Falcon LogScale Collector 1.5.2 GA (2023-10-03)
| Version? | Type? | Release Date? | Config.Changes? |
|---|---|---|---|
| 1.5.2 | GA | 2023-10-03 | no |
Hide file hashes
| File | SHA256 Checksum | Hash File |
|---|---|---|
| linux_amd64.deb | b0d8b02647f01ec575717d50a2deda10edb007cfd3f889cd815ee6b593ddcac7 | |
| linux_amd64.rpm | 399229099288bf11e6282e997eb972199d707be2b4475745828b9a1419a5eeac | |
| linux_arm64.deb | 31f4346234eea88a93eaeae98f922a810efed1173a33294381a210b8cc5b5c6f | |
| linux_arm64.rpm | b2b737649caad3fd5ffc678d0576a0fe35193ce8b069f963c075167b828534b9 | |
| macOS_universal.pkg | 72c7953f7865bb73bf85692ca8f15277e2da3711578aec0624e7fe4c3771cf37 | |
| windows_amd64.msi | 3d061d1a50bd2a295e72d6a001c4179f4b230e040ed4476ab4c4d72f1ed709ad |
Bug fixes and improvements.
Improvements, new features and functionality
Collecting Data
Added a logscale alias for the humio sink. It is now possible to write type:
logscaleinstead of type:humioin the sinks section.When LogScale rejects an ingest API request due to a request timeout or the request being too large, the Log Collector now divides the ingest request in to multiple parts and attempts to send the split files. If after dividing the ingest request, if a single event still triggers this limit, it will be discarded.
The default LogScale request size limit is 32 MB, while the Log Collector targets maximum of 16 MB of input per request. Due to encoding, particularly control characters or invalid UTF-8 sequences could cause an up to 6x blow up of the request size.
Debugging
The log level for the log message "File is a duplicate of another file." has been changed from warning to info.
Bug Fixes
Collecting Data
Fixed a bug where a duplicate of a file could trigger length updates in the open file source.
If a duplicate file is an included file that has the same fingerprint as another included file. The lexicographically lesser path is considered the active file.
Fixed a bug where an invalid include/exclude pattern in the config of a file source could cause the Log Collector to crash.
The file source now completely ignores files that are of length zero bytes. This should fix an issue where the file source would inadvertently read a compressed file as plain text, if the file was opened when it was empty.
This scenario is most likely to occur when a log file is rotated and compressed. Reading a compressed file as plain text could then induce the above binary file problem regarding U+FFFF.
Fixed a bug when inadvertently reading a binary file could induce a 400 Bad Request from LogScale, which discards data in the Log Collector.
The issue occurs when a binary file contains a UTF-8 sequence of EF BF BF that decodes to U+FFFF. The U+FFFF code point gets interpreted as end-of-input in the applicable LogScale ingest API.