Falcon LogScale Collector 1.10.0 GA (2025-08-15)

Version^?	Type^?	Release Date^?	Config.Changes^?
1.10.0	GA	2025-08-15	no

Hide file hashes

Show file hashes

File	SHA256 Checksum	Hash File
linux_amd64.deb	2ee08be268f4148cb5b865c8a4605f1c81ede2147e6265b593699be6b1ab6cc7
linux_amd64.rpm	cd913c4e5a205689b15810b6e5cb0f3ce1ca6e11c9e52510770b3a31090d6692
linux_arm64.deb	46a13c5986696300560287d741aaf670c09e0a224c82599b42beb813f54cc38d
linux_arm64.rpm	bd98964b21d309c8903204fbee4bf261029ecc3bf550bf274f3966bf156b4407
macOS_universal.pkg	df2a816468736cc8a9b69b0dc8f143e06d220cbdf6e9cbb4b6742ffb509c70e2
windows_amd64.msi	484cae0337d973771c8695c60502c13bdb9c74b93fdae21489d5f7edcf98187d

Docker Image	Architecture	SHA256 Checksum	Hash File
logscale-collector:1.10.0	amd64	efd590fb06d0e123c283e82401fc7619eef5429be3998a4cd6f34a1ae89c77e8
logscale-collector:1.10.0	arm64	efd590fb06d0e123c283e82401fc7619eef5429be3998a4cd6f34a1ae89c77e8

Support for routing syslog messages to multiple destinations and various security fixes.

Improvements, new features and functionality

Collecting Data
- Added support for routing syslog messages to multiple destinations using a new internal re-routing architecture. You can now configure different processing rules through transformations for each destination path, and route logs based on content patterns using regex filters. For complete implementation details, please refer to the documentation.
- The internal representation and calculation of batch sizes has been changed to make it more similar to how events are represented in LogScale/NG SIEM. Previously, a batch where all events had identical fields would only report the size of the fields once, now field sizes are reported per event leading to a more correct representation of event sizes. An additional benefit of this change is that the internal batching and queuing system is now independent of the transport protocol used.
- The regex_filter transform now supports filtering on fields. Previously this transform only supported filtering events using regex patterns applied to the event message.
- Optimized the way that event batches are created to stay within the max batch size limits.
Debugging
- Internal log messages have been improved with additional context. For example, messages regarding sink communication now include the sink name.
Other
- To take advantage of the latest optimizations and security updates, the Go version has been updated. Also, various security posture hardening improvements have been implemented.
Installation and Deployment
- Full Install (on Linux) now supports automatically adding capabilities CAP_DAC_READ_SEARCH and CAP_NET_BIND_SERVICE to the Log Collector systemd service file. This allows the Collector to read system files and bind to port numbers lower than 1024.
  To enable this at installation time use the flag --enable-capabilities.

Bug Fixes

Installation and Deployment
- Enhanced the Linux uninstallation process for full installations. Previously, the logscale-collector group remained in place after uninstallation on certain Linux distributions, which could interfere with subsequent reinstallations. The uninstall script now correctly removes both the user and the group, ensuring clean reinstallations.

Known Issues

Collecting Data
- Environment variable expansion is not supported when using the static_fields transform in this release.

Versions of this Page

Falcon LogScale Collector 1.10.0 GA (2025-08-15)

Enter search term