Falcon LogScale Collector 1.10.0 GA (2025-08-15)
| Version? | Type? | Release Date? | Config.Changes? |
|---|---|---|---|
| 1.10.0 | GA | 2025-08-15 | no |
Hide file hashes
| File | SHA256 Checksum | Hash File |
|---|---|---|
| linux_amd64.deb | 2ee08be268f4148cb5b865c8a4605f1c81ede2147e6265b593699be6b1ab6cc7 | |
| linux_amd64.rpm | cd913c4e5a205689b15810b6e5cb0f3ce1ca6e11c9e52510770b3a31090d6692 | |
| linux_arm64.deb | 46a13c5986696300560287d741aaf670c09e0a224c82599b42beb813f54cc38d | |
| linux_arm64.rpm | bd98964b21d309c8903204fbee4bf261029ecc3bf550bf274f3966bf156b4407 | |
| macOS_universal.pkg | df2a816468736cc8a9b69b0dc8f143e06d220cbdf6e9cbb4b6742ffb509c70e2 | |
| windows_amd64.msi | 484cae0337d973771c8695c60502c13bdb9c74b93fdae21489d5f7edcf98187d |
| Docker Image | Architecture | SHA256 Checksum | Hash File |
|---|---|---|---|
| logscale-collector:1.10.0 | amd64 | efd590fb06d0e123c283e82401fc7619eef5429be3998a4cd6f34a1ae89c77e8 | |
| logscale-collector:1.10.0 | arm64 | efd590fb06d0e123c283e82401fc7619eef5429be3998a4cd6f34a1ae89c77e8 |
Improvements, new features and functionality
Collecting Data
The internal representation and calculation of batch sizes has been changed to make it more similar to how events are represented in LogScale/NG SIEM. Previously, a batch where all events had identical fields would only report the size of the fields once, now it is reported per event leading to a more correct representation of event sizes. An additional benefit of this change is that the internal batching and queuing system is now independent of the transport protocol used.
Added support for routing syslog messages to multiple destinations using a new internal re-routing architecture. You can now configure different processing rules through transformations for each destination path and route logs based on content patterns using regex filters. For complete implementation details, please refer to the documentation.
The
regex_filtertransform now supports filtering on fields. Previously the transform only supported filtering events using regex patterns applied to the event message.Optimized the way that event batches are created to stay within max batch size limits.
Other
To take advantage of the latest optimizations and security updates the Go version has been updated. Furthermore various security posture hardening improvements have been implemented.
Debugging
Internal log messages have been improved with additional context, as an example messages regarding sink communication now include sink name.
Installation and Deployment
Full Install (on Linux) now supports automatically adding capabilities
CAP_DAC_READ_SEARCHandCAP_NET_BIND_SERVICEto the Log Collector systemd service file. This allows the collector to read system files and bind to port numbers less than 1024.To enable this at installation time use the flag
--enable-capabilities
Bug Fixes
Installation and Deployment
Enhanced the Linux uninstallation process for full installations. Previously, the logscale-collector group remained after uninstallation on certain Linux distributions, which did interfere with subsequent reinstallations. The uninstall script now properly removes both the user and group, ensuring clean reinstallations.
Known Issues
Collecting Data
Environment variable expansion is not supported when using the static_fields transform in this release.