NXLog Enterprise Edition version 5.1 Release Announcement

Release Announcement

We are proud to announce the first minor release in the new major version of NXLog Enterprise Edition.

The release fixes a number of bugs and issues, but more importantly, we are expanding the capabilities of our new passive network monitoring module with additional protocol phrasers focusing on Indrustrial Control Systems. NXLog Enterprise Edition now supports passive network monitoring on Windows systems in addition to Linux and macOS, allowing greater visibility into what is happening on the network. Combined with the added support for industrial control protocols such as BacNet, Profinet and Modbus, the NXLog Enterprise Edition gives capabilities for hardening your security further.

  • Added protocol parser for BACNET
  • Improved handling of complex data in MODBUS packets
  • Added protocol parser for PROFINET
  • Packaged im_pcap - the passive network monitor module for Windows
  • Started shipping individually signed packages on Debian

This release opens the door for exploring NXLog Enterprise's Edition's monitoring features in industrial environments.

If you have feedback, would like to see additional improvements in this area, reach out to us.

Download a fully funcional trial version of NXLog Enterprise Edition 5.1 here.

Changelog

* 2020-09-18 5.1.6133
   [2599] added im_pcap to Windows builds
   [2720] fixed an error that left agent running after uninstall on Redhat
   [2728] changed default configuration to enable NXLog Manager integration by default
   [2372] add BACNET decoder to im_pcap
   [382]  included patterndb.xsd to nxlog package
   [2580] unified nxlog service state defaults in different Linux package flavours
   [2688] added response data parsing to om_raijin
   [2556] fixed segmentation fault in xm_asl
   [1770] improved the handling of nested quotes in xm_kvp
   [2535] im_etw was not populating hostname field
   [2294] enabled dpkg package signing
   [2740] fixed memory leak in nxlog_set_capabilities
   [2319] fixed an error where binding to 0.0.0.0 was causing nxlog to listen on [::]
   [1878] fixed python modules to set PYTHONPATH correctly
   [2493] unified raw event formatting - im_fim
   [2495] unified raw event formatting - im_linuxaudit
   [2376] resurrected lost WSDL file for admin module
   [2629] fixed assert on restart with full pm_buffer queue
   [1989] fixed memory leak in xm_go and im_go
   [2500] unified raw event formatting - im_pcap
   [2502] unified raw event formatting - im_systemd
   [2407] implemented DNP3 protocol parser in im_pcap
   [2496] unified raw event formatting - im_mark
   [2505] unified raw event formatting - xm_netflow
   [2321] fixed an error in xm_exec causing 20s delay in shutdown
   [2504] unified raw event formatting - im_aixaudit
   [2491] unified raw event formatting - im_dbi
   [2628] implemented JSON format for storing complex ModBus reponses
   [2588] fixed an error causing output truncation when operating on large input files
   [2528] updated redis modules to use common TCP code
   [2364] implemented new Capabilities directive
   [2593] fixed an error causing bogus warning about CacheFlushInterval
   [2506] unified raw event formatting - xm_snmp
   [2490] unified raw event formatting - im_bsm
   [2093] updated python modules to work with python 3.x
   [2596] improved im_odbc resilience in case of database deadlock errors
   [2438] modified im_exec to capture STDERR of the executed process
   [2486] unified raw event formatting - im_internal
   [2511] fixed an error in im_wseventing causing to fail to collect forwarded events with EventID 4662
   [2274] implemented common functions for handling raw event formatting
   [2569] made DBName and DBTable directives mandatory for om_raijin
   [2597] fixed assert in im_msvistalog when ResolveSID is enabled
   [2587] fixed a segmentation fault in im_batchcompress
   [2533] fixed an error leading to event loss when nxlog-processor was sending data over a network output
   [2405] implemented logic to find default interface automatically in im_pcap
   [2613] added missing Content-Length to im_http response
   [2397] Fixed lax permissions set by Windows installer when installed in non-default location
   [2409] fixed a memory leak im in_zmq
   [2560] cleanups in xm_admin
   [2576] improved string escaping in om_raijin
   [1892] synchronized librdkafka's "queue.buffering.max.messages" with our LogqueueSize directive
   [2573] fixed missing xm_soapadmin -> xm_admin link to AIX package
   [2388] fixed an error causing delayed scheduled event processing
   [2568] fixed packaging scripts on Solaris to cleanly stop nxlog on uninstall
   [2571] fixed unhelpful error message when include is pointing to a missing directory
   [2454] added doublequotes handlning to LogFile directive
   [2456] fixed high CPU usage when network destination is unavailable
   [2391] unified spelling of EventID field in im_etw and im_msvistalog
   [2582] fixed an error causing stopped im_odbc module to keep SQLite DB file open
   [2372] implemented PROFINET protocol parser in im_pcap

Share this post