The new release, 2.7.1189 brings a WTMP parser module and a dozen other fixes and enhancements. The following is an excerpt from the changelog:
The LICENSE has changed.
Added a new extension module to parse binary wtmp files on Linux.
Fixed a regression causing a crash after the 'failed to determine FQDN hostname' error message.
The to_syslog_*() procedures can now use $raw_event if $Message is unset to make it easier to convert to syslog.
Added a fix to im_msvistalog to handle the "EvtNext failed with error 13: The data is invalid." error better.
The im_file module now emits the last event when using with the xm_multiline extension.
Fixed the issue with more than 20 fiels and xm_multiline reported in ticket #33.
Json parse errors in raw_event could cause a double free resulting in a crash or undefined behavior.
It is now possible to use multiple instances of xm_perl.
Disallow using a single processor module instance in multiple routes.
The file_chown() procedure in xm_fileop works with user/group names in addtion to uid/gid values.
CloseWhenIdle directive for im_file.
File removal in some circumstances caused im_file to emit "input file does not exist" messages on windows.
In same rare cases im_file would give a panic on windows with "im_file got EAGAIN for read".
The regexp replacement operator s/// was leaking memory.
In some circumstances excess CPU was used when im_file watched several files.
Added some more performance optimizations to im_file to handle a large number of wildcarded files
so that it should consume less resources than before. It also comes with a new DirCheckInterval and
an ActiveFiles directive which can help in some cases when monitoring wildcarded files.
Added a RenameCheck directive to im_file which should help detecting renamed/rotated files.
The deb installer got stuck after trying to (re)start the daemon.