a socket on Windows
- [3220] Implemented support for multiple listen addresses in the network modules
- [3141] Changed im_redis to accept a quoted string for the Key directive
- [3235] Fixed date handling issues on Red Hat 8
- [2667] Implemented multi-record JSON array output in om_http
- [3217] Fixed an om_sentinel memory leak with the Proxy directive
- [3080] Fixed multiple unkown data type errors in im_maculs
- [3237] Fixed an assertion error caused by a large getlog call in xm_admin
- [3252] Fixed incorrect escaping in om_raijin
- [3232] Fixed a memory leak in xm_json
- [3240] Changed Red Hat RPM to depend on a specific Red Hat version
- [2911] Changed the macOS package names to include CPU architecture
- [1341] Enabled direct upgrade from NXLog CE and trial packages
- [3256] Set production name om_azure for the new Microsoft Azure Sentinel output module
- [3276] Fixed an assertion error in xm_admin related to UDP module statistics
- [1857] Implemented compression mode for HTTP input and output modules
- [3262] Fixed a crash in im_wseventing
- [3269] Fixed an im_udp regression that broke xm_netflow

5.2.6388 (18 December 2020)

- [1576] Implemented im_maculs for collecting logs from Apple's Unified Logging System
- [2866] Added collection of librdkafka performance data to im_kafka and om_kafka
- [1858] Added a common HTTP layer to NXLog
- [2990] Restored the SNI directive in om_http
- [2721] Fixed bad sockaddr error in im_linuxaudit
- [2895] Added missing hostname field to im_linuxaudit records
- [2898] Fixed an error in im_http causing it to send invalid Content-Length
- [MR2454] Fixed an error in im_azure's chunked encoding parser
- [2915] Fixed a memory leak in local queue de/serialization reported by Valgrind
- [2956] Fixed an error causing Kerberos authentication issues in im_wseventing
- [2939] Fixed a bug manifesting as an SSL handshake error in im_azure
- [2931] Fixed a request format error in om_elasticsearch
- [2943] Fixed an infinite read loop in im_msvistalog when reading ETL files
- [2750] Added charset to the content-type header in om_raijin
- [2777] Removed accidentally packaged perl528.dll from the Windows packages to restore xm_perl functionality
- [2896] Fixed a segfault in the BACNET decoder
- [2408] Implemented S7 protocol support in im_pcap
- [2916] Fixed multiple crashes in im_pcap
- [2579] Unified ownership and permission handling in pipe, file, and UDS outputs
- [2860] Fixed a segfault in im_linuxaudit triggered when loading the module with no rules
- [2783] Fixed a memory leak in om_batchcompress
- [2880] Fixed a deserialization error in im_raijin
- [2864] Optimized pool handling in the NXLog core
- [2374] Implemented IEC104 dissector in im_pcap
- [2826] Implemented LLDP dissector for the PROFINET protocol in im_pcap
- [2878] Added deprecation warning for the FlushLimit and FlushInterval directives
- [2861] Fixed an issue in om_raijin causing it to stop after 1 request
- [2883] Increased the thread stack size on AIX
- [2856] Fixed an SSL-related crash in im_batchcompress
- [2439] Implemented functions for logging librdkafka performance statistics
- [2838] Implemented additional parsing for PROFINET RTC-PDU
- [2620] Fixed a Unicode escaping issue in common JSON handling code
- [2848] Fixed a segmentation fault in uuid.c
- [2723] Fixed an error causing reload through xm_admin to fail if im_wseventing is in use
- [1619] Cleaned unnecessary RPATH from Linux generic packages
- [1327] Fixed various Valgrind error reports
- [2498] Refactored the raw event format in im_msvistalog
- [2789] Implemented additional parsing for PROFINET RTA-PDU and UDP-RTA-PDU
- [2499] Refactored the raw event format in im_odbc
- [2492] Refactored the raw event format in im_etw
- [2503] Refactored the raw event format in im_winperfcount
- [2497] Refactored the raw event format in im_mseventlog
- [2501] Refactored the raw event format in im_regmon
- [2494] Refactored the raw event format in im_kafka
- [2487] Refactored the raw event format in im_acct
- [2813] Added missing content-length header to xm_admin HTTP responses
- [2379] Fixed incorrect use of SSL_shutdown()
- [2242] Fixed stalling connections in im_ssl
- [2815] Fixed a performance issue in im_regmon
- [1858] Refactoring to use common HTTP layer
- [2372] Implemented PROFINET SCADA protocol in im_pcap
- [2715] Fixed an error causing im_odbc to lose position after a restart
- [2790] Fixed BOOL output for change-of-state events in the BACNET parser
- [2733] Refactored parts of xm_asl
- [2659] Implemented additional data link types in im_pcap

5.1.6133 (17 September 2020)

- [2599] Added im_pcap to the Windows packages
- [2720] Fixed an issue that cause the agent to remain running after it's uninstalled on Red Hat
- [2728] Changed the default configuration to enable NXLog Manager integration
- [2372] Added BACNET decoder to im_pcap
- [382]  Included patterndb.xsd to the NXLog packages
- [2580] Unified the default NXLog service state across the different Linux packages
- [2688] Added parsing of response data to om_raijin
- [2556] Fixed a segmentation fault in xm_asl
- [1770] Improved handling of nested quotes in xm_kvp
- [2535] Fixed an issue with im_etw not populating the hostname field
- [2294] Enabled dpkg package signing
- [2740] Fixed a memory leak in nxlog_set_capabilities
- [2319] Fixed an error where binding to 0.0.0.0 was causing NXLog to listen on [::]
- [1878] Fixed the Python modules to set PYTHONPATH correctly
- [2493] Unified the raw event format in im_fim
- [2495] Unified the raw event format in im_linuxaudit
- [2376] Resurrected lost WSDL file for the xm_admin module
- [2629] Fixed an assertion error when restarting with a full pm_buffer queue
- [1989] Fixed a memory leak in xm_go and im_go
- [2500] Unified the raw event format in im_pcap
- [2502] Unified the raw event format in im_systemd
- [2407] Implemented DNP3 protocol parser in im_pcap
- [2496] Unified the raw event format in im_mark
- [2505] Unified the raw event format in xm_netflow
- [2321] Fixed an error in xm_exec causing a 20s delay in shutdown
- [2504] Unified the raw event format in im_aixaudit
- [2491] Unified the raw event format in im_dbi
- [2628] Implemented JSON format for storing complex Modbus responses
- [2588] Fixed an error causing the output to be truncated when operating on large input files
- [2528] Updated the Redis modules to use common TCP code
- [2364] Implemented new Capabilities global directive
- [2593] Fixed an error causing bogus warnings about CacheFlushInterval
- [2506] Unified the raw event format in xm_snmp
- [2490] Unified the raw event format in im_bsm
- [2093] Updated the Python modules to work with python 3.x
- [2596] Improved im_odbc resilience in case of database deadlock errors
- [2438] Modified im_exec to capture the STDERR of the executed process
- [2486] Unified the raw event format in im_internal
- [2511] Fixed an error in im_wseventing causing a failure to collect forwarded events with EventID 4662
- [2274] Implemented common functions for handling raw event formatting
- [2569] Made the DBName and DBTable directives of om_raijin mandatory
- [2597] Fixed an assertion error in im_msvistalog when ResolveSID is enabled
- [2587] Fixed a segmentation fault in im_batchcompress
- [2533] Fixed an error leading to event loss when nxlog-processor was sending data over a network output
- [2405] Implemented logic for im_pcap to automatically detect the default interface
- [2613] Added missing Content-Length to im_http responses
- [2397] Fixed lax permissions set by the Windows installer when installed in a non-default location
- [2409] Fixed a memory leak im in_zmq
- [2560] Cleanups in xm_admin
- [2576] Improved string escaping in om_raijin
- [1892] Synchronized librdkafka's "queue.buffering.max.messages" with our LogqueueSize directive
- [2573] Fixed missing xm_soapadmin -> xm_admin link in the AIX package
- [2388] Fixed an error causing delayed scheduled event processing
- [2568] Fixed packaging scripts on Solaris to cleanly stop NXLog on uninstall
- [2571] Fixed a bogus error message when an include is pointing to a missing directory
- [2454] Added handling of double quotes to the LogFile global directive
- [2456] Fixed high CPU usage when a network destination is unavailable
- [2391] Unified spelling of the EventID field in im_etw and im_msvistalog
- [2582] Fixed an error causing a stopped im_odbc module instance to keep the SQLite database file open
- [2372] Implemented PROFINET protocol parser in im_pcap

5.0.5874 (23 June 2020)

- [2575] Updated the Windows installer to properly migrate configuration files on upgrade
- [340] Fixed an error causing statistical counters to show undef before the end of the first interval
- [2430] Fixed an error in im_wseventing causing repeated TLS handshakes
- [2137] Unified network modules configuration syntax
- [2544] Implemented file rotation on open for xm_zlib
- [2453] Fixed an error where getfile() failed when xm_admin was loaded via an xm_soapadmin symlink
- [2514] Added a redirection for changed configuration file names to xm_admin
- [2537] Fixed *m_pipe pipe permission issues
- [2441] Updated librdkafka dependency to 1.4.2 in generic packages
- [2371] Added Modbus protocol parser to im_pcap
- [849] Added functionality to chain multiple types in OutputType or InputType directives
- [591] Implemented file_hash() in xm_fileop
- [2381] Fixed a segfault on shutdown
- [1566] Added support for TLSv3
- [2419] Fixed an issue limiting om_kafka performance
- [2375] Fixed im_pcap to handle capturing multiple protocols properly
- [2156] Added detection and handling of infinite recursion in xm_rewrite
- [2403] Added creation of registry entries on first start on Windows Nano
- [477] Re-added Reconnect and ReconnectInterval directives
- [2387] Fixed an error causing NXLog failing to stop on Windows
- [2421] Fixed handling of paths beginning with \ in the LogFile directive on Windows
- [2402] Re-added LogConnections directive to im_wseventing
- [2415] Fixed an im_ssl segmentation fault on Windows
- [2404] Added parsing for quoted string values in im_pcap's Filter directive
- [630] Implemented encryption and decryption support in xm_crypto
- [19] Implemented compression and decompression module xm_zlib
- [2284] Fixed an issue in im_msvistalog causing the EventData/ContextInfo field to be ignored
- [2323] Improved parsing of double quoted strings in im_linuxaudit
- [2384] Fixed null characters showing up in the internal log during high load
- [2067] Moved log4ensics.conf to managed.conf
- [2044] Refactored SSL/TLS common code
- [2299] Implemented the ReusePort directive for im_tcp and im_udp
- [2354] Implemented the is_scanning() function in im_fim
- [2385] Implemented parsing of quoted values in the PatternFile directive
- [2359] Fixed incorrect EventTime field in im_pcap
- [2365] Fixed incorrect escape sequence error in om_raijin
- [2378] Fixed a runtime fault during loading xm_leef on Windows 2016 Datacenter
- [2320] Fixed an assertion error at line 797 in syslog.c/logdata_linebreaks_replace() of xm_syslog
- [2358] Implemented capability handling in im_pcap
- [2370] Fixed an assertion error at line 68 in coremodule.c/nx_coremodule_dropped_records_log()
- [2343] Updated networking code to support the new libapr function apr_sockaddr_info_copy()
- [2362] Fixed an issue where parse_syslog() was adding a bogus EventTime field to invalid events
- [2352] Fixed an error causing im_pcap to return an empty raw_event field
- [2221] Fixed excessive CPU usage issue in om_http
- [1141] Migrated xm_soapadmin to xm_admin
- [1704] Fixed a bogus warning about thread count
- [865] Added logging for dropped events when flow control is false
- [2349] Fixed a crash in the TCP and UDP modules
- [2001] Added reporting of max queue size to xm_admin
- [1470] Fixed a segfault in Java modules caused by trying to add a non-existent file to ClassPath
- [2326] Implemented increasing reconnect delay in xm_admin
- [2342] Fixed an error causing the configuration parser to refuse / as a path separator on Windows
- [1827] Added logging of IP address in addition to DNS names to the network modules
- [2327] Fixed an error causing im_tcp to refuse the IPv6 any host address "::"
- [2300] Fixed an error in om_tcp causing constant repeated reconnects
- [2078] Fixed a memory leak in failover code
- [2256] Changed networking modules to log the client address in error messages
- [1194] Changed default configuration to include the etc/nxlog.d as configuration directory
- [2276] Fixed an error causing the configuration parser to ignore empty lines when calculating the position in config files
- [2257] Unified nxlog_exit() in main-unix.c and main-win32.c
- [1875] Implemented ID resolution in im_linuxaudit
- [1521] Refactored the network stack
- [2145] Fixed a LocalPort directive parsing error when combined with the Host destination:port format in om_batchcompress
- [2230] Fixed an error causing the first execution of a Schedule block to occur 4:25m runtime and showing 0 counter value
- [1903] Removed support for kafka modules on AIX as librdkafka lost upstream support on that platform
- [2263] Fixed an error causing configuration validation to throw an error instead of a warning when no routes are defined
- [2130] Fixed a potential stack corruption issue in nx_module_pollset_poll
- [2245] Fix an error causing an empty raw_message field in im_bsm
- [1703] Disabled the Python modules on AIX
- [2110] Refactored the per TCP connection pool usage in modules
- [2233] Fixed an error causing panic on shutdown
- [2205] Fixed an error in im_msvistalog causing "[error code: 0] no error" being reported
- [1992] Updated the SNMP library in xm_snmp
- [2043] Refactored connect/reconnect code
- [774] Fixed escaping of Windows paths
- [1913] Renamed nx_logdata_t to nx_record_t to align with the move to internal batch processing
- [1957] Fixed a segmentation fault in xm_admin triggered by an expired server certificate
- [2248] Implemented support for per URI path batching in om_http
- [2239] Fixed an error regarding snappy compression not being available in Windows packages
- [2244] Implemented multi-line batch mode in om_http and im_http
- [1999] Fixed a memory leak in pm_norepeat
- [1528] Refactored NetFlow code
- [2142] Fixed an error in parse_syslog causing the Hostname and EventTime fields to remain empty when the hostname contains numbers
- [1297] FlowControl now drops the oldest record first
- [2174] Fixed an error causing messages to be logged with the wrong context when SuppressRepeatingLogs is TRUE
- [1286] Fixed an error where ASCII NULL characters showed up in nxlog.log when SuppressRepeatingLogs is TRUE
- [2237] Disabled the im_pcap module on FreeBSD
- [2092] Fixed a memory leak in om_http
- [2187] Fixed a parsing error in im_bsm producing empty event records
- [1308] Added support for all uppercase module names like IM_NULL in addition to the literal name im_null
- [2186] Fixed im_aixaudit hanging
- [354] Fixed an error where a \ at the end of a comment line turned the next line into a comment
- [2083] Fixed a memory leak in nx_module_stop_self()
- [2146] Fixed an error causing LocalPort to become ineffective in om_udpspoof
- [2155] Added an error message when LocalPort is used in Listen mode for om_tcp
- [1923] Implemented retry logic with backoff for apr_file_open() errors in im_kernel variants
- [2139] Cleaned up leftover reconnect code in om_http
- [1987] Fixed a memory leak in xm_filelist
- [1985] Fixed a memory leak in xm_asl
- [2149] Fixed various inconsistencies in the implementation of the FlowControl directive
- [2168] Fixed an error in the xm_leef LEEFHeader directive causing processing to stop
- [1469] Added support for Redis pub/sub communication
- [2075] Added support for read-only system volumes to the macOS installer
- [1657] Added support for retrieving certificates from the Windows certificate store using the thumbprint
- [1917] Fixed an error causing the Windows executable to refuse config check (-c) without running in the foreground (-f)
- [2108] Fixed an error causing add_http_header() to fail after xm_rewrite call
- [2080] Fixed a memory leak in the config cache code
- [1207] Fixed consistency problems when handling duplicate audit rules in im_linuxaudit
- [1506] Added an internal queue for im_internal
- [1933] Implemented a common parser function for SSL configuration options
- [2129] Fixed an error causing the NXLog configuration check to accept configuration with only an output module
- [2106] Fixed a segmentation fault in nxlog_version()
- [2134] Fixed an error causing im_odbc to lose the last read position in a table
- [1994] Fixed an SSL-related memory leak in im_http
- [2081] Fixed a memory leak in xm_kvp
- [1988] Fixed a memory leak in xm_fileop
- [2066] Added field prefix support to parse_kvp() of the xm_kvp module to avoid field name collisions
- [2125] Fixed an error in om_udp causing high CPU usage
- [2090] Fixed a segmentation fault in the escape_json() function
- [2084] Fixed an error causing om_udp failover not to kick in despite the port being unreachable
- [2085] Fixed an error causing om_http to fail with an empty path (e.g., "URL http://server:8080")
- [2068] Fixed an error preventing NXLog from starting in Docker if im_internal is used
- [1909] Fixed NXLog startup to ensure event processing does not start before all modules are initialized
- [2086] Fixed a memory leak in im_ssl with low open file limit
- [2076] Fixed an error in xm_leef resulting in sporadic parsing issues under high event load
- [1975] Fixed a debug log parsing error in xm_msdns
- [2000] Fixed memory leaks reported by Valgrind in pm_pattern
- [1990] Fixed memory leaks reported by Valgrind in xm_pattern
- [1955] Fixed an issue causing nxlog.log to be removed but not recreated on rotation
- [2037] Fixed an issue where NULL characters truncated the response to getLog, getFile, or serverInfo requests
- [28] Added TCPNoDelay directive to om_ssl and om_tcp
- [2025] Added ReadTimeout for nxlog-processor to exit the process when its inputs have no more data
- [2046] Fixed inconsistencies in xm_leef leading to parsing errors when the delimiter is not a TAB
- [1986] Fixed a memory leak reported by Valgrind in xm_charconv
- [2056] Fixed a bug causing crashes in nxlog-processor when ActiveFiles > 1300 and LogLevel is debug
- [1997] Fixed a memory leak reported by Valgrind in pm_evcorr
- [1597] Fixed various thread safety issues discovered by Valgrind
- [2040] Modified the default value of IncludeHiddenFields to TRUE in all applicable extension modules
- [2013] Fixed an error causing slow TLS negotiation in im_batchcompress
- [1641] Fixed an error causing paused modules to reject connection attempts
- [987] Deprecated obsolete im_wmi module
- [1650] Deprecated experimental xm_stdinpw module
- [2008] Fixed uninitialized bytes error reported by Valgrind
- [2027] Fixed an error mapping the "$SeverityValue" field to "sev" in the xm_leef to_leef() function/procedure
- [2009] Fixed an error preventing failover in case of name resolution errors
- [2038] Added support for Amazon Linux on ARM64
- [2005] Added the ability to detect LEEF events with missing fields in parse_leef()
- [2018] Added the ability to detect LEEF events with missing timestamp or hostname in parse_leef()
- [1761] Added feature to return a value from xm_exec
- [1976] Fixed an error preventing xm_msdns from parsing flag codes from PACKET events
- [1571] Fixed a malformed SSL error log when the PEM file is missing on SLES15
- [1915] Added BatchFlushInterval directive
- [1550] Implemented batch processing architecture
- [2047] Fixed librdkafka compilation error in librdkafka with OpenSSL 1.0.2s on Windows
- [1951] Fixed an issue where "Include nxlog.d/*.conf" was not loading files in alphabetical order
- [2042] Fixed missing separator in xm_leef output
- [2033] Fixed an error causing upgrades from nxsec package to NXLog package to ignore existing agent configuration
- [1949] Added IncludeHiddenFields directive to enable to_json() in xm_json to handle field names starting with . or _
- [1891] Added support for multiple File directives to im_msvistalog
- [1826] Added better support for PersistLogqueue to om_kafka
- [1926] Added support for librdkafka 1.1.0 on Windows
- [1531] Fixed handling for "resource temporarily unavailable" errors thrown by the OS
- [2003] Fixed om_kafka to handle the lack of support for security.protocol in librdkafka 0.8.x
- [1927] Added AddHeader directive to om_elasticsearch for sending additionl HTTP headers such as Authorization
- [1970] Added parse_windows_eventlog_xml() to xm_xml for parsing Window XML EventData
- [2016] Disabled im_pcap on OpenBSD
- [2002] Fixed a segmentation fault in om_elasticsearch caused by the introduction of failover functionality
- [821] Added im_pcap for capturing network traffic
- [1869] NXLog package for RHEL 8
- [1867] Fixed an om_kafka error causing the last queued event to be duplicated on restart
- [1947] NXLog package for Debian 10
- [1788] Added support for kerberos/sasl to om_kafka in Windows and generic packages
- [1930] Fixed an error causing om_http and im_http starting an SSL handshake and waiting indefinitely after connecting
- [1954] Fixed regression causing the NXLog started message to be omitted from im_internal's log
- [1899] Fixed an error causing a segmentation fault in the CTRL-C handler when im_internal is in use
- [1948] Modified xm_cef to validate the CEFSeverity field extension field keys according to current specification
- [1434] Fixed SSL modules to conform to documented SSLProtocol behavior
- [1836] Added command line switch to suppress logging to standard output
- [1894] Added functionality to nx_value_from_string() for detecting int64 overflow and converting data to a string
- [1219] Removed deprecated im_oci and om_oci modules
- [1896] Refactored widetoutf8() from individual modules to the common core
- [1907] Added separate packaging of Java modules to OS-specific packages
- [1882] Added the AllowUntrusted directive to SSL modules to allow connections with expired certificates
- [1928] Fixed use-after-free error in im_msvistalog causing crashes
- [1722] Fixed error in im_dbi that caused the raw_event field to remain empty
- [1921] Fixed a buffer handling error causing im_batchcompress to get stuck in a loop
- [1437] Changed default SSL protocol version value to TLSv1.2 only
- [1925] Fixed xm_cef to follow up the upstream type change of externalID field from integer to string
- [1782] Added functions to selectively resolve SID and GUID values in xm_resolver
- [1633] Added support for the Windows certificate store to all SSL-enabled modules
- [1905] Fixed multiple race conditions in xm_grok
- [586] Added a function get_registryvalue() to the NXLog language for querying registry entries on Windows
- [1872] Fixed a type detection and conversion error in to_json() of xm_json
- [1776] Added the DetectNumericValues directive to xm_kvp to parse numeric values as integers
- [1194] Changed the log4ensics.conf location to conf.d
- [435] Added multipart batch mode to the HTTP modules
- [252] Added failover support for output module
- [1886] Fixed an issue causing NXLog to stop forwarding logs when PersistLogqueue is TRUE
- [1864] Moved JSON-related code into common code
- [1877] Fixed a startup crash in chroot environment
- [1721] Added CreateDir directive to pm_buffer
- [1876] Fixed an error in im_msvistalog causing failed authentication for the NXLog service user
- [1783] Added support for signed binary macOS packages
- [1860] Fixed an error causing a "not enough data to decode serialized binary buffer" message to be printed
- [971] Fixed a logging issue causing xm_soapadmin and xm_admin to log spurious errors and warnings
- [1852] Fixed an error causing an assertion failure when loading invalid Python script
- [1009] Added new om_raijin module for sending data to Raijin, the schemaless database engine
- [1447] Added custom labels to xm_soapadmin and xm_admin to support storing arbitrary strings
- [1848] Removed libnxfilepath
- [1832] Fixed an error in the SpoolDir and CacheDir directive handling that was causing relative paths to fail
- [1809] Fixed an error causing xm_admin to log only sever_info calls in the debug logs
- [1724] Added support for storing resolved SID/GUID values in separate fields to im_msvistalog
- [737] Added support for specifying the LogLevel directive at module-level
- [1553] Improved the startup time with large number of queue files
- [1358] Added INSTALLDIR variable to the default nxlog.conf
- [1871] Fixed an error causing om_kafka to randomly stop polling for new events
- [1845] Fixed a parsing error caused by empty fields in the parse_cef() procedure of xm_cef
- [1803] Added sha1sum, md5sum, sha512sum, base64encode, and base64decode functions to NXLog's internal language
- [1470] Added Java input, output, and extension modules
- [1815] Added support for the Severity string to the parse_cef() procedure of xm_cef
- [1748] Added support for millisecond resolution parsing of the "start" field in xm_cef
- [1269] Fixed an error causing om_kafka to connect even if it is not included in any route
- [775] Added Go input, output, and extension modules
- [1835] Fixed a segmentation fault when Threads is set to 2
- [1847] Fixed several errors in xm_cef
- [1838] Fixed a crash in im_file when accessing a file via a UNC path
- [1830] Fixed a compatibility issue with librdkafka 1.0.0 in om_kafka
- [1829] Fixed a compatibility issue with librdkafka 0.8.3 in om_kafka
- [1807] Fixed a segmentation fault in nx_module_input_func_linereader_clean
- [618] Added support for RenderingInfo element to im_msvistalog
- [1728] Added STATIC_ASSERT() to enable compile-time assertion checks
- [1758] Added Level, MatchAnyKeyword, and MatchAllKeyword directives to im_etw, replacing hardcoded values
- [1213] Added an INFO message to report successful reconnection in om_udp
- [1822] Added support for "Flags" field to im_etw
- [534] Added IPADDR data type, replacing and unifying the IP4ADDR and IP6ADDR data types
- [1819] Fixed an issue where xm_soapadmin gets stuck in an infinite loop
- [1810] Fixed data corruption in parse_cef() when multiple module instances are using it
- [1823] Fixed a memory leak in im_dbi with PostgreSQL
- [1831] Fixed a segmentation fault in om_kafka caused when the process is interrupted with CTRL-C just after startup
- [1789] Fixed an error in im_wseventing where the raw_event field was not populated
- [1798] Fixed an im_internal crash caused by dividing by 0 in an Exec
- [1272] Fixed an om_kafka issue where the module was reading data from the route even when it was not connected to Kafka
- [1755] Fixed error handling in xm_soapadmin where it was not sending a SOAP fault for local configuration issues
- [1744] Added the AllowInvalidCounters directive to im_winperfcount to enable the module to start when invalid counters are referenced
- [1361] Fixed om_kafka printing duplicate error messages for incorrect properties in Options
- [1423] Fixed an om_kafka crash caused by librdkafka 0.9.4
- [1812] Fixed an "unknown publisher" error in signed Windows MSI installers
- [1796] Fixed duplicate debug message in xm_msdns
- [1797] Fixed parsing error of 12:00:00 PM in xm_msdns
- [1591] Fixed multiple issues with event type and severity assignment in im_wseventing
- [1618] Fixed an issue in xm_multiline where the "/s" regex modifier in the HeaderLine directive was causing a syntax error
- [1507] Added module and instance names to internal log entries
- [1764] Added missing LOG::NXLog Perl module to Windows packages
- [1765] Fixed im_bsm parsing issues on macOS
- [1757] Added compression support to OpenSSL on Windows
- [1282] Added logic to pm_buffer to clean up queue files after events have been sent
- [474] Fixed a memory leak in om_elasticsearch
- [1733] Fixed a race condition in configcache triggered by multiple instances of im_msvistalog
- [1762] Fixed a segmentation fault in xm_admin caused by requests to "getlog" with malformed JSON
- [1767] Fixed test failures caused by pcre2 update
- [684] Added im_systemd to collect logs from the systemd journal
- [1253] Added Call directive to *m_perl and *m_python modules
- [1664] Set a default value for SpoolDir on Windows
- [1691] Added support for the "Microsoft-Windows-IIS-FTP" event provider
- [1150] Fixed im_acct to use camel case field names
- [1558] Updated Windows packages to OpenSSL 1.1.1a
- [1740] Added support for dynamic field names to the Windows XML event parser
- [1700] Added CreateDir directive to im_uds
- [1296] Removed deprecated GetProcAddress usage from various modules on Windows
- [203] Added im_pipe and om_pipe modules for reading and writing logs to named pipes on UNIX-like systems
- [314] Updated the Perl version for Windows
- [1730] Added support for parsing second, millisecond, and microsecond resolution timestamps
- [1734] Added support for seconds and milliseconds to datetime()
- [1711] Added strcasestr() for use on platforms where it is not provided
- [1735] Fixed an im_linuxaudit parsing issue causing valid rules failing to load
- [1727] Fixed packaging scripts for generic DEB packages so alternative names of library files will be symlinked
- [1716] Fixed an xm_bsm issue caused by replacing getauevnum() with getauevnum_r() on Solaris
- [1731] Fixed an issue causing delayed event collection in im_msvistalog
- [1668] Added support for TLS compression in SSL-enabled modules
- [1556] Added support for event grouping in pm_evcorr
- [1710] Fixed a hang in file_cycle() during file rotation
- [1718] Fixed Kafka modules disappearing from generic packages
- [1681] Modified im_msvistalog to show the channel name in error messages
- [1690] Fixed subscription errors throwing an ERROR despite TolerateQueryErrors being true
- [636] Refactored xm_syslog's xm_syslog_input_func_rfc5425
- [1699] Fixed a FlowControl directive error
- [645] Added support for parsing UserData and EventData fields in im_msvistalog
- [645] Added support for creating prefixed copies of EventData and UserData fields in im_msvistalog
- [1708] Updated AIX packages to OpenSSL 1.1.x, pcre2
- [1324] Migrated from pcre to pcre2 on Debian, Ubuntu, FreeBSD, OpenBSD, MacOS, and Solaris
- [1590] Fixed broken xm_bsm on macOS 10.14 (Mojave)
- [1393] Added ResolveGUID directive to im_msvistalog
- [1702] Fixed "xm_soapadmin_free_input" error in xm_soapadmin
- [1476] Added support for verbose audit output to xm_aixaudit on AIX
- [1661] Updated SLES12, SLES15, FreeBSD, OpenBSD, MacOS, and Solaris packages for OpenSSL 1.1
- [1669] Fixed a libapr dependency issue in generic RPM packages
- [MR1136] Started using the libssl package instead of libssl1.0 for building DEB packages
- [1688] Fixed an error causing General Protection Failure on shutdown
- [1685] Fixed a memory leak and misuse of log_info() for debug output
- [1644] Fixed a segmentation fault on exit on Windows
- [1683] Fixed a memory leak in im_fim
- [868] Added the ability to pass arguments to functions of the Perl modules
- [1413] Added support for different timestamp formats in xm_msdns
- [1670] Fixed regression where the om_http module did not call om_http_erase_hdrflds on module stop
- [MR1111] Fixed NXLog Manager address handling in Docker containers
- [1665] Refactored pointer usage
- [1645] Fixed encoding error when loading Ruby gems
- [1587] Updated FreeBSD and OpenBSD installers to deploy nxlog.conf instead of nxlog.conf.sample
- [590] Added IPv6 support
- [1260] Fixed an error where Exec after RubyCode would lose events
- [904] Fixed issues found during fuzz testing of various parser functions
- [1420] Changed the handling of the Hostname field to accept an IP address in addition to hostname as a string
- [1258] Fixed RubyCode relative path parsing
- [1254] om_ruby now requires the RubyCode directive
- [1604] Fixed a memory leak in im_file
- [1219] Deprecated *m_oci modules
- [1271] Fixed a crash when running multiple im_perl instances
- [1310] Added support for collecting raw XML in im_msvistalog
- [886] Set the default configuration file location to INSTALLDIR on Windows
- [1396] Fixed an om_python crash caused by a NULL value
- [1371] Fixed xm_charconv assertion errors caused by malformed UTF-16LE files
- [1151] Added support for the Severity and SeverityValue fields to im_acct
- [1257] Disabled invalid methods for Ruby modules
- [1623] Added locking to xm_fileop to prevent a race condition when multiple directives reference the same file
- [1440] Fixed errors in parse_nps() found during fuzz testing
- [1263] Removed unused Module instance from being a required om_ruby argument
- [1428] Fixed errors in parse_leef() found during fuzz testing
- [1441] Fixed errors in parse_xml() and parse_multiline() found during fuzz testing
- [1085] Fixed om_webhdfs timeout and x509
- [606] Added wildcard support for the File directive in im_msvistalog
- [596] im_msvistalog now detects file changes and reopens files when it is set to read from file
- [650] Added support for resolving SID values in the UserData field XML in im_msvistalog
- [666] Added the ability to set "_id" in om_elasticsearch
- [1490] Fixed im_fim so it is not sensitive to case-only filename changes on Windows
- [1505] Added logging of "NXLog started" event in im_internal
- [1466] Fixed xm_bsm errors found while fuzz testing
- [1464] Fixed error handling to prevent NXLog crashing because of a division by zero
- [1452] Suppressed DNS lookup failures in xm_resolver
- [1520] Fixed xm_gelf interoperability with im_file
- [1518] Added proxy support to om_http and om_elasticsearch
- [1535] Cleaned up connection code in the network modules
- [1578] Fixed xm_netflow error "No template definition ... cannot parse v9 packet until template definitions are refreshed"
- [1536] Follow up ProcessID change to ExecutionProcessID in to_syslog()
- [1411] An empty Keep directive in xm_rewrite now throws error
- [1572] Fixed busy loop in im_linuxaudit
- [1532] Fixed a segmentation fault on loading configuration with a partial default route
- [1427] Introduced PatternFile directive and fixed related error handling in xm_grok
- [1569] Fixed om_ruby hanging on exit in Valgrind
- [1586] Set default SpoolDir value
- [1626] Fixed an error where im_wseventing ignored HTTPSCAFile
- [1616] Fixed im_wseventing bookmark handling error
- [1611] Fixed spelling mistakes in log messages
- [1608] Fixed an xm_perl assertion failure
- [1298] Fixed im_wseventing stalling
- [1535] Fixed connection cleanup in *m_batchcompress
- [1541] Fixed an error causing im_batchcompress to not receive a full packet
- [1582] Fixed an issue causing om_elasticsearch to stop forwarding logs after a while
- [1255] Added  public call() procedure to xm_python
- [1190] Fixed a hang when im_python calls to xm_python
- [1579] Changed the im_etw Channel string to ChannelId integer
- [1425] im_bsm is now restricted to reading device files
- [1584] Fixed library file location on macOS
- [1552] Fixed failed assertion on exit in im_udp
- [1554] Fixed run user change not working on some operating systems
- [1357] Fixed nx_date_fix_year setting a time in the future
- [1546] Fixed Kerberos authentication handling in im_wseventing
- [1370] Fixed xm_charconv BOM handling
- [1545] Fixed PdhAddEnglishCounterA() failure resulting in xm_soapadmin disconnecting
- [1187] Disabled invalid methods for Python modules
- [1335] Added man pages to Unix/Linux installers
- [1549] Added backup script to Solaris package to ease upgrades
- [1509] Fixed xm_admin crashes in Listen mode
- [1544] Improved exit handling of im_checkpoint to prevent it becoming a zombie
- [1416] Added TCP 2514 as default port for om_batchcompress