NXLog Enterprise Edition version 5.4 Release Announcement

We are happy to report, the next release of NXLog Enterprise Edition v5 is now available.

The version 5.4 fixes issues and brings news functionality. The most noteworthy improvements are summarized below.

  • Support for collecting Apple Endpoint Security events (im_maces)
  • Release was tested on Windows 2022 Server
  • Debian 11 packages added
  • Red Hat Enterprise 8 and Ubuntu 20 AA64 packages
  • Added to_snare() for creating Snare compatible messages
  • Support for pulling data from Azure Log Analytics Workspaces (technology preview)

If you have feedback, would like to see additional improvements, reach out to us.

Download a fully functional trial version of NXLog Enterprise Edition 5.4 here.

Changelog

* 2021-09-06 5.4.7313
    [3525] Added support for Debian 11
    [3532] Updated OpenSSL to 1.1.1l in generic packages to address CVE-2021-3712 and CVE-2021-3711
    [3544] Patched libapr in generic packages to address CVE-2021-35940
    [3206] Added support for resolving additional fields to im_maculs
    [3537] Changed OS name on macOS systems to "macOS"
    [3224] Implemented json array parsing in im_http
    [3503] Fixed assertion failure reported in pm_norepeat
    [3495] Fixed overly noisy warning in putFile logging on Windows
    [3475] Added nxlog version dependency to module packages - DEB
    [3177] Added nxlog version dependency to module packages - RPM
    [2561] Fixed unnecessary ListenAddress logging
    [3492] Fixed runaway reconnection when output hostnames are unresolvable
    [3504] Fixed a crash in im_azure triggered by a missing CA certificate file used in the configuration
    [53] Implemented support for automatically reopening externally rotated output files to om_file
    [3255] Added support for Azure Log Analytics workspaces to im_azure
    [3228] Added support for Apple Endpoint Security framework - im_maces
    [3453] Improved error message in im_ssl when peer does not return a certificate
    [3430] Added support for NetFlow Enterprise fields
    [2297] Implemented InputType for xm_json
    [2824] Improved include_stdout error handling
    [3463] Fixes multiple parsing errors in the DNP3 dissector
    [3057] Fixed faulty reconnect timer tracking in om_udp
    [3191] Fixed im_fim to handle corrupted key value store files gracefully
    [3174] Fixed xm_admin to track reconnection timeouts per IP address
    [3330] Fixed hang in xm_admin when getLog pulls a file over StringLimit
    [3384] Fixed an assertion error in im_file when the input file is truncated
    [3259] Fixed xm_admin to handle moduleStop calls to itself
    [2215] Added support for multiple Channel directives to im_msvistalog
    [3278] Added Reconnect directive to xm_admin
    [3320] Fixed an error causing om_http to fail if Binary mode and compression are both enabled
    [2944] Modified priority of scheduled events to correct behaviour on module start
    [3365] Modified field name restrictions to allow '@'
    [3051] Added support for parsing the URL in incoming POST requests to im_http
    [787] Added support for HTTP PUT to om_http
    [3335] Fixed SSL cipher negotiation issue on SLES12-SP5
    [3379] Fixed EvtRender failed error in im_msvistalog
    [2730] Fixed file_cycle on UNC paths
    [2465] Added OnError directive for customizable http error handling
    [3139] Added NegativeCacheExpiry to xm_resolver
    [3138] Fixed regex escaping in replacement strings
    [3107] Modified syslog parser to use int data type for pid
    [3192] Added OS logging to startup log entry
    [3015] Added new directive DirectoryReadingOrder to im_file
    [3290] Fixed memory leak in im_linuxaudit
    [1593] Added Channel name resolution using ID to im_etw
    [2755] Unified file related directive parsing
    [2516] Added automatic configuration recovery option to xm_admin
    [2452] Improved error message for name resolution errors on Windows
    [3193] Modified im_pcap to restart after an interface error
    [3440] Fixed anchor parsing in im_http
    [3372] Fixed segmentation fault in librdkafka
    [3373] Fixed overly narrow implementation of the AllowUntrusted directive
    [3331] Fixed an error in xm_admin causing getLog to hang when used w/o size specified
    [3416] Fixed im_exec to capture STDERR of the external command
    [3203] Improved om_elasticsearch _bulk API error handling
    [3339] Improved SSL error message "SSL must be configured"
    [3412] Fixed assertion error in im_msvistalog line 1648
    [3303] Added support for api version 2015-02-21 to im_azure fixing HTTP error 409
    [2281] Added warning for '\ ' at end of line
    [3426] Fixed incorrect pointer type for JAVAHOME
    [3424] Fixed segmentation fault in xm_perl when script is not found
    [2936] Fixed a memory leak in im_tcp triggered by high reconnect rates with many connections
    [2850] Added ExcludeSize to im_fim
    [dependencies#104] Updated expat, libcap, librdkafka, pcre2 in generic packages
    [3357] Fixed date formatting in json functions
    [3001] Fixed assert when the input/output converter's instance name is missing
    [1292] Support additional fields (Opcode, Category) in im_etw
    [2978] Added output sanitization to xm_admin's getlog
    [2764] Added UNC path support to im_msvistalog
    [3131] Fixed netflow processing errors in xm_netflow
    [3162] Improved error message when external DLL cannot be loaded on Windows
    [3169] Strip all nxlog modules to save space
    [2647] Updated Windows builds to APR 1.7
    [3129] Fixed im_linuxaudit warnings about additional unknown field types
    [3223] Fixed xm_cef field mapping to better match the standard (end->rt )
    [3301] Fixed a potential SSL related memory leak
    [3296] Added support for Ubuntu 20, Redhat 8 on ARM
    [3274] Fixed panic on unresolvable hostname or non-local address in im_udp
    [3275] Implemented to_snare() function in xm_syslog
    [3205] Fixed missing log generation on opening listen port in im_udp
    [3096] Fixed a potential queue overflow in im_fim and im_regmon
    [3267] Fixed a memory leak in im_linuxaudit
    [3306] Fixed "iconv failed: 84" error in im_wseventing

Share this post