Falcon LogScale Collector 1.3.1 GA (2023-3-9)
|Version||Type||Release Date||Config. Changes|
Bugfix for the Windows event log source, related to an issue with the event data fields.
Improvements, new features and functionality
The behaviour in cases where the system HTTP proxy detection fails, has been changed.
If no proxy is configured, the collector will attempt to detect and use the system HTTP proxy. Previously if detection failed the collector would stop, for example this sometimes occurred on older versions of Windows.
Now in case of failure a warning will be logged, and the collector will continue without a proxy (corresponding to the configuration: proxy:none).
When installing on Linux the provided service file allowing to run the collector as a systemd service, now defaults to “Restart=always”. This is to ensure that unless the service is stopped, the collector service will always be restarted in case of e.g. a crash.
Usability improvement of the enroll command.
The check for supplied command line arguments is improved and if incorrect/missing arguments are encountered usage is printed.
Corrected UserAgent in HTTP requests for fleet overview and fleet management (Internal improvement).
Corrected handling of event templates version for the Windows event log source (type: wineventlog).
When collecting data from a Windows Event, the collector extracts information from event data and maps the data to named fields in LogScale.
Scenarios where an event has multiple versions of its XML template were not handled correctly, potentially resulting in incorrect values being assigned to field names.