Falcon LogScale Collector 1.7.0 GA (2024-06-03)
| Version? | Type? | Release Date? | Config.Changes? |
|---|---|---|---|
| 1.7.0 | GA | 2024-06-03 | no |
Hide file download links
Download
Hide file hashes
| File | SHA256 Checksum | Hash File |
|---|---|---|
| linux_amd64.deb | 34b044b8f0ae27608927d61ae4042cdece06a6e58a79f539fb3fa6259e8f1cfc | |
| linux_amd64.rpm | a07608c13f03ec0ac3a0eb8d81b1719c9f3bef3dea82feb2e6858208d36e192d | |
| linux_arm64.deb | abe3168393558f48fe53d87f2940b76dbb36d0ead2681bb6fce05f86066c1fa3 | |
| linux_arm64.rpm | 30b6d3d3284c55d07be5c6c4cb98459cf11bceb57096bd2257c7d6168b6c2a7d | |
| macOS_universal.pkg | 4959e1ec177565a6c69942a259c24fcc01f65190789788443b528ec128dfa6b1 | |
| windows_amd64.msi | a8854e2931ac8450fa24a1f8406cef8fcf0ef9418bd4e5ac160d274ec5289b95 |
| Docker Image | Architecture | SHA256 Checksum | Hash File |
|---|---|---|---|
| logscale-collector:1.7.0 | amd64 | 2e0520b8d6fa731aa4d939d84d66ee69d842d9f1f94168122df4c09f68a92c87 | |
| logscale-collector:1.7.0 | arm64 | 2e0520b8d6fa731aa4d939d84d66ee69d842d9f1f94168122df4c09f68a92c87 |
Support for ephemeral hosts.
Performance improvements to the file source on Linux, the Windows Event source and general memory handling.
Improvements, new features and functionality
Collecting Data
The Log Collector has been optimised for a more deterministic memory footprint. Memory is now reserved in the queue before reading from each source. This reduces memory usage in backfill scenarios with a high number of individual files.
The Winevent log source now supports severity filters and custom XPath and XML queries. The severity filter can be used to only include events with specific levels. Adding the key levels: [0,1,2,3] to the channel specification will only include events with levels above 4 (information). The queries can be used to build more specific filters.
Linux only: To reduce the CPU and file I/O usage, the file source now utilises inotify for monitoring file changes.
Other
The backward compatibility checkpoint.json is obsolete from this release. If migrating from a version before 1.4.0 to 1.7.0 and above, you must install and run 1.6.5, in order to preserve the checkpoints.
Debugging
Updated and optimized the internal log messages in the Log Collector by lowering severity levels where appropriate, and elmininating unnecessary messages.
The internal logging component handles more events per second to eliminate the "Dropped debug log" message.
Fleet Management
Added support for ephemeral mode by specifying an ephemeral timeout at enrollment. If a collector is offline for the specified duration, it will be unenrolled and disappear from the fleet overview.
Added auto enrollment functionality that automatically enrolls the Log Collector if it does not have a working access token. Refer to Fleet Modes on how to use this feature.