Falcon LogScale Collector 1.4.0 GA (2023-5-08)
| Version? | Type? | Release Date? | Config.Changes? |
|---|---|---|---|
| 1.4.0 | GA | 2023-5-08 | no |
Hide file hashes
| File | SHA256 Checksum | Hash File |
|---|---|---|
| linux_amd64.deb | db4ea1ad653c1c1563e9f8729a7383af01c38b739ae7df75ee24a747c57f22cf | |
| linux_amd64.rpm | 260e8106189e924877b5f126ccc63bd651bf9ae40f5d16844cbe715a43a50ffa | |
| linux_arm64.deb | 2278f9b10ed6547cc7814e6a7e26e26912eac8ddebc3739d09190f60a16e4100 | |
| linux_arm64.rpm | d704e464b71b8514912b31d8b8b0db08fc0ff81c7a54a75bdc8d23cdb7e32da7 | |
| windows_amd64.msi | ecbcb5a29e24a39749598419d13d17c3483cf6b1ea0121bea1027667577eac53 |
Bugfix for the Windows event log source, improvements to fleet Management.
Improvements, new features and functionality
Other
Command line arguments
The Log Collector command line interface has been changed to use
--(double dash) for each option. Existing-(single dash) options will be converted in a transition period. A deprecation warning is emitted when options are provided with only a single dash.Checkpointer has been improved
In preparation for future improvements, the checkpoint database has been changed from a JSON file to a binary database format. The existing checkpoints.json file will be automatically imported into the new database. The Log Collector will now write a backwards compatible checkpoints.json file on shutdown, which will not be re-imported.
Fleet Management
Fleet Management Improvements
When enrolling a Log Collector to Fleet management, the enroll process will now stop and start the service during the enrollment process. This behaviour can be omitted by using the flag to the humio-log-collector enroll command.
After a successful enrollment, the Log Collector service will be configured to automatically start after a reboot. This behaviour can be omitted by using the --no-service flag to the humio-log-collector enroll command.
The Log Collector process will now exit if it receives an 401 Unauthorized error code during a Fleet management poll operation. The error code signals that the instance no longer has access to the LogScale cluster and cannot be managed. The service manager will automatically restart the Log Collector after exiting.
When enrolled in Fleet Management, the Log Collector will now collect diagnostics from the sinks and send them to Fleet management. The diagnostics will contain various warning and error states that might occur when sending events to LogScale. The diagnostics is available for viewing in the Fleet management tab in LogScale.
Bug Fixes
Managing Data
Corrected the handling of subscription to more than 64 channels in a single Windows event log source.
The wineventlog source sometimes encountered issues when configured with more than 64 channels in a single Windows event log source (type: wineventlog). In this scenario it would not collect any events, and the following error message was observed: "extNext: The operation identifier is not valid.". .