Falcon LogScale Collector 1.7.0 GA (2024-06-03)
| Version? | Type? | Release Date? | Config.Changes? |
|---|---|---|---|
| 1.7.0 | GA | 2024-06-03 | no |
Hide file download links
Download
Hide file hashes
| File | SHA256 Checksum | Hash File |
|---|---|---|
| linux_amd64.deb | 34b044b8f0ae27608927d61ae4042cdece06a6e58a79f539fb3fa6259e8f1cfc | |
| linux_amd64.rpm | a07608c13f03ec0ac3a0eb8d81b1719c9f3bef3dea82feb2e6858208d36e192d | |
| linux_arm64.deb | abe3168393558f48fe53d87f2940b76dbb36d0ead2681bb6fce05f86066c1fa3 | |
| linux_arm64.rpm | 30b6d3d3284c55d07be5c6c4cb98459cf11bceb57096bd2257c7d6168b6c2a7d | |
| macOS_universal.pkg | 4959e1ec177565a6c69942a259c24fcc01f65190789788443b528ec128dfa6b1 | |
| windows_amd64.msi | a8854e2931ac8450fa24a1f8406cef8fcf0ef9418bd4e5ac160d274ec5289b95 |
| Docker Image | Architecture | SHA256 Checksum | Hash File |
|---|---|---|---|
| logscale-collector:1.7.0 | amd64 | 2e0520b8d6fa731aa4d939d84d66ee69d842d9f1f94168122df4c09f68a92c87 | |
| logscale-collector:1.7.0 | arm64 | 2e0520b8d6fa731aa4d939d84d66ee69d842d9f1f94168122df4c09f68a92c87 |
Support for ephemeral hosts
Performance improvements to the file source on linux, the windows Event source and general memory handling
Improvements, new features and functionality
Collecting Data
The Log Collector has been optimised for a more deterministic memory footprint. Memory is now reserved in the queue before reading from each source. This will reduce memory usage in backfill scenarios with a high number of individual files.
Linux only: To reduce the CPU and file I/O usage, the file source now utilises inotify for monitoring file changes.
The Winevent log source now supports severity filters and custom XPath and XML queries. The severity filter can be used to only include events with specific levels, adding the key levels: [0,1,2,3] to the channel specification will only include events with levels above 4 (information). The queries can be used to build more specific filters.
Other
The backward compatibility checkpoint.json is from this release obsolete. If migrating from a version before 1.4.0 to 1.7.0 and above, you need to install and run 1.6.5, in order to preserve the checkpoints.
Debugging
Cleaned up the internal logs messages in the Log Collector. Some lowered in severity and some removed
The internal logging component handles more events per second to eliminate the "Dropped debug log.." message.
Fleet Management
Added support for ephemeral mode by specifying an ephemeral timeout at enrollment. If a collector is offline for the specified duration, it will be unenrolled and disappear from the fleet overview.
Added auto enrollment functionality that automatically enrolls the Log Collector if it does not have a working access token. Refer to Fleet Modes on how to use this feature.