Changelog
5.8.8057 (24 April 2023)
- [4662] Improved the verification of publicly-signed remote certificates for TLS/SSL-enabled modules on Unix-like operating systems
- [4872] Fixed an issue where the input and output http modules can not loaded the system CA certificates without declaration
- [5000] Changed the AccesKey and SecretKey directives to optional in amazons3 modules
- [3961] Added functionality for MacOS to verify System CA certificates without specifying CAFile and CADir
- [4892] Fixed an assertion error at line 1064 in tcp.c/nx_tcp_cleanup() in im_ms365 triggered by module stop
- [5091] Added BatchFlushInterval support for om_chronicle module
- [5003] Added BatchFlushInterval support for om_amazons3 module
- [5022] Fixed an issue in om_googlelogging where the payload sent in the unstructured textpayload field instead of the structured jsonpayload field
- [5171] Fixed an issue where the chronicle, googlelogging, googlepubsub, ms365 modules started without error in case of unknown directives configured
- [4853] Fixed CPU and memory consumption in im_amazons3 on large files processing
- [4690] Added support for async in om_chronicle
- [4275] Added OnError directive to the om_elasticsearch module, allowing for per-record error handling
- [4967] Added om_azuremonitor module to use the new Azure Monitor Logs Ingestion API
- [4965] Fixed an issue in om_googlelogging where event severity was reported as Default
- [4759] Fixed a crash in om_file triggered by the io_err_handler() call
- [4962] Fixed an issue with im_azure analytics mode where the module was unable to pull data from azure log analytic workspace
- [4909] Fixed an issue with file processing in im_file, where some files were being skipped when using wildcards in the configuration
- [4843] Fixed an issue in im_file where NXLog couldn't delete self-created files
- [4810] Fixed a parsing problem in xm_w3c triggered by the ';' delimiter
- [3893] Added udp connection statistics to im_udp module reporting in xm_admin
- [4888] Fixed a segmentation fault triggered by openssl enrollment when 1.1.0 or older version is used
- [4883] Fixed the issue with im_file, which caused it to read the last character from the previous input as new input upon service restart
- [3771] Added input module for Salesforce REST API based on the NXLog Salesforce addon
- [4770] Fixed a conflict between the ActiveFiles and ReadOrder directives of the im_file module
- [4893] Fixed reconnect logs duplication in om_amazons3 module
- [4780] Fixed an issue where amazons3 modules did not report the connection statistics to xm_admin
- [4247] Added CPU architecture information to ServerInfo
- [4673] Fixed an issue where im_pcap did not log the DNS query's answer
- [4749] Fixed integer parsing issue where integers starting with 0 were misread as octal
- [4844] Fixed an issue in om_azure where random characters were appearing at the end of the log lines in the error message
5.7.7898 (20 January 2023)
- [3746] Fixed an issue whereby NXLog stops sending logs if a network input module receives invalid data
- [4918] Added input and output modules to send and receive data from google cloud
- [3716] Support structured events in om_chronicle
- [4646] Fixed high CPU usage when connection lost to Redis server.
- [4477] Fixed a segmentation fault in im_linuxaudit triggered by the -S option in Rules without value
- [1671] Added kerberos support to im_wseventing module on Windows
- [4693] Support chronicle module on MacOS
- [4597] Fixed drop() function in im_maces module
- [4360] om_chronicle now use the standard reconnect directive
- [4138] Added input and output modules for Amazon S3 services based on the NXLog Amazon S3 addon
- [4469] Improved the match behaviour in case of non-quoted string values in xm_kvp
- [3718] Added an input module for Microsoft 365 services based on the NXLog Microsoft Azure addon
- [4277] Fixed incorrect time format and type in EventTime in the xm_sap module
- [4598] Added nxlog user to the admin group on macOs
- [4538] Fixed a segmentation fault caused by big amount of malformed data when processed by json input type
- [3056] Added input and output modules for Google Logging API based on the NXLog Google Logging API addon
- [4661] Fixed om_ssl could not work when remote server does not require client certificate
- [4291] Fixed an issue in om_http where the system utilize the whole CPU while receiving error code 400
- [4425] Fixed an assertion failed in tcp.c/nx_tcp_cleanup() triggered by a DATA_AVAILABLE event is in still the queue after the module stopped
- [2398] Added feature for om_kafka to be able to utilize SASL_OAUTH2
- [4427] Fixed a crash triggered by unmanaged / char in the gzip output file name
- [4133] Fixed a segmentation fault in DNP3 triggered by lack of header pointer checking before CRC validation
- [4642] Fixed memory leak in om_python
- [4226] Fixed an assertion error in im_file.c/im_file_input_get_filepos()
- [4495] Fixed an issue in zmq modules triggered by the swapped REP and REQ SocketType in input and output modules
- [4735] Fixed unknown module name in im_pcap when the network interface is down
- [4374] Improved error handling in om_raijin module
- [3869] Added SavePos directive for im_systemd module
- [4292] Fixed an issue where multiple routes could be configured with the same name, with unpredictable results
- [4227] Fixed a nxlog crash triggered by a buffer overflow in xm_cef module
- [3693] Fixed xm_kvp whitespace handling
- [4471] Additional fixes for memory leak in nx_module_add_poll_event()
- [4318] Message level has changed in extract_xml to Debug from Warning
- [4206] Fixed reconnection problem in om_odbc caused by temporarily unavailable database
- [4090] Added performance optimization to xm_xml module
- [4230] Implemented square brakets notation for JSONpath to support dots in keys
5.6.7727 (15 September 2022)
- [4466] Added support for Amazon Linux 2022
- [4524] DNS parser disabled in im_etw
- [4340] Fixed memory leak on reconnection in the om_http module
- [4271] Added support for Red Hat 9
- [4270] Added support for Ubuntu 22
- [4471] Fixed memory leak in nx_module_add_poll_event()
- [4272] Updated OpenSSL in generic packages to 1.1.1q to address CVE-2020-1971 and CVE-2020-1968
- [4246] Fixed a memory leak in the im_etw module triggered by DNS parsing
- [3377] Added basic authentication support to HTTP modules
- [4209] Prevent memory leak when calling OpenSSL 1.0.x libraries
- [4378] Fixed memory leak issue in im_msvistalog triggered by events which are larger than 42KB
- [4265] Fixed NXLog crash triggered by an API bug in Windows 11 and Windows server 2022
- [4295] Fixed HTTP content max size calculation in om_http module
- [4220] Possible DoS attack prevention regarding to CVE-2022-24795
- [3598] Fixed corrupted output files issue when using the CacheSize parameter in the om_file module
- [4262] Fixed crash in parse_json() when JSON key length is more than 499 characters
- [4160] Fixed input modules hanging when log files are deleted
- [4208] Security patch applied to resolve CVE-2017-16516
- [4026] Discard remaining TCP input buffer in the im_http module when connection is intentionally closed due to parsing errors
- [3903] Fixed unexpected error message when calling the uid_to_name function on unresolve SIDs
- [4152] Added DataTimeout parameter to xm_admin
- [4231] Fixed potential loss of unsent data after NXLog is restarted in persistent queue mode
- [3774] Added an optional parameter controlling file encoding to getFile requests in xm_admin
- [4221] Fixed agent crash when reading audit logs with xm_sap
- [4207] Fixed issue with im_udp not starting if the OS is using the port
- [3238] Implemented symmetric encryption of event fields in the xm_crypto module
- [3860] Prevent data loss in Google Chronicle
- [3777] Fixed im_odbc module stalling issue triggered by a deadlock error from the database
- [4180] Fixed a memory leak in xm_netflow
- [4158] Fixed buffer overflow issue in record-serialize.c/nx_record_to_membuf()
- [3779] More readable error messages in Rust modules
- [4170] Improved im_pcap stability to avoid application hangs
- [3656] Fixed an issue in the om_odbc module triggered by the Sql and Exec directive execution order
- [3934] Improved fix for TLS handshake issue when NXLog is connecting to itself
- [4134] Fixed high CPU usage and NXLog hang issues when using UTF-32 on a file with UTF-8 encoding
- [4123] Fixed an assertion error in readerfuncs.c/nx_module_input_func_binaryreader()
- [4131] Fixed an assertion error in xm_charconv_funcproc_cb.c/nx_expr_proc__convert_fields()
- [4069] Fixed issue with the multiple om_chronicle instances
- [4135] Fixed incorrect format string in 'throw_msg()'
- [4081] Prevent memory leak on NXLog shutdown if systemd journal is not available
- [2307] Support the new librdkafka high-level KafkaConsumer API in im_kafka
- [4121] Fixed arguments checkup in xm_xml
- [3952] Fixed memory leak in event.c
- [3878] Fixed AVG calculation in statistical counters
- [3907] Fixed memory leak caused by leaking ModuleContext
- [3596] Improved SSL client behavior in HTTP modules
- [3962] Fixed an incompatibility with the ElasticSearch indextype_doc not supported from versions 8.x
5.5.7535 (29 April 2022)
- [3934] Fixed TLS handshake issue when NXLog is connecting to itself
- [3660] Documentation is now bundled as a multi-page HTML document
- [3678] om_raijin now treats URLs ending with or without / the same
- [3754] Fixed an assertion triggered by xm_admin in str.c/_nx_string_create()
- [3539] Fixed an assertion error in logqueue.c/nx_logqueue_peek()
- [3360] Added Google Chronicle unstructured logging output module
- [3830] Fixed a TCP socket descriptor leak
- [3344] Implemented extract_xml() in xm_xml and extract_json() in xm_json
- [3676] Fixed a logic error causing configcache.dat not being created until the first clean shutdown of NXLog
- [3855] Fixed reconnect throttle during failover
- [3696] Fixed a segmentation fault in om_exec occasionally triggered when the executed script exits with an error
- [3500] Implemented saved positions in im_azure
- [3821] Fixed issue where im_azure caused high CPU usage when an invalid SharedKey is used
- [3449] Added capturing of the resolved address from DNS analytical logs
- [3559] Added im_etw Session directive
- [3346] Fixed issue in macOS where traceId parsing was causing a 64bit int overflow
- [3264] Updated the im_http module to negotiate Accept-Encoding header
- [3741] Fixed issue where flow control is activated when it is set to FALSE
- [3549] im_azure Blob and Table modes updated to use dynamic field mapping
- [3729] Fixed im_maculs segmentation fault when encountering an unknown data object type
- [3516] Fixed im_systemd to add the NXLog user to the systemd-journal group
- [3616] Fixed issue with excessive logging for NetFlow v9 traffic
- [3722] Added support for IEC61850 event and message filtering
- [2801] Added python modules to the Windows package
- [3727] Fixed an issue in im_wseventing with Kerberos auth on Linux/Docker
- [3739] Fixed error reporting in xm_admin in case of "ServerRestart" failure
- [3663] Fixed a typo in the default managed.conf
- [3708] Fixed a false "Malformed logqueue metadata" error message when PersistLogqueue is set to TRUE
- [3669] Fixed an assertion error in om_elasticsearch when dynamic ID directive is used
- [3651] Fixed issue with agent unable to load some patterns sent from Manager
- [3460] Added Support for multiple TCP connections per module
- [3535] Fixed runaway CPU usage in network output modules on Windows when name resolution fails during connection setup
- [3327] Added CAThumbprint directive to om_kafka on Windows
- [2725] Fixed xm_admin/SOAP error message when ModuleStop, ModuleStart, and ModuleRestart calls fail
- [3619] Fixed xm_kvp setting some fields to null when KVPDelimiter is set to ' '
- [3028] Improved the performance of HTTP modules
- [3645] Improved xm_sap fields
- [3638] Fixed im_systemd to save position regularly, to prevent event duplication after an agent crash
- [3644] Fixed memory leak in xm_ruby-libnxruby
- [1595] Updated the macOS GUI installer
- [3561] Fixed assertion error when xm_rewrite drops a record and deletes fields
- [2429] Added xm_sap for parsing SAP audit logs
- [3637] Fixed a potential memory corruption in xm_json when the key length exceeds 500 bytes
- [3576] Fixed a crash in xm_json when parsing specific Windows events and Unflatten is TRUE
- [1775] Implemented field substitution in regular expressions
- [3622] Fixed im_exec not reading script output
- [3606] Fixed a memory leak in im_linuxaudit
- [3636] Fixed an issue in the im_etw module, assertion failing after setting kernelflags
- [3542] Fixed im_linuxaudit failing on ARM
- [2048] Fixed a rare hang in om_tcp caused by a race condition
- [3583] Implemented "AbortOnDoubleSigterm" directive
- [3618] Fixed an issue with im_etw not collecting events from some providers
- [2223] Added support for multiple Provider directives to im_etw
- [2969] Added im_pcap performance improvements
- [3109] Added support for writing a JSON array consisting of multiple events to a file in om_file
- [3609] Fixed an issue in the im_etw module where setting “MatchAllKeyword” and “MatchAnyKeyword” had no effect
- [3489] Updated the Kafka modules to use the librdkafka recommended broker configuration method
- [3621] Fixed an issue where xm_nps fails to parse a record when it contains the MS-RAS-Client-Version field
- [3378] Improved xm_python error message when it fails to open the script file
- [3573] Fixed an issue in xm_json where InputType failed to set $raw_event
- [3599] Fixed segmentation fault when BufferSize is 0 or 1
- [2433] Added feature to report detailed NXLog build information
- [3340] Added feature for NXLog to search the entire Windows certificate store during certificate verification
- [3589] Fixed assertion error in om_zmq.c/_om_zmq_message_alloc()
- [3534] Added copy-truncate rotation strategy to file_cycle()
- [3554] Fixed pm_blocker assertion failure in module.c/nx_module_progress_batch()
- [3268] Fixed an issue with incorrect dropped event count reported via xm_admin for im_internal
- [3509] Fixed SNI related certificate verification failure in im_azure
- [3346] Fixed 64-bit int overflow in xm_json caused by the traceId field on macOS
- [1973] Fixed infinite loop when the "include" directive includes itself recursively
- [1593] Modified im_etw to resolve and display the Channel name using the ID
- [3536] Added support in im_maces for proc_check, pty_grant, pty_close
- [3507] Fixed runaway reconnection when server certificate verification fails with im_azure
- [3503] Fixed exec_async() error causing a file handle leak
- [3322] Fixed om_azure 403:Forbidden failures
- [3061] Improved the performance of im_maculs
- [3395] Added support for the field Level in im_imvistalog and im_etw
- [3389] Fixed memory leaks in im_pcap
- [3422] Implemented failed_over() function for detecting if the module's primary destination failed
- [3352] Fixed a memory leak in nx_record_set_field_value after throwing an exception
5.4.7313 (2 September 2021)
- [3525] Added support for Debian 11
- [3532] Updated OpenSSL to 1.1.1l in generic packages to address CVE-2021-3712 and CVE-2021-3711
- [3544] Patched libapr in generic packages to address CVE-2021-35940
- [3206] Added support for resolving additional fields in im_maculs
- [3537] Changed OS name on macOS systems to "macOS"
- [3224] Implemented JSON array parsing in im_http
- [3503] Fixed assertion failure reported in pm_norepeat
- [3495] Fixed overly noisy warning in putFile logging on Windows
- [3475] Added NXLog version dependency to module packages - DEB
- [3177] Added NXLog version dependency to module packages - RPM
- [2561] Fixed unnecessary ListenAddress logging
- [3492] Fixed runaway reconnection when the output hostname cannot be resolvabled
- [3504] Fixed a crash in im_azure triggered by a missing CA certificate file used in the configuration
- [53] Implemented support for automatically reopening externally rotated output files in om_file
- [3255] Added support for Azure Log Analytics workspaces in im_azure
- [3228] Added support for Apple Endpoint Security framework in im_maces
- [3453] Improved error message in im_ssl when the peer does not return a certificate
- [3430] Added support for NetFlow Enterprise fields
- [2297] Implemented InputType for xm_json
- [2824] Improved include_stdout error handling
- [3463] Fixed multiple parsing errors in the DNP3 dissector
- [3057] Fixed faulty reconnect timer tracking in om_udp
- [3191] Fixed im_fim to handle corrupted key value store files gracefully
- [3174] Fixed xm_admin to track reconnection timeouts per IP address
- [3330] Fixed a hang in xm_admin when getLog pulls a file over StringLimit
- [3384] Fixed an assertion error in im_file when the input file is truncated
- [3259] Fixed xm_admin to handle moduleStop calls to itself
- [2215] Added support for multiple Channel directives in im_msvistalog
- [3278] Added Reconnect directive to xm_admin
- [3320] Fixed an error causing om_http to fail if Binary mode and compression are both enabled
- [2944] Modified the priority of scheduled events to correct behavior on module start
- [3365] Modified field name restrictions to allow '@'
- [3051] Added support for parsing the URL of incoming POST requests in im_http
- [787] Added support for HTTP PUT to om_http
- [3335] Fixed SSL cipher negotiation issue on SLES12-SP5
- [3379] Fixed EvtRender failed error in im_msvistalog
- [2730] Fixed file_cycle() on UNC paths
- [2465] Added OnError directive for customized HTTP error handling
- [3139] Added NegativeCacheExpiry directive to xm_resolver
- [3138] Fixed regex escaping in replacement strings
- [3107] Modified the syslog parser to use int data type for pid
- [3192] Added OS logging to startup log entry
- [3015] Added a new directive DirectoryReadingOrder to im_file
- [3290] Fixed a memory leak in im_linuxaudit
- [1593] Added Channel name resolution using ID to im_etw
- [2755] Unified file-related directive parsing
- [2516] Added automatic configuration recovery option to xm_admin
- [2452] Improved error message for name resolution errors on Windows
- [3193] Modified im_pcap to restart after an interface error
- [3440] Fixed anchor parsing in im_http
- [3372] Fixed segmentation fault in librdkafka
- [3373] Fixed overly narrow implementation of the AllowUntrusted directive
- [3331] Fixed an error in xm_admin causing getLog to hang when a size is not specified
- [3416] Fixed im_exec to capture STDERR of the external command
- [3203] Improved om_elasticsearch _bulk API error handling
- [3339] Improved SSL error message "SSL must be configured"
- [3412] Fixed assertion error in im_msvistalog line 1648
- [3303] Added support for API version 2015-02-21 to im_azure to fix HTTP error 409
- [2281] Added warning for '\ ' at end of line
- [3426] Fixed incorrect pointer type for JAVAHOME
- [3424] Fixed segmentation fault in xm_perl when the script is not found
- [2936] Fixed a memory leak in im_tcp triggered by high reconnect rates with many connections
- [2850] Added ExcludeSize directive to im_fim
- [dependencies#104] Updated expat, libcap, librdkafka, and pcre2 in generic packages
- [3357] Fixed date formatting in JSON functions
- [3001] Fixed an assertion error when the input/output converter's instance name is missing
- [1292] Support for additional fields (Opcode, Category) in im_etw
- [2978] Added output sanitization to xm_admin's getlog
- [2764] Added UNC path support to im_msvistalog
- [3131] Fixed NetFlow processing errors in xm_netflow
- [3162] Improved error message when an external DLL cannot be loaded on Windows
- [3169] Strip all NXLog modules to save space
- [2647] Updated Windows builds to APR 1.7
- [3129] Fixed im_linuxaudit warnings about additional unknown field types
- [3223] Fixed xm_cef field mapping to better match the standard (end->rt )
- [3301] Fixed a potential SSL-related memory leak
- [3296] Added support for Ubuntu 20 and Red Hat 8 on ARM
- [3274] Fixed panic on unresolvable hostname or non-local address in im_udp
- [3275] Implemented to_snare() function in xm_syslog
- [3205] Fixed missing log generation on opening listen port in im_udp
- [3096] Fixed a potential queue overflow in im_fim and im_regmon
- [3267] Fixed a memory leak in im_linuxaudit
- [3306] Fixed "iconv failed: 84" error in im_wseventing
5.3.6735 (19 May 2021)
- [3334] Fixed an incompatibility warning on macOS Big Sur
- [3337] Fixed high CPU utilization when an SSL connection is reset
- [3322] Fixed an error causing om_azure to generate 403 errors
- [3342] Fixed a memory leak in om_msvistalog when ResolveGUID is enabled
5.3.6720 (15 April 2021)
- [2322] Implemented uid_to_name() and gid_to_name() cache
- [1576] Implemented native ULS logging module im_maculs for macOS
- [2930] Fixed flow control issue triggered by unused processor modules in the configuration
- [1665] Cleaned up pointers used for storing data
- [2781] Implemented support for returning route and extension module information in xm_admin
- [3067] Fixed a crash in xm_admin triggered by connection addresses that cannot be resolved
- [3071] Fixed a crash in xm_resolver
- [2550] Fixed a file corruption issue when compressed streams are used together with file rotation
- [3087] Fixed an assertion error in im_maculs triggered by calling the module_restart() procedure
- [2952] Fixed a memory leak in processor modules caused when NXLog starts with a full logqueue
- [3119] Fixed an assertion error in xm_resolver triggered by im_linuxaudit with ResolveValues set to TRUE
- [3086] Fixed a valgrind reported uninitialized value in im_linuxaudit_connect()
- [2753] Implemented multiple input address support in network input modules
- [2827] Implemented failover support in xm_admin Connect mode
- [2869] Implemented NXLog Binary Protocol over HTTP in im/om_http
- [3098] Implemented correct timestamp scaling factor for Apple M1 CPU
- [3137] Fixed a crash triggered by a debug dump happening while NXLog is busy resolving domain names
- [3125] Fixed a bug in im_internal causing runaway CPU usage even when not connected to a route
- [2406] Implemented an IEC-61860 protocol parser in im_pcap
- [3149] Refactored int8_t into portable nx_int8_t because of platform differences
- [2983] Retired and removed UDS socket support from xm_admin
- [3133] Fixed a flow control error in im_systemd
- [2422] All modules and binaries are now stripped
- [3108] Fixed a memory leak in xm_multiline
- [3034] Fixed an assertion error on permission denied in im_file
- [3037] Improved error message about FlushLimit deprecation
- [3023] Fixed error handling for error ORA-12514 in im_odbc
- [2702] Fixed pm_buffer error causing buffer_count() to always return 0
- [3014] Fixed a memory leak in xm_python
- [2955] Fixed an Windows specific im_tcp performance issue
- [3143] Fixed a segmentation fault triggered by a low StringLimit
- [2995] Implemented om_sentinel for sending events to Microsoft Azure Sentinel
- [3153] Fixed a crash in om_raijin and om_elasticsearch triggered by a missing raw_event field
- [3151] Fixed a crash in om_http triggered by a missing raw_event field
- [2673] Implemented pushing executable files in xm_admin
- [3129] Fixed im_linuxaudit warnings about unknown field types
- [3027] Fixed a file descriptor leak in im_maculs
- [3045] Fixed an error in xm_admin resulting in a missing response body when parameter parsing fails
- [3075] Implemented TCP connection statistics in xm_admin
- [3136] Fixed "zlib compression error(0)" in om_batchcompress with certain BufferSize values
- [2925] Implemented logging of response data on HTTP errors in om_elasticsearch
- [3180] Implemented route and extension information in xm_admin's serverinfo response
- [3195] Fixed an error where the SSL session was not started after TCP connection setup
- [2986] Implemented reconnect() procedure in the network output modules
- [3199] Fixed "no space left on device" error when opening a socket on Windows
- [3220] Implemented support for multiple listen addresses in the network modules
- [3141] Changed im_redis to accept a quoted string for the Key directive
- [3235] Fixed date handling issues on Red Hat 8
- [2667] Implemented multi-record JSON array output in om_http
- [3217] Fixed an om_sentinel memory leak with the Proxy directive
- [3080] Fixed multiple unkown data type errors in im_maculs
- [3237] Fixed an assertion error caused by a large getlog call in xm_admin
- [3252] Fixed incorrect escaping in om_raijin
- [3232] Fixed a memory leak in xm_json
- [3240] Changed Red Hat RPM to depend on a specific Red Hat version
- [2911] Changed the macOS package names to include CPU architecture
- [1341] Enabled direct upgrade from NXLog CE and trial packages
- [3256] Set production name om_azure for the new Microsoft Azure Sentinel output module
- [3276] Fixed an assertion error in xm_admin related to UDP module statistics
- [1857] Implemented compression mode for HTTP input and output modules
- [3262] Fixed a crash in im_wseventing
- [3269] Fixed an im_udp regression that broke xm_netflow
5.2.6388 (18 December 2020)
- [1576] Implemented im_maculs for collecting logs from Apple's Unified Logging System
- [2866] Added collection of librdkafka performance data to im_kafka and om_kafka
- [1858] Added a common HTTP layer to NXLog
- [2990] Restored the SNI directive in om_http
- [2721] Fixed bad sockaddr error in im_linuxaudit
- [2895] Added missing hostname field to im_linuxaudit records
- [2898] Fixed an error in im_http causing it to send invalid Content-Length
- [MR2454] Fixed an error in im_azure's chunked encoding parser
- [2915] Fixed a memory leak in local queue de/serialization reported by Valgrind
- [2956] Fixed an error causing Kerberos authentication issues in im_wseventing
- [2939] Fixed a bug manifesting as an SSL handshake error in im_azure
- [2931] Fixed a request format error in om_elasticsearch
- [2943] Fixed an infinite read loop in im_msvistalog when reading ETL files
- [2750] Added charset to the content-type header in om_raijin
- [2777] Removed accidentally packaged perl528.dll from the Windows packages to restore xm_perl functionality
- [2896] Fixed a segfault in the BACNET decoder
- [2408] Implemented S7 protocol support in im_pcap
- [2916] Fixed multiple crashes in im_pcap
- [2579] Unified ownership and permission handling in pipe, file, and UDS outputs
- [2860] Fixed a segfault in im_linuxaudit triggered when loading the module with no rules
- [2783] Fixed a memory leak in om_batchcompress
- [2880] Fixed a deserialization error in im_raijin
- [2864] Optimized pool handling in the NXLog core
- [2374] Implemented IEC104 dissector in im_pcap
- [2826] Implemented LLDP dissector for the PROFINET protocol in im_pcap
- [2878] Added deprecation warning for the FlushLimit and FlushInterval directives
- [2861] Fixed an issue in om_raijin causing it to stop after 1 request
- [2883] Increased the thread stack size on AIX
- [2856] Fixed an SSL-related crash in im_batchcompress
- [2439] Implemented functions for logging librdkafka performance statistics
- [2838] Implemented additional parsing for PROFINET RTC-PDU
- [2620] Fixed a Unicode escaping issue in common JSON handling code
- [2848] Fixed a segmentation fault in uuid.c
- [2723] Fixed an error causing reload through xm_admin to fail if im_wseventing is in use
- [1619] Cleaned unnecessary RPATH from Linux generic packages
- [1327] Fixed various Valgrind error reports
- [2498] Refactored the raw event format in im_msvistalog
- [2789] Implemented additional parsing for PROFINET RTA-PDU and UDP-RTA-PDU
- [2499] Refactored the raw event format in im_odbc
- [2492] Refactored the raw event format in im_etw
- [2503] Refactored the raw event format in im_winperfcount
- [2497] Refactored the raw event format in im_mseventlog
- [2501] Refactored the raw event format in im_regmon
- [2494] Refactored the raw event format in im_kafka
- [2487] Refactored the raw event format in im_acct
- [2813] Added missing content-length header to xm_admin HTTP responses
- [2379] Fixed incorrect use of SSL_shutdown()
- [2242] Fixed stalling connections in im_ssl
- [2815] Fixed a performance issue in im_regmon
- [1858] Refactoring to use common HTTP layer
- [2372] Implemented PROFINET SCADA protocol in im_pcap
- [2715] Fixed an error causing im_odbc to lose position after a restart
- [2790] Fixed BOOL output for change-of-state events in the BACNET parser
- [2733] Refactored parts of xm_asl
- [2659] Implemented additional data link types in im_pcap
5.1.6133 (17 September 2020)
- [2599] Added im_pcap to the Windows packages
- [2720] Fixed an issue that cause the agent to remain running after it's uninstalled on Red Hat
- [2728] Changed the default configuration to enable NXLog Manager integration
- [2372] Added BACNET decoder to im_pcap
- [382] Included patterndb.xsd to the NXLog packages
- [2580] Unified the default NXLog service state across the different Linux packages
- [2688] Added parsing of response data to om_raijin
- [2556] Fixed a segmentation fault in xm_asl
- [1770] Improved handling of nested quotes in xm_kvp
- [2535] Fixed an issue with im_etw not populating the hostname field
- [2294] Enabled dpkg package signing
- [2740] Fixed a memory leak in nxlog_set_capabilities
- [2319] Fixed an error where binding to 0.0.0.0 was causing NXLog to listen on [::]
- [1878] Fixed the Python modules to set PYTHONPATH correctly
- [2493] Unified the raw event format in im_fim
- [2495] Unified the raw event format in im_linuxaudit
- [2376] Resurrected lost WSDL file for the xm_admin module
- [2629] Fixed an assertion error when restarting with a full pm_buffer queue
- [1989] Fixed a memory leak in xm_go and im_go
- [2500] Unified the raw event format in im_pcap
- [2502] Unified the raw event format in im_systemd
- [2407] Implemented DNP3 protocol parser in im_pcap
- [2496] Unified the raw event format in im_mark
- [2505] Unified the raw event format in xm_netflow
- [2321] Fixed an error in xm_exec causing a 20s delay in shutdown
- [2504] Unified the raw event format in im_aixaudit
- [2491] Unified the raw event format in im_dbi
- [2628] Implemented JSON format for storing complex Modbus responses
- [2588] Fixed an error causing the output to be truncated when operating on large input files
- [2528] Updated the Redis modules to use common TCP code
- [2364] Implemented new Capabilities global directive
- [2593] Fixed an error causing bogus warnings about CacheFlushInterval
- [2506] Unified the raw event format in xm_snmp
- [2490] Unified the raw event format in im_bsm
- [2093] Updated the Python modules to work with python 3.x
- [2596] Improved im_odbc resilience in case of database deadlock errors
- [2438] Modified im_exec to capture the STDERR of the executed process
- [2486] Unified the raw event format in im_internal
- [2511] Fixed an error in im_wseventing causing a failure to collect forwarded events with EventID 4662
- [2274] Implemented common functions for handling raw event formatting
- [2569] Made the DBName and DBTable directives of om_raijin mandatory
- [2597] Fixed an assertion error in im_msvistalog when ResolveSID is enabled
- [2587] Fixed a segmentation fault in im_batchcompress
- [2533] Fixed an error leading to event loss when nxlog-processor was sending data over a network output
- [2405] Implemented logic for im_pcap to automatically detect the default interface
- [2613] Added missing Content-Length to im_http responses
- [2397] Fixed lax permissions set by the Windows installer when installed in a non-default location
- [2409] Fixed a memory leak im in_zmq
- [2560] Cleanups in xm_admin
- [2576] Improved string escaping in om_raijin
- [1892] Synchronized librdkafka's "queue.buffering.max.messages" with our LogqueueSize directive
- [2573] Fixed missing xm_soapadmin -> xm_admin link in the AIX package
- [2388] Fixed an error causing delayed scheduled event processing
- [2568] Fixed packaging scripts on Solaris to cleanly stop NXLog on uninstall
- [2571] Fixed a bogus error message when an include is pointing to a missing directory
- [2454] Added handling of double quotes to the LogFile global directive
- [2456] Fixed high CPU usage when a network destination is unavailable
- [2391] Unified spelling of the EventID field in im_etw and im_msvistalog
- [2582] Fixed an error causing a stopped im_odbc module instance to keep the SQLite database file open
- [2372] Implemented PROFINET protocol parser in im_pcap
5.0.5874 (23 June 2020)
- [2575] Updated the Windows installer to properly migrate configuration files on upgrade
- [340] Fixed an error causing statistical counters to show undef before the end of the first interval
- [2430] Fixed an error in im_wseventing causing repeated TLS handshakes
- [2137] Unified network modules configuration syntax
- [2544] Implemented file rotation on open for xm_zlib
- [2453] Fixed an error where getfile() failed when xm_admin was loaded via an xm_soapadmin symlink
- [2514] Added a redirection for changed configuration file names to xm_admin
- [2537] Fixed *m_pipe pipe permission issues
- [2441] Updated librdkafka dependency to 1.4.2 in generic packages
- [2371] Added Modbus protocol parser to im_pcap
- [849] Added functionality to chain multiple types in OutputType or InputType directives
- [591] Implemented file_hash() in xm_fileop
- [2381] Fixed a segfault on shutdown
- [1566] Added support for TLSv3
- [2419] Fixed an issue limiting om_kafka performance
- [2375] Fixed im_pcap to handle capturing multiple protocols properly
- [2156] Added detection and handling of infinite recursion in xm_rewrite
- [2403] Added creation of registry entries on first start on Windows Nano
- [477] Re-added Reconnect and ReconnectInterval directives
- [2387] Fixed an error causing NXLog failing to stop on Windows
- [2421] Fixed handling of paths beginning with \ in the LogFile directive on Windows
- [2402] Re-added LogConnections directive to im_wseventing
- [2415] Fixed an im_ssl segmentation fault on Windows
- [2404] Added parsing for quoted string values in im_pcap's Filter directive
- [630] Implemented encryption and decryption support in xm_crypto
- [19] Implemented compression and decompression module xm_zlib
- [2284] Fixed an issue in im_msvistalog causing the EventData/ContextInfo field to be ignored
- [2323] Improved parsing of double quoted strings in im_linuxaudit
- [2384] Fixed null characters showing up in the internal log during high load
- [2067] Moved log4ensics.conf to managed.conf
- [2044] Refactored SSL/TLS common code
- [2299] Implemented the ReusePort directive for im_tcp and im_udp
- [2354] Implemented the is_scanning() function in im_fim
- [2385] Implemented parsing of quoted values in the PatternFile directive
- [2359] Fixed incorrect EventTime field in im_pcap
- [2365] Fixed incorrect escape sequence error in om_raijin
- [2378] Fixed a runtime fault during loading xm_leef on Windows 2016 Datacenter
- [2320] Fixed an assertion error at line 797 in syslog.c/logdata_linebreaks_replace() of xm_syslog
- [2358] Implemented capability handling in im_pcap
- [2370] Fixed an assertion error at line 68 in coremodule.c/nx_coremodule_dropped_records_log()
- [2343] Updated networking code to support the new libapr function apr_sockaddr_info_copy()
- [2362] Fixed an issue where parse_syslog() was adding a bogus EventTime field to invalid events
- [2352] Fixed an error causing im_pcap to return an empty raw_event field
- [2221] Fixed excessive CPU usage issue in om_http
- [1141] Migrated xm_soapadmin to xm_admin
- [1704] Fixed a bogus warning about thread count
- [865] Added logging for dropped events when flow control is false
- [2349] Fixed a crash in the TCP and UDP modules
- [2001] Added reporting of max queue size to xm_admin
- [1470] Fixed a segfault in Java modules caused by trying to add a non-existent file to ClassPath
- [2326] Implemented increasing reconnect delay in xm_admin
- [2342] Fixed an error causing the configuration parser to refuse / as a path separator on Windows
- [1827] Added logging of IP address in addition to DNS names to the network modules
- [2327] Fixed an error causing im_tcp to refuse the IPv6 any host address "::"
- [2300] Fixed an error in om_tcp causing constant repeated reconnects
- [2078] Fixed a memory leak in failover code
- [2256] Changed networking modules to log the client address in error messages
- [1194] Changed default configuration to include the etc/nxlog.d as configuration directory
- [2276] Fixed an error causing the configuration parser to ignore empty lines when calculating the position in config files
- [2257] Unified nxlog_exit() in main-unix.c and main-win32.c
- [1875] Implemented ID resolution in im_linuxaudit
- [1521] Refactored the network stack
- [2145] Fixed a LocalPort directive parsing error when combined with the Host destination:port format in om_batchcompress
- [2230] Fixed an error causing the first execution of a Schedule block to occur 4:25m runtime and showing 0 counter value
- [1903] Removed support for kafka modules on AIX as librdkafka lost upstream support on that platform
- [2263] Fixed an error causing configuration validation to throw an error instead of a warning when no routes are defined
- [2130] Fixed a potential stack corruption issue in nx_module_pollset_poll
- [2245] Fix an error causing an empty raw_message field in im_bsm
- [1703] Disabled the Python modules on AIX
- [2110] Refactored the per TCP connection pool usage in modules
- [2233] Fixed an error causing panic on shutdown
- [2205] Fixed an error in im_msvistalog causing "[error code: 0] no error" being reported
- [1992] Updated the SNMP library in xm_snmp
- [2043] Refactored connect/reconnect code
- [774] Fixed escaping of Windows paths
- [1913] Renamed nx_logdata_t to nx_record_t to align with the move to internal batch processing
- [1957] Fixed a segmentation fault in xm_admin triggered by an expired server certificate
- [2248] Implemented support for per URI path batching in om_http
- [2239] Fixed an error regarding snappy compression not being available in Windows packages
- [2244] Implemented multi-line batch mode in om_http and im_http
- [1999] Fixed a memory leak in pm_norepeat
- [1528] Refactored NetFlow code
- [2142] Fixed an error in parse_syslog causing the Hostname and EventTime fields to remain empty when the hostname contains numbers
- [1297] FlowControl now drops the oldest record first
- [2174] Fixed an error causing messages to be logged with the wrong context when SuppressRepeatingLogs is TRUE
- [1286] Fixed an error where ASCII NULL characters showed up in nxlog.log when SuppressRepeatingLogs is TRUE
- [2237] Disabled the im_pcap module on FreeBSD
- [2092] Fixed a memory leak in om_http
- [2187] Fixed a parsing error in im_bsm producing empty event records
- [1308] Added support for all uppercase module names like IM_NULL in addition to the literal name im_null
- [2186] Fixed im_aixaudit hanging
- [354] Fixed an error where a \ at the end of a comment line turned the next line into a comment
- [2083] Fixed a memory leak in nx_module_stop_self()
- [2146] Fixed an error causing LocalPort to become ineffective in om_udpspoof
- [2155] Added an error message when LocalPort is used in Listen mode for om_tcp
- [1923] Implemented retry logic with backoff for apr_file_open() errors in im_kernel variants
- [2139] Cleaned up leftover reconnect code in om_http
- [1987] Fixed a memory leak in xm_filelist
- [1985] Fixed a memory leak in xm_asl
- [2149] Fixed various inconsistencies in the implementation of the FlowControl directive
- [2168] Fixed an error in the xm_leef LEEFHeader directive causing processing to stop
- [1469] Added support for Redis pub/sub communication
- [2075] Added support for read-only system volumes to the macOS installer
- [1657] Added support for retrieving certificates from the Windows certificate store using the thumbprint
- [1917] Fixed an error causing the Windows executable to refuse config check (-c) without running in the foreground (-f)
- [2108] Fixed an error causing add_http_header() to fail after xm_rewrite call
- [2080] Fixed a memory leak in the config cache code
- [1207] Fixed consistency problems when handling duplicate audit rules in im_linuxaudit
- [1506] Added an internal queue for im_internal
- [1933] Implemented a common parser function for SSL configuration options
- [2129] Fixed an error causing the NXLog configuration check to accept configuration with only an output module
- [2106] Fixed a segmentation fault in nxlog_version()
- [2134] Fixed an error causing im_odbc to lose the last read position in a table
- [1994] Fixed an SSL-related memory leak in im_http
- [2081] Fixed a memory leak in xm_kvp
- [1988] Fixed a memory leak in xm_fileop
- [2066] Added field prefix support to parse_kvp() of the xm_kvp module to avoid field name collisions
- [2125] Fixed an error in om_udp causing high CPU usage
- [2090] Fixed a segmentation fault in the escape_json() function
- [2084] Fixed an error causing om_udp failover not to kick in despite the port being unreachable
- [2085] Fixed an error causing om_http to fail with an empty path (e.g., "URL http://server:8080")
- [2068] Fixed an error preventing NXLog from starting in Docker if im_internal is used
- [1909] Fixed NXLog startup to ensure event processing does not start before all modules are initialized
- [2086] Fixed a memory leak in im_ssl with low open file limit
- [2076] Fixed an error in xm_leef resulting in sporadic parsing issues under high event load
- [1975] Fixed a debug log parsing error in xm_msdns
- [2000] Fixed memory leaks reported by Valgrind in pm_pattern
- [1990] Fixed memory leaks reported by Valgrind in xm_pattern
- [1955] Fixed an issue causing nxlog.log to be removed but not recreated on rotation
- [2037] Fixed an issue where NULL characters truncated the response to getLog, getFile, or serverInfo requests
- [28] Added TCPNoDelay directive to om_ssl and om_tcp
- [2025] Added ReadTimeout for nxlog-processor to exit the process when its inputs have no more data
- [2046] Fixed inconsistencies in xm_leef leading to parsing errors when the delimiter is not a TAB
- [1986] Fixed a memory leak reported by Valgrind in xm_charconv
- [2056] Fixed a bug causing crashes in nxlog-processor when ActiveFiles > 1300 and LogLevel is debug
- [1997] Fixed a memory leak reported by Valgrind in pm_evcorr
- [1597] Fixed various thread safety issues discovered by Valgrind
- [2040] Modified the default value of IncludeHiddenFields to TRUE in all applicable extension modules
- [2013] Fixed an error causing slow TLS negotiation in im_batchcompress
- [1641] Fixed an error causing paused modules to reject connection attempts
- [987] Deprecated obsolete im_wmi module
- [1650] Deprecated experimental xm_stdinpw module
- [2008] Fixed uninitialized bytes error reported by Valgrind
- [2027] Fixed an error mapping the "$SeverityValue" field to "sev" in the xm_leef to_leef() function/procedure
- [2009] Fixed an error preventing failover in case of name resolution errors
- [2038] Added support for Amazon Linux on ARM64
- [2005] Added the ability to detect LEEF events with missing fields in parse_leef()
- [2018] Added the ability to detect LEEF events with missing timestamp or hostname in parse_leef()
- [1761] Added feature to return a value from xm_exec
- [1976] Fixed an error preventing xm_msdns from parsing flag codes from PACKET events
- [1571] Fixed a malformed SSL error log when the PEM file is missing on SLES15
- [1915] Added BatchFlushInterval directive
- [1550] Implemented batch processing architecture
- [2047] Fixed librdkafka compilation error in librdkafka with OpenSSL 1.0.2s on Windows
- [1951] Fixed an issue where "Include nxlog.d/*.conf" was not loading files in alphabetical order
- [2042] Fixed missing separator in xm_leef output
- [2033] Fixed an error causing upgrades from nxsec package to NXLog package to ignore existing agent configuration
- [1949] Added IncludeHiddenFields directive to enable to_json() in xm_json to handle field names starting with . or _
- [1891] Added support for multiple File directives to im_msvistalog
- [1826] Added better support for PersistLogqueue to om_kafka
- [1926] Added support for librdkafka 1.1.0 on Windows
- [1531] Fixed handling for "resource temporarily unavailable" errors thrown by the OS
- [2003] Fixed om_kafka to handle the lack of support for security.protocol in librdkafka 0.8.x
- [1927] Added AddHeader directive to om_elasticsearch for sending additionl HTTP headers such as Authorization
- [1970] Added parse_windows_eventlog_xml() to xm_xml for parsing Window XML EventData
- [2016] Disabled im_pcap on OpenBSD
- [2002] Fixed a segmentation fault in om_elasticsearch caused by the introduction of failover functionality
- [821] Added im_pcap for capturing network traffic
- [1869] NXLog package for RHEL 8
- [1867] Fixed an om_kafka error causing the last queued event to be duplicated on restart
- [1947] NXLog package for Debian 10
- [1788] Added support for kerberos/sasl to om_kafka in Windows and generic packages
- [1930] Fixed an error causing om_http and im_http starting an SSL handshake and waiting indefinitely after connecting
- [1954] Fixed regression causing the NXLog started message to be omitted from im_internal's log
- [1899] Fixed an error causing a segmentation fault in the CTRL-C handler when im_internal is in use
- [1948] Modified xm_cef to validate the CEFSeverity field extension field keys according to current specification
- [1434] Fixed SSL modules to conform to documented SSLProtocol behavior
- [1836] Added command line switch to suppress logging to standard output
- [1894] Added functionality to nx_value_from_string() for detecting int64 overflow and converting data to a string
- [1219] Removed deprecated im_oci and om_oci modules
- [1896] Refactored widetoutf8() from individual modules to the common core
- [1907] Added separate packaging of Java modules to OS-specific packages
- [1882] Added the AllowUntrusted directive to SSL modules to allow connections with expired certificates
- [1928] Fixed use-after-free error in im_msvistalog causing crashes
- [1722] Fixed error in im_dbi that caused the raw_event field to remain empty
- [1921] Fixed a buffer handling error causing im_batchcompress to get stuck in a loop
- [1437] Changed default SSL protocol version value to TLSv1.2 only
- [1925] Fixed xm_cef to follow up the upstream type change of externalID field from integer to string
- [1782] Added functions to selectively resolve SID and GUID values in xm_resolver
- [1633] Added support for the Windows certificate store to all SSL-enabled modules
- [1905] Fixed multiple race conditions in xm_grok
- [586] Added a function get_registryvalue() to the NXLog language for querying registry entries on Windows
- [1872] Fixed a type detection and conversion error in to_json() of xm_json
- [1776] Added the DetectNumericValues directive to xm_kvp to parse numeric values as integers
- [1194] Changed the log4ensics.conf location to conf.d
- [435] Added multipart batch mode to the HTTP modules
- [252] Added failover support for output module
- [1886] Fixed an issue causing NXLog to stop forwarding logs when PersistLogqueue is TRUE
- [1864] Moved JSON-related code into common code
- [1877] Fixed a startup crash in chroot environment
- [1721] Added CreateDir directive to pm_buffer
- [1876] Fixed an error in im_msvistalog causing failed authentication for the NXLog service user
- [1783] Added support for signed binary macOS packages
- [1860] Fixed an error causing a "not enough data to decode serialized binary buffer" message to be printed
- [971] Fixed a logging issue causing xm_soapadmin and xm_admin to log spurious errors and warnings
- [1852] Fixed an error causing an assertion failure when loading invalid Python script
- [1009] Added new om_raijin module for sending data to Raijin, the schemaless database engine
- [1447] Added custom labels to xm_soapadmin and xm_admin to support storing arbitrary strings
- [1848] Removed libnxfilepath
- [1832] Fixed an error in the SpoolDir and CacheDir directive handling that was causing relative paths to fail
- [1809] Fixed an error causing xm_admin to log only sever_info calls in the debug logs
- [1724] Added support for storing resolved SID/GUID values in separate fields to im_msvistalog
- [737] Added support for specifying the LogLevel directive at module-level
- [1553] Improved the startup time with large number of queue files
- [1358] Added INSTALLDIR variable to the default nxlog.conf
- [1871] Fixed an error causing om_kafka to randomly stop polling for new events
- [1845] Fixed a parsing error caused by empty fields in the parse_cef() procedure of xm_cef
- [1803] Added sha1sum, md5sum, sha512sum, base64encode, and base64decode functions to NXLog's internal language
- [1470] Added Java input, output, and extension modules
- [1815] Added support for the Severity string to the parse_cef() procedure of xm_cef
- [1748] Added support for millisecond resolution parsing of the "start" field in xm_cef
- [1269] Fixed an error causing om_kafka to connect even if it is not included in any route
- [775] Added Go input, output, and extension modules
- [1835] Fixed a segmentation fault when Threads is set to 2
- [1847] Fixed several errors in xm_cef
- [1838] Fixed a crash in im_file when accessing a file via a UNC path
- [1830] Fixed a compatibility issue with librdkafka 1.0.0 in om_kafka
- [1829] Fixed a compatibility issue with librdkafka 0.8.3 in om_kafka
- [1807] Fixed a segmentation fault in nx_module_input_func_linereader_clean
- [618] Added support for RenderingInfo element to im_msvistalog
- [1728] Added STATIC_ASSERT() to enable compile-time assertion checks
- [1758] Added Level, MatchAnyKeyword, and MatchAllKeyword directives to im_etw, replacing hardcoded values
- [1213] Added an INFO message to report successful reconnection in om_udp
- [1822] Added support for "Flags" field to im_etw
- [534] Added IPADDR data type, replacing and unifying the IP4ADDR and IP6ADDR data types
- [1819] Fixed an issue where xm_soapadmin gets stuck in an infinite loop
- [1810] Fixed data corruption in parse_cef() when multiple module instances are using it
- [1823] Fixed a memory leak in im_dbi with PostgreSQL
- [1831] Fixed a segmentation fault in om_kafka caused when the process is interrupted with CTRL-C just after startup
- [1789] Fixed an error in im_wseventing where the raw_event field was not populated
- [1798] Fixed an im_internal crash caused by dividing by 0 in an Exec
- [1272] Fixed an om_kafka issue where the module was reading data from the route even when it was not connected to Kafka
- [1755] Fixed error handling in xm_soapadmin where it was not sending a SOAP fault for local configuration issues
- [1744] Added the AllowInvalidCounters directive to im_winperfcount to enable the module to start when invalid counters are referenced
- [1361] Fixed om_kafka printing duplicate error messages for incorrect properties in Options
- [1423] Fixed an om_kafka crash caused by librdkafka 0.9.4
- [1812] Fixed an "unknown publisher" error in signed Windows MSI installers
- [1796] Fixed duplicate debug message in xm_msdns
- [1797] Fixed parsing error of 12:00:00 PM in xm_msdns
- [1591] Fixed multiple issues with event type and severity assignment in im_wseventing
- [1618] Fixed an issue in xm_multiline where the "/s" regex modifier in the HeaderLine directive was causing a syntax error
- [1507] Added module and instance names to internal log entries
- [1764] Added missing LOG::NXLog Perl module to Windows packages
- [1765] Fixed im_bsm parsing issues on macOS
- [1757] Added compression support to OpenSSL on Windows
- [1282] Added logic to pm_buffer to clean up queue files after events have been sent
- [474] Fixed a memory leak in om_elasticsearch
- [1733] Fixed a race condition in configcache triggered by multiple instances of im_msvistalog
- [1762] Fixed a segmentation fault in xm_admin caused by requests to "getlog" with malformed JSON
- [1767] Fixed test failures caused by pcre2 update
- [684] Added im_systemd to collect logs from the systemd journal
- [1253] Added Call directive to *m_perl and *m_python modules
- [1664] Set a default value for SpoolDir on Windows
- [1691] Added support for the "Microsoft-Windows-IIS-FTP" event provider
- [1150] Fixed im_acct to use camel case field names
- [1558] Updated Windows packages to OpenSSL 1.1.1a
- [1740] Added support for dynamic field names to the Windows XML event parser
- [1700] Added CreateDir directive to im_uds
- [1296] Removed deprecated GetProcAddress usage from various modules on Windows
- [203] Added im_pipe and om_pipe modules for reading and writing logs to named pipes on UNIX-like systems
- [314] Updated the Perl version for Windows
- [1730] Added support for parsing second, millisecond, and microsecond resolution timestamps
- [1734] Added support for seconds and milliseconds to datetime()
- [1711] Added strcasestr() for use on platforms where it is not provided
- [1735] Fixed an im_linuxaudit parsing issue causing valid rules failing to load
- [1727] Fixed packaging scripts for generic DEB packages so alternative names of library files will be symlinked
- [1716] Fixed an xm_bsm issue caused by replacing getauevnum() with getauevnum_r() on Solaris
- [1731] Fixed an issue causing delayed event collection in im_msvistalog
- [1668] Added support for TLS compression in SSL-enabled modules
- [1556] Added support for event grouping in pm_evcorr
- [1710] Fixed a hang in file_cycle() during file rotation
- [1718] Fixed Kafka modules disappearing from generic packages
- [1681] Modified im_msvistalog to show the channel name in error messages
- [1690] Fixed subscription errors throwing an ERROR despite TolerateQueryErrors being true
- [636] Refactored xm_syslog's xm_syslog_input_func_rfc5425
- [1699] Fixed a FlowControl directive error
- [645] Added support for parsing UserData and EventData fields in im_msvistalog
- [645] Added support for creating prefixed copies of EventData and UserData fields in im_msvistalog
- [1708] Updated AIX packages to OpenSSL 1.1.x, pcre2
- [1324] Migrated from pcre to pcre2 on Debian, Ubuntu, FreeBSD, OpenBSD, MacOS, and Solaris
- [1590] Fixed broken xm_bsm on macOS 10.14 (Mojave)
- [1393] Added ResolveGUID directive to im_msvistalog
- [1702] Fixed "xm_soapadmin_free_input" error in xm_soapadmin
- [1476] Added support for verbose audit output to xm_aixaudit on AIX
- [1661] Updated SLES12, SLES15, FreeBSD, OpenBSD, MacOS, and Solaris packages for OpenSSL 1.1
- [1669] Fixed a libapr dependency issue in generic RPM packages
- [MR1136] Started using the libssl package instead of libssl1.0 for building DEB packages
- [1688] Fixed an error causing General Protection Failure on shutdown
- [1685] Fixed a memory leak and misuse of log_info() for debug output
- [1644] Fixed a segmentation fault on exit on Windows
- [1683] Fixed a memory leak in im_fim
- [868] Added the ability to pass arguments to functions of the Perl modules
- [1413] Added support for different timestamp formats in xm_msdns
- [1670] Fixed regression where the om_http module did not call om_http_erase_hdrflds on module stop
- [MR1111] Fixed NXLog Manager address handling in Docker containers
- [1665] Refactored pointer usage
- [1645] Fixed encoding error when loading Ruby gems
- [1587] Updated FreeBSD and OpenBSD installers to deploy nxlog.conf instead of nxlog.conf.sample
- [590] Added IPv6 support
- [1260] Fixed an error where Exec after RubyCode would lose events
- [904] Fixed issues found during fuzz testing of various parser functions
- [1420] Changed the handling of the Hostname field to accept an IP address in addition to hostname as a string
- [1258] Fixed RubyCode relative path parsing
- [1254] om_ruby now requires the RubyCode directive
- [1604] Fixed a memory leak in im_file
- [1219] Deprecated *m_oci modules
- [1271] Fixed a crash when running multiple im_perl instances
- [1310] Added support for collecting raw XML in im_msvistalog
- [886] Set the default configuration file location to INSTALLDIR on Windows
- [1396] Fixed an om_python crash caused by a NULL value
- [1371] Fixed xm_charconv assertion errors caused by malformed UTF-16LE files
- [1151] Added support for the Severity and SeverityValue fields to im_acct
- [1257] Disabled invalid methods for Ruby modules
- [1623] Added locking to xm_fileop to prevent a race condition when multiple directives reference the same file
- [1440] Fixed errors in parse_nps() found during fuzz testing
- [1263] Removed unused Module instance from being a required om_ruby argument
- [1428] Fixed errors in parse_leef() found during fuzz testing
- [1441] Fixed errors in parse_xml() and parse_multiline() found during fuzz testing
- [1085] Fixed om_webhdfs timeout and x509
- [606] Added wildcard support for the File directive in im_msvistalog
- [596] im_msvistalog now detects file changes and reopens files when it is set to read from file
- [650] Added support for resolving SID values in the UserData field XML in im_msvistalog
- [666] Added the ability to set "_id" in om_elasticsearch
- [1490] Fixed im_fim so it is not sensitive to case-only filename changes on Windows
- [1505] Added logging of "NXLog started" event in im_internal
- [1466] Fixed xm_bsm errors found while fuzz testing
- [1464] Fixed error handling to prevent NXLog crashing because of a division by zero
- [1452] Suppressed DNS lookup failures in xm_resolver
- [1520] Fixed xm_gelf interoperability with im_file
- [1518] Added proxy support to om_http and om_elasticsearch
- [1535] Cleaned up connection code in the network modules
- [1578] Fixed xm_netflow error "No template definition ... cannot parse v9 packet until template definitions are refreshed"
- [1536] Follow up ProcessID change to ExecutionProcessID in to_syslog()
- [1411] An empty Keep directive in xm_rewrite now throws error
- [1572] Fixed busy loop in im_linuxaudit
- [1532] Fixed a segmentation fault on loading configuration with a partial default route
- [1427] Introduced PatternFile directive and fixed related error handling in xm_grok
- [1569] Fixed om_ruby hanging on exit in Valgrind
- [1586] Set default SpoolDir value
- [1626] Fixed an error where im_wseventing ignored HTTPSCAFile
- [1616] Fixed im_wseventing bookmark handling error
- [1611] Fixed spelling mistakes in log messages
- [1608] Fixed an xm_perl assertion failure
- [1298] Fixed im_wseventing stalling
- [1535] Fixed connection cleanup in *m_batchcompress
- [1541] Fixed an error causing im_batchcompress to not receive a full packet
- [1582] Fixed an issue causing om_elasticsearch to stop forwarding logs after a while
- [1255] Added public call() procedure to xm_python
- [1190] Fixed a hang when im_python calls to xm_python
- [1579] Changed the im_etw Channel string to ChannelId integer
- [1425] im_bsm is now restricted to reading device files
- [1584] Fixed library file location on macOS
- [1552] Fixed failed assertion on exit in im_udp
- [1554] Fixed run user change not working on some operating systems
- [1357] Fixed nx_date_fix_year setting a time in the future
- [1546] Fixed Kerberos authentication handling in im_wseventing
- [1370] Fixed xm_charconv BOM handling
- [1545] Fixed PdhAddEnglishCounterA() failure resulting in xm_soapadmin disconnecting
- [1187] Disabled invalid methods for Python modules
- [1335] Added man pages to Unix/Linux installers
- [1549] Added backup script to Solaris package to ease upgrades
- [1509] Fixed xm_admin crashes in Listen mode
- [1544] Improved exit handling of im_checkpoint to prevent it becoming a zombie
- [1416] Added TCP 2514 as default port for om_batchcompress
Did you like this article?
Please leave review about it
You must be logged in on the NXLog site to submit feedback.
Please Log in and try again.
Please Log in and try again.