Falcon LogScale Collector 1.5.0 GA (2023-8-23)
| Version? | Type? | Release Date? | Config.Changes? |
|---|---|---|---|
| 1.5.0 | GA | 2023-8-23 | yes |
Hide file hashes
| File | SHA256 Checksum | Hash File |
|---|---|---|
| linux_amd64.deb | f4b26bf994c4664eaf664be5081401f79430ec8f81084859fdc336e23f720e6f | |
| linux_amd64.rpm | 0a4b3881d4f81b6b8c94ea0b594e838fec40cb75bd169dbe8b92cc9dd2aae5e9 | |
| linux_arm64.deb | cff7466e92c04a83a00ab7177097ac0d5a662ada3c4fb23ae1bb3b96a5d3450a | |
| linux_arm64.rpm | c8f29ce878645196ebfa7b9f0a1b0d1578fe8ed7d81de31bfb65f909b7963900 | |
| macOS_universal.pkg | 632d93e28901d3774f23c85a98e565e890bb56b5a2ac112ba8e210df313a4d12 | |
| windows_amd64.msi | f65411d6243b98e6b53c8a6b96d8756423a2cca645c51034d31079a248de7e07 |
The Log Collector now supports macOS and is available as package installer (.pkg).
The Log Collector now reports metrics regarding CPU and memory usage to LogScale Fleet Management.
Improvements, new features and functionality
Collecting Data
The syslog source has been optimized with respect to UDP mode. According to internal performance measurements, the performance has been increased by a factor of 3-4.
The file source has been updated with improved file identity tracking. If multiple files are considered to be identical copies through fingerprinting, only a single copy will be opened.
A new source type syslog_tls has been added. This source type supports receiving encrypted syslog traffic. See Configuration File Examples for more information.
The Log Collector now supports macOS and is available as package installer (.pkg), see Install Falcon LogScale Collector for information.
The installer contains a universal binary which runs natively on both Apple silicon and Intel-based Mac computers. In addition to the source types supported on other platforms, file source etc., a new source type
unifiedloghas been added, see Configuration File Examples. This source type supports shipping unified logs on macOS.If two instances of the Log Collector are attempting to use the same data directory, the error message has been improved.
An example scenario is if the Collector is running as a service and a second instance is started manually from the command line. Previously the error message would be: timeout.
Now the following error message will be issued: "Could not lock the checkpoint database. Maybe another process is using the same data directory? The data directory is set to: my_data_directory_location"
The disk queue has been reimplemented in order to increase performance and resilience.
One consequence of this is that the entire storage space, determined by maxLimitInMB, is allocated when the queue is created. This ensures a deterministic size of the disk queue and prevents scenarios where the configured disk queue size is not available due to missing disk space.
If the configured disk queue size is not available on the configured disk partition, an error will be issued: Could not apply the config error="pipeline: logscale, details: no space left on device"".
Fleet Management
The Log Collector will now send its CPU usage, memory usage and disk usage of the data directory partition to LogScale Fleet Management.
These metrics will be available from within the Fleet Management|Fleet Overview pagein the LogScale user interface and can be used to provide a feedback loop when scaling instances and adjusting configuration settings. See Falcon LogScale Collector Metrics for more information.