- Security fix: Avro-util updated to 0.2.118, fixes CVE-2022-42889
Version 19.415-4
- Security update: apache commons version updated to 1.10, fixes CVE-2022-42889
- Security update: ant version updated to 1.10.11 fixes CVE-2021-36373, CVE-2021-36374
Introducing Sumo Logic Open Source Docs
Welcome to the Sumo Logic Collector Release Notes on our new docs site! We're now open source and encourage you to contribute. We welcome all contributions, from minor typo fixes to brand new docs. Your expertise and sharing can help fellow users learn and expand their knowledge of Sumo Logic.
Version 19.409-3
- Security fix: Upgrade Collector JRE to Corretto 8.342.07.4
- Security fix: CVE-2022-31159 - com.amazonaws:aws-java-sdk-s3
- Security fix: CVE-2022-33980 - org.apache.commons:commons-configuration2
- Bug fix: Stop Collector service if sumojni dll fails to load.
Version 19.403-1
- Feature: Collector support for Linux ARM/Aarch64 based instances, such as AWS Graviton.
- Security update: Ant updated to 1.9.16. Fixes CVE-2021-36373 and CVE-2021-36374
- Security update: Mina-statemachine updated to 2.1.4. Fixes CVE-2021-41973
- Security update: Netty updated to 4.1.77.Final. Fixes CVE-2021-37136, CVE-2021-37137, CVE-2021-21409, CVE-2021-21295, CVE-2021-21290, CVE-2021-43797 and CVE-2021-21290
- Bug Fix: Collector not properly escaping double quotes present in Active Directory objects
- Bug Fix: Retry with skipping events introduced for windows event collection for certain scenarios where bad events were resulting in retry timeouts
- Known issues when upgrading to this version:
- Collector running as non-root user. Collector running as non-root user ( run as mode) cannot be upgraded through the API/Web UI. It will run and give an error message that the upgrade is not possible. It needs to be upgraded manually on your machine. Steps to manually upgrade.
- Collector running on Mac. Collector running on a Mac operating system cannot be upgraded through the API/Web UI. It will stop. It needs to be restarted manually on your machine if upgraded using WEB API or UI. Steps to manually restart.
Version 19.392-13
Bug Fix: Upgrade Manager fixes were made to avoid a manual restart after a Collector upgrade.
Version 19.392-6
Security: Upgraded the Collector JRE to 8.332.08.1 to address several CVEs:
CVE | CVSS | Component |
---|---|---|
CVE-2022-21476 | 7.5 | security-libs/java.security |
CVE-2022-21496 | 5.3 | core-libs/javax.naming |
CVE-2022-21434 | 5.3 | core-libs/java.lang |
CVE-2022-21426 | 5.3 | xml/jaxp |
For details, see the changelog here.
Version 19.392-4
- Security: Removed a writeable zero-byte file that was previously included in Debian and RPM installers.
- Bug Fix: Source configuration requests were not sent to the correct deployment.
- Bug Fix: Duplicate Windows events ingested after upgrading to version 19.386-16 and the Windows API returning an incorrect order of events.
- Bug Fix: The Docker Log Source did not retain the indentation of log messages.
- Bug Fix:
Nullpointerexception
resulted in duplication of events. - Bug Fix: Log4j vulnerability found during installation via RPM method and Docker image.
- Bug Fix: Local File Source multiline boundary regex had an idle timeout issue.
- Bug Fix: Better handling of Active Directory Inventory.
Version 19.386-16
- Security: Bundled JRE version upgraded to 8.322.06.2.
- Bug fix: Memory leak in Windows Events, record number logic for standard event channels.
- Bug fix: Local Windows Event Log Source ingested in legacy format during upgrade when JSON format selected.
- Bug fix: Collector upgrade failure resulting in collector service stopping.
- Bug fix: Log4j vulnerability in RPM and Debian packages.
- Bug fix: Windows Active Directory Source has more default attributes.
- Bug fix: Security fix for Script Source.
2021 Archive
This is an archive of 2021 Collector Release Notes. The current Collector Release Notes are here.
December 29, 2021 (19.375-4)
- Bundled JRE version upgraded to 8.312.07.1.
- Log4j upgraded to 2.17.1.
- Bug fix: Windows events were duplicated due to an issue with bookmarking logic.
- Beta release: Added support for an upcoming feature that allows you to restart your Installed Collector from the collection management page in the Sumo Logic web interface.
December 19, 2021 (19.361-18)
- Log4j upgraded to 2.17.0 to fix the zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-45105).
December 16, 2021 (19.361-16)
- Log4j upgraded to 2.16.0 to fix the zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-45046).
December 11, 2021 (19.361-12)
- Log4j upgraded to 2.15.0 to fix the zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228).
November 1, 2021 (19.361-8)
- The installer is now a trusted vendor of the macOS.
- The Remote Windows Performance Monitor Log Source is removed and no longer supported.
September 15, 2021 (19.361-4)
- Bug Fix: Windows Event Log Sources using Allowlist or Denylist filters could filter more data than expected.
August 30, 2021 (19.361-3)
- Bundled JRE upgraded to 8.302.08.1.1.
- Remote Windows Event Log Sources now support autodiscovery of domain controllers and event collection.
- AWS S3 Archive Sources now support ingestion from your Archive with five-minute granularity.
- Bug Fix: Registration warnings are logged as WARN types.
- Bug Fix: No error message was thrown when creating a Source with an empty logName.
- Bug Fix: Fixed deadlock that caused remote configuration failure.
- Bug Fix: High thread usage.
- Bug Fix: Single backslashes were making Active Directory JSON objects invalid in some scenarios.
- Bug Fix: Failure to uninstall on macOS.
June 22, 2021 (19.351-4)
- You can collect inventory data from Active Directory Database with a Windows Active Directory Source.
- Bundled JRE version upgraded to 8.292.10.2.
- Switched Docker Java dependency from forked version to open source version 3.2.1.
- Security upgrades:
- Google Guava upgraded to 30.1.1.
- Log4j upgraded to 2.13.3.
- Netty upgraded to 4.1.46.
- Bug Fix: Installation could fail on Windows systems when the autorun registry was set.
- Bug Fix: Collector registration failed with the correct hostname when deployed using an AMI in an autoscaling group.
- Bug Fix: Quota reports are now sent after data is successfully collected.
- Redacted: Windows Event Log Sources now have filters to allow or deny specific Windows Event IDs.
May 18, 2021 (19.338-5)
We recommend you upgrade Collectors on MacOS collection page or command line instructions. A manual upgrade using the installer package is not recommended.
- Bundled JRE version upgraded to 8.282.08.1.
- Bundled Jackson version upgraded to 2.11.2.
- Windows Event Sources can now collect forwarded events from a Windows Event Collector.
- Bug Fix: Fixed Docker metrics ingestion with host network mode.
- Bug Fix: Fixed Docker Sources malformed chunk errors for docker-java dependency where Jersey version was upgraded from 2.23 to 2.30.
- Bug Fix: Fixed a permission issue encountered in redacted version 19.338-3 when using the runAs parameter during installation or an upgrade.
- Bug Fix: Fixed a Windows Events Log Source data duplication issue encountered in redacted version 19.338-4 when upgrading/downgrading the collector version.
Windows Event Log Sources configured to ingest in JSON format could take up to five seconds after an upgrade to resume sending events.
April 6, 2021 (19.338-4)
Version Retracted
MacOS: We recommend you upgrade Collectors on MacOS using the Sumo Logic collection page or command line instructions. A manual upgrade using the installer package is not recommended.
- Bundled JRE version upgraded to 8.282.08.1.
- Bundled Jackson version upgraded to 2.11.2.
- Beta release: Windows Event Sources can now collect forwarded events from a Windows Event Collector.
- Bug Fix: Fixed Docker metrics ingestion with host network mode.
- Bug Fix: Fixed Docker Sources malformed chunk errors for docker-java dependency where Jersey version was upgraded from 2.23 to 2.30.
- Bug Fix: Fixed a permission issue encountered in redacted version 19.338-3 when using the runAs parameter during installation or an upgrade.
March 24, 2021 (19.338-3)
Version Retracted
- Bundled JRE version upgraded to 8.282.08.1.
- Bundled Jackson version upgraded to 2.11.2.
- Beta release: Windows Event Sources can now collect forwarded events from a Windows Event Collector.
- Bug Fix: Fixed Docker metrics ingestion with host network mode.
- Bug Fix: Fixed Docker Sources malformed chunk errors for docker-java dependency where Jersey version was upgraded from 2.23 to 2.30.
2020 Archive
This is an archive of 2020 Collector Release Notes. The current Collector Release Notes are here.
November 24, 2020 (19.319-4)
MacOS: We recommend you upgrade Collectors on MacOS using the Sumo Logic collection page or command line instructions. A manual upgrade using the installer package is not recommended.
- Bundled JRE version upgraded to 8.275.01.1.
- Bug Fix: Health Events for Windows Event Log Sources were not updating properly.
- Bug Fix: Windows Event Log collection in JSON format was incorrectly parsing boolean fields as null.
- Bug Fix: Unnecessary character escaping in SNI command line arguments.
- Bug Fix: The vSkipRegistration parameter was not supported with the command line installer when using Installation Tokens.
- Bug Fix: Collector uninstallation issue on MacOS.
- Bug Fix: Fixed vulnerabilities in Docker collection images from Docker Hub.
October 13, 2020 (19.319-2)
- Easily parse your Windows Event Logs with our new capability to ingest them in JSON format. You now have the option to choose between the existing and new JSON format. The new format is more structured and compact than the existing format.
August 25, 2020 (19.308-12)
- Bundled JRE version upgraded to 8.265.01.1.
July 28, 2020 (19.308-2)
- Archive has the option to specify an S3 prefix when forwarding data to an AWS Archive Destination with the processing rule "Archive messages that match". This allows you to segment and organize data in your Archive.
- Installed Collectors now send health events to a Health Events framework. Health events for Installed Collectors cover key collection issues that can occur across various Sources such as Windows events, Docker, or Local and Remote File Sources.
- AccountID is new to the list of AWS instance metadata that the Installed Collector extracts from instance identity documents (IMDSv2) in AWS.
- Docker bug fixes: Collection issues when there was a pause in the generation of data and for short-lived containers.
- Bug fix: The Collector could stop ingesting if it’s unable to connect to servers and too many logs are backed-up on disk.
May 11, 2020 (19.288-10)
- Bundled JRE version upgraded to 8.252.09.1.
- Installed Collectors now use IMDSv2 to collect AWS instance metadata.
- Bug Fix: Docker Stats Sources for metrics were misconfigured when edited.
February 13, 2020 (19.288-3)
- Syslog forwarding supports the option to forward syslog messages without prepending the Collector hostname and timestamp on messages.
- Installed Collectors on AWS EC2 instances automatically get the availabilityZone from AWS instance identity documents.
- Host Metrics Sources collect total CPU usage.
- Bundled JRE version upgraded to 8.242.08.1.
- Beta release: For our new Archive feature, we’ve added a new Processing Rule type named Archive messages that match that allows you to archive log data at the source level on Installed Collectors. To participate contact your Sumo account executive or sign up for an enterprise trial account. Existing Beta customers should upgrade to this version for our latest security library updates.
- Beta release: Collectors send health event data to Sumo Logic such as file path issues, missing heartbeats, throttling events, and when Ingest Budget capacities are reached. Check out our Service Release Note that provides further details. To participate contact your Sumo Logic account executive or sign up for an enterprise trial account.
- Bug Fix: Docker Log Sources could duplicate logs on container restart.
2019 Archive
This is an archive of 2019 Collector Release Notes. The current Collector Release Notes are here.
December 2, 2019 (19.278-10)
- Beta release: For our new Archive] feature, we’ve added a new Processing Rule type named Archive messages that match that allows you to archive log data at the source level on Installed Collectors. To participate contact your Sumo account executive or sign up for an enterprise trial account.
November 5, 2019 (19.253-26)
- Bundled JRE version upgraded to 8.232.09.1.
- Bug Fix: Docker Logs and Stats Sources were not running properly on FIPS enabled Collectors.
- Bug Fix: Remote File Sources caused a connection leak due to the Collector not closing SFTP connections after hitting the retry limit.
- Bug Fix: Wrapper configuration properties could not be set with the Command Line Installer.
- Bug Fix: Addresses a potential security vulnerability where the Run As user information was preserved in the collector.properties file after installation on Windows systems. This fix applies to all prior Collector versions on Windows. You will need to remove the credentials from the collector.properties file manually on existing affected Collectors.
- Bug Fix: A warning message was not provided when the installer was run with an invalid Run As user.
August 13, 2019 (19.253-14)
- Bundled JRE version upgraded to 8.222.10.1 on Linux and macOS and 8.222.10.3 on Windows.
- Bug Fix: FIPS 140-2 compliant Java Cryptography Extension (JCE) couldn’t be enabled on Mac and TAR packaging.
- Bug Fix: The US1 deployment was incorrectly responding with 401 "Credentials no longer accepted by service" to Collectors registered in other deployments.
- Bug Fix: Uppercase JSON file extensions (.JSON) were ignored by Collectors when using JSON files to configure Sources.
- Bug Fix: New Collectors on macOS were failing to install.
August 8, 2019 (19.253-13)
Version Retracted
- Bundled JRE version upgraded to 8.222.10.1 on Linux and macOS and 8.222.10.3 on Windows.
- Bug Fix: FIPS 140-2 compliant Java Cryptography Extension (JCE) couldn’t be enabled on Mac and TAR packaging.
- Bug Fix: The US1 deployment was incorrectly responding with 401 "Credentials no longer accepted by service" to Collectors registered in other deployments.
- Bug Fix: Uppercase JSON file extensions (.JSON) were ignored by Collectors when using JSON files to configure Sources.
June 12, 2019 (19.253-6)
- Bug fix: A Windows Event Source could ingest duplicate data after upgrading its Collector.
May 15, 2019 (19.253-3)
- From this release forward Sumo Logic now bundles the Amazon Corretto JRE, v8.212.04.2, replacing Oracle’s OpenJDK. Note the following changes:
- Users running the Collector on Windows 32 bit systems may require a patch before upgrading. We have set the static download URL for Windows 32 bit machines to point to the previous Collector version. Once your system is patched you can download this version by adding the parameter "?version=19.253-3" at the end of the static URL. For example, https://collectors.us2.sumologic.com/rest/download/linux/32?version=19.253-3
- This and future releases of the Collector do not support Linux 32 bit.
- Added the option to enable FIPS 140-2 compliant Java Cryptography Extension (JCE) on new Installed Collectors to encrypt your data to Sumo Logic's Fed deployment in US1 only. FIPS mode is not supported for any other deployment. If you are unsure whether you are on the Fed deployment, check our deployments.
- New parameters are configurable at install time with the Command Line Installer, eliminating the need to wait until after installation and restarting the Collector service.
March 28, 2019 (19.245-6)
- Bug fix: Remote File Sources support OpenSSH keys with ECDSA, RSA, and ED25519.
- Bug fix: Docker Stats Sources collect all available host metrics when the metrics parameter is omitted or provided as an empty array in JSON configurations.
March 18, 2019 (19.245-4)
- Script Sources and Script Actions now need to be enabled on new Collectors using the parameters,
enableScriptSource
andenableActionSource
. Previously these Sources were automatically enabled and we required you to disable them if needed. The new parameters are automatically added to existing Collectors when upgraded. They are set to true on Collectors that already have these Sources and set to false if the Collector doesn’t have these Sources. - Bug fix: Denylist path expressions on Windows are now case insensitive to match Window’s behavior.
March 6, 2019 (19.227-24)
- To maintain backward compatibility we've updated the parameters for Script and Action Sources in preparation for an upcoming release.
February 12, 2019 (19.227-22)
- Bundled JRE version upgraded to 8u202.
- Bug fix: Windows Collector upgrades could fail due to a timeout when checking for privileges of the user running the Collector service.
January 14, 2019 (19.227-19)
- Streaming Metrics Sources now support the Prometheus metric format.
- Host Metrics Sources now support the Disk_UsedPercent metric, which provides the used disk space percentage.
2018 Archive
This is an archive of 2018 Collector Release Notes. The current Collector Release Notes are here.
October 31, 2018 (19.227-15)
- Bundled JRE version upgraded to 8u192.
October 8, 2018 (19.227-14)
- Local and Remote File Sources on Linux systems now ignore
/var/log/(lastlog|btmp|wtmp)
binary files instead of ingesting them. - Bug fix: Collecting metrics with a Docker Stats Source could cause high CPU usage.
- Bug fix: Added a missing dependency that was causing the Remote Windows Performance Monitor Log Source to not collect logs as expected.
August 9, 2018 (19.227-12)
- Updated the Collector's cookie management policy to prepare for a receiver change.
- Bundled JRE version upgraded to 8u181.
July 16, 2018 (19.227-11)
- Bug fix: When configuring Docker Sources without environment variables or labels null pointer exceptions were not handled appropriately.
- Bug fix: Remote File Sources were scanning from the current directory instead of the root directory when using leading wildcards in paths.
June 7, 2018 (19.227-4)
- Docker Stats Source can now be configured to ingest metrics time series instead of JSON log messages. See Docker Sources for details.
- Bug fix: Local and Remote Log File Sources were not immediately detecting new or modified files in certain nested directory structures when a wildcard was used in the path expression.
- Redundancy file added for Source configurations to prevent possible re-ingestion of data. If you upgrade from version 19.209 to 19.216 or 19.227 on Mac OS X, you must manually restart the collector service after upgrading.
May 16, 2018 (19.216-38)
- Bundled JRE version upgraded to 8u172.
- Bug fix: Misconfigurations in data forwarding could lead to high CPU usage.
- Bug fix: Extremely large Windows event log entries in an event channel could cause collection to stop for that channel.
May 1, 2018 (19.216-33)
- Enhanced metadata allowing you to customize
sourceCategory
andsourceHost
with environment variables, labels, and tags. Docker tags welcome, for more information see Collect Logs and Stats from Docker. - Metrics support for Carbon 2.0 format has arrived with a new Source, Streaming Metrics. This will support Graphite format as well so our Graphite Source has been renamed. For more information, see Streaming Metrics Source.
- Data Forwarding is now more reliable for HTTP and Syslog destinations. Data is queued on disk when in-memory fills instead of causing your system to run out of memory. To configure your data forwarding queue limits see Forward Data from an Installed Collector.
- SystemD is now the default init system on Linux distributions that support SystemD.
- Simplified installation for the Linux binary package as a result of an updated Tanuki wrapper. For more information, see Install a Collector on Linux.
Known Issues
- Downgrading from version 19.216 to 19.209 is not supported due to 19.216 having a new Tanuki wrapper.
- When upgrading from version 19.209 to 19.216 on Ubuntu 16 and above using a shell executable file (.sh), Debian, or the Web UI you will need to manually restart the collector service after upgrading.
- Upgrading Collectors without administrator privileges on Windows to 19.216 or higher will require a manual upgrade installation.
April 24, 2018 (19.209-41)
- Changes to upgrade codepaths in preparation for upcoming release.
- Bug fix: Collector unable to start after an upgrade when using a custom installation path on Windows 32-bit.
March 5, 2018 (19.209-37)
- Bundled JRE version upgraded to 8u162.
February 15, 2018 (19.216-22)
::: Important Version redacted :::
- Enhanced metadata allowing you to customize sourceCategory and sourceHost with environment variables, labels, and tags. Docker tags welcome, for more information see Collect Logs and Stats from Docker.
- Metrics support for Carbon 2.0 format has arrived with a new Source, Streaming Metrics. This will support Graphite format as well so our Graphite Source has been renamed. For more information, see Streaming Metrics Source.
- Data Forwarding is now more reliable for HTTP and Syslog destinations. Data is queued on disk when in-memory fills instead of causing your system to run out of memory. To configure your data forwarding queue limits see Forward Data from an Installed Collector.
- SystemD is now the default init system on Linux distributions that support SystemD.
- Simplified installation for the Linux binary package as a result of an updated Tanuki wrapper. For more information, see Install a Collector on Linux.
- Bundled JRE version upgraded to 8u162.
February 1, 2018 (19.209-26)
- Bug fix: Docker stats source failed to start and collect stats.
- Bug fix: Added a socket timeout when connecting to HTTP proxy servers to prevent the Collector from going offline.
2017 Archive
This is an archive of 2017 Collector Release Notes. The current Collector Release Notes are here.
December 20, 2017 (19.209-23)
- The Sumo collector is updated to include the latest Java 8 JRE from Oracle, version 8u152. Collectors bundled with a JRE will automatically be upgraded to JRE version 8u152 upon installation.
- Added support for preserving Access Key in the
user.properties
file after the collector registers with the Sumo service. The new parameter for the command line installer is-VskipAccessKeyRemoval=true
. The corresponding property in user.properties isskipAccessKeyRemoval=true
. - Added support for specifying the sources for a collector in a directory of JSON source files when registering a collector with cloud-based source configuration. Previously, you could only specify a file with the sources property in the
user.properties
file. Now you can specify a folder of JSON files with the sources property. - Bug fix - Docker stats sources unexpectedly stopped.
- Bug fix - Implemented targeted optimizations to reduce CPU usage and disk I/O for certain local file sources.
- Bug fix - In some cases, the HTTP sender stopped sending data after loss of connectivity.
October 24, 2017 (19.209-8)
- Bug fix - Host metrics sources did not correctly handle source renaming, leading to double ingestion.
- Bug fix - Docker stats sources did not honor mask processing rules.
- Bug fix - Docker stats sources failed with an “Error getting container info” message in log.
August 31, 2017 (19.209-5)
- As of this release, the Sumo collector is built to target the Java 8 runtime. Java 6 and Java 7 are no longer supported as the collector runtime, and Solaris is no longer supported. When you upgrade collectors, JRE 8 or later is required. The Sumo collector with a bundled JRE now ships with JRE 8, so in this case no action is required.
- This release includes the following reliability fixes and enhancements to the Docker Log source and the Docker Stats source:
- Bug fix - In the Docker Log source, the multiline detection did not work.
- Bug fix - Hot retry when connecting to a container failed.
- Bug fix - The poll interval parameter for the Docker Stat source can now be modified after it is initially defined.
- Support was added for additional Docker event types. Sumo now supports all Docker event types. For information about Docker event types, see Monitor Events in Docker help.
- This release includes the following security fixes:
- Bug fix - Command injection in remote ssh tail source.
- Bug fix - Command injection in .deb/.rpm installer.
- Bug fix - Update the 3rd-party library Jacob to the latest version (1.18) .
- Bug fix - The collector failed to uninstall after downgrade.
- Bug fix - Script source can cause collector upgrade to fail with timeout.
- Bug fix - Syslog sources will now trim trailing newline characters from messages
- Bug fix - Fixed an crash that occurred when a data forwarding rule regex contained a colon.
- Two restrictions related to configuring sources using JSON files have been removed:
- Previously, when configuring all sources in a single JSON file, the sources had to be defined in a
sources
JSON array. Now, you can usesource
elements without enclosing them in asources
array. Using thesources
array is still supported. - Previously, when configuring the collector using a directory of JSON files, only a single source could be defined per JSON file. Now, you can define multiple sources per JSON file. You can specify the multiple sources in a
sources
array, or using asource
element for each source.
- Previously, when configuring all sources in a single JSON file, the sources had to be defined in a
- Bug fix - Masked the password field in the forwarding sink types.
June 27, 2017 (19.182-44)
- Bug fix: Debug information, which may contain the access key, is shown when installing the package on the console.
June 19, 2017 (19.182-43)
- Collector is updated to include the latest Java 8 JRE from Oracle, version 8u131. Collectors bundled with a JRE will automatically be upgraded to JRE8u131 upon installation.
- The Collector now resolves
"{hostname}"
,"{file}"
, and"{category}"
tokens in syslog data forwarding to message-specific values. In the past, these tokens were resolved to cloud-configured values. - When forwarding data from a syslog source to a syslog endpoint with additional tokens configured, a new header consisting of prival, timestamp, and host will be included at the start of forwarded messages. Previously only prival was appended.
- The collector will now emit information about the resolved IP addresses of the Sumo Logic service to its operational log file. This information is logged during collector startup and shutdown.
- The collector now reports additional information to the Sumo Logic service about the JRE it is executing under.
- Bug fix: The collector daemon service could be incorrectly removed after upgrading the Collector using the installer package.
- Bug fix: The collector installer could accidentally remove the configuration when running on a machine where the collector was previously installed.
- Bug fix: The collector could start more than one thread when monitoring a source JSON configuration file for changes (
syncSources
), leading to source synchronization issues.
April 4, 2017 (19.182-25)
- Bug fix: The Docker Log Source may drop or duplicate logs during collection with certain Docker engine configurations.
- Bug fix: Unable to upgrade Windows Collector from Web UI. Message indicates unable to remove files.
- Bug fix: All changes to configuration properties in the collector.properties file are now picked up by the Sumo Logic service.
February 13, 2017 (19.182-17)
- Windows Event Sources now translate SID fields to 'domain/user (SID)' format by default.
- File Sources on Windows now support NTLMv2.
- As a security enhancement, access key is automatically removed from user.properties following successful installation.
- The Docker Source can ingest logs and statistics from short-lived containers.
- The Docker Log Source can ingest the last set of logs before a container crashes or terminated.
- Support is added for additional Collector parameters during installation, including hostname, time zone, category, target CPU, and description. See Installed Collectors.
- Bug fix: Certain Collector upgrade failures are now reported immediately in the web UI.
- Bug fix: The cacerts folder is now preserved when upgrading Collectors using the Installer.
- Bug fix: The Docker Log Source now collects final log lines while a container is stopping.
- Bug fix: An optional parameter is added during Windows AMI installation to delay registering until the EC2 instance hostname is available. See Add a Collector to a Windows Machine Image.
- Bug fix: Fixes a CPU targeting bug that prevents increasing collection when CPU usage is low.
- Bug fix: Adds support for overriding maximum number of threads per Source when CPU targeting is enabled.
- Bug fix: Fixes a Collector process CPU usage reporting issue in collector-usage.log.
- Bug fix: No longer populates Collector name when installing Collector on a Machine Image.
- Bug fix: Allow sources to forward to multiple syslog destinations with the same host and port.
- Bug fix: Multi-line messages are now handled correctly when forwarding from a UDP syslog source to a UDP syslog endpoint.
January 12, 2017 (19.170-27)
- Fixed an issue where the Docker Source ingests duplicate messages and produces excessive collector logging if the Source experiences temporary disconnect with the Docker daemon.
- Fixed an issue where the Docker Source collects from less than the configured container limit when container filter is specified.
- Fix: Added a socket timeout when connecting to HTTP proxy servers to prevent the Collector from going offline.
2016 Archive
This is an archive of 2016 Collector Release Notes. The current Collector Release Notes are here.
November 28, 2016 (19.170-24)
- Added support for enhanced Docker container filters with wildcard and exclusion. See Docker Sources.
- Added support for enabling SNI extension to use the Collector with transparent proxies. See Enabling SNI Extension for Transparent Proxy.
- Fixed an issue that could lead to multiple SFTP connections established for remote file sources.
November 9, 2016 (19.170-20)
- Fixed an issue where the Docker event stream closes after the Collector starts, and the Docker Source is unable to start collecting from new containers.
- Fixed a connection leak in Docker Sources that prevents the Collector from collecting from new containers after a series of container start/stop activities.
October 21, 2016 (19.170-18)
- Fixed an issue where the Host Metrics Source prevented certain versions of the Collector from upgrading or downgrading. Affected versions include 19.162-14, 19.162-17, and 19.170-14. It is necessary to first remove the Host Metrics Source before upgrading to 19.170-18.
- Fixed an issue where a Syslog configuration could lead to errors when retrieving the host name.
October 17, 2016 (19.170-14)
Enhanced file system security for installed Collectors. The log cache and configuration files for an installed Collector can contain sensitive information. To address possible security issues associated with the cache and configuration files, this Collector release introduces an enhanced file system security mode for Collector installation. The enhanced security mode protects the Collector installation folder at the file system level. When enabled, only the users in the sumologic_collector group have access to the Collector folder. See Enhanced File System Security for Installed Collectors.
Host key verification for Remote File Source. The Sumo Logic Collector can optionally verify the RSA fingerprint for a remote server against a list of known hosts. When host verification is enabled, the Collector collects from a Remote File Source only if the remote host fingerprint is whitelisted in a known_hosts file. See Enable Collector Remote Host Key Verification.
Cipher formats for Remote Files Sources. Added support for hmac-sha2-256 and hmac-sha2-512 cipher formats for Remote File Sources.
RPM and Debian installations. RPM and Debian Collector installations now support user.properties parameters, with backwards compatibility for /etc/sumo.conf parameters. See user.properties.
Other issues.
- Fixed an issue where upgrading a collector using the Collector Installer could lead to missing JRE.
- Syslog source host resolution now use the provided Source host only for locally-emitted events, instead of both remote and local events.
- Graphite source now supports metrics from the CollectD UDP write_graphite module.
- Fixed an issue that could cause multi-line messages at the end of a text file to be split incorrectly when there is no trailing newline
Change Log.
- Username and password registration support is removed from the Collector Installer. Instead, use Access Id and Access Key to register a new Collector.
September 23, 2016
Deprecation of Username/Password for Collector and Source API Authentication. As of September 28, username and password will no longer be supported for API authentication. The API topics have been updated accordingly. See API Authentication.
August 26, 2016 (19.162-17)
Fixed an issue that could cause local Source configuration to save incorrectly during Collector shutdown, resulting in re-ingestion of data.
August 23, 2016 (19.162-14)
- Fixed an issue where the Host Metrics source prevented the Collector from immediately shutting down.
- Fixed an issue where the Collector cache was unable to reach its maximum cache size.
- Fixed an issue where a specific Host Metrics exception could cause an infinite loop.
August 15, 2016 (19.162-12)
- The Collector now supports fixed size caching of up to 3GB of log data and 1GB of metrics data. To configure these parameters, see Data Collector caching.
- Windows Collectors will now default to using the updated Remote Windows Event Log source, which was first introduced with Collector build 19.155. This applies to newly-installed Collectors or upgraded Collectors which were not previously running a Remote Windows Event Log source. ).
- Upgraded Windows Collectors with pre-existing Remote Event Log sources are encouraged to migrate to the new Remote Event source.
- The Collector no longer includes the “diagtool” Windows diagnostic tool on installation.
- Fixed an issue where the Collector is unable to monitor its CPU usage, leading to incorrect CPU usage target.
- Fixed an issue where the Collector fails to start after upgrade because of missing JRE.
- Fixed an issue where the Collector upgrade fail because of HTTP 504 error.
- Fixed an issue where the Windows Collector uninstall fails after upgrade.
- Fixed a bug where the Docker sources fail to detect new containers and ingest data.
July 15, 2016 (19.155-13)
This version contains the following improvements:
- Fixed an issue with Remote Windows Event Log Sources that causes the error “The specified handle is invalid” to appear in some event messages and in the Collector log.
- Fixed an issue that causes message upload to the Sumo Logic service to block in the presence of some error conditions.
June 8, 2016 (19.155-3)
This version contains the following improvements:
- Updated Collector and Sources documentation on DocHub. Added and corrected examples for Collector Management API and JSON Sources, and revised Windows Event Collection documentation.
- You can now upgrade or downgrade a Collector to a specific Collector version.
- Added official support for Java Runtime Environment 8 (JRE8).
- Collector updated to include latest JRE8u92. Collectors bundled with a JRE will automatically be upgraded to JRE8u92 upon installation of Collector version 19.155.
- Significant update to the Remote Windows Event Log Source:
- Local and Remote Windows Event Sources now both use the native Windows Event API directly. WMI is no longer used for the Remote Source. This provides significant performance gains, and greatly simplifies configuration.
Bug Fix | Issues that sometimes caused Local Windows Event Sources to prevent a Collector from shutting down cleanly are fixed.
Bug Fix | Fixed a Docker Source bug where the Collector is unable to listen on new containers.
Change Log | The collector no longer creates the installerSources directory on installation.
April 5, 2016 (19.144-9)
Bug Fix | Issues that sometimes caused Local Windows Event Sources to prevent a Collector from shutting down cleanly are fixed.
Bug Fix | A race condition that could cause the collector's HTTP transmitters to hang is fixed.
Bug Fix | An issue that caused a Collector to catch an infinite loop when trying to request Docker logs/stats from a non-existent container is fixed.
Bug Fix | A race condition on Docker client causing a Collector to stop collecting from all containers is fixed.
Bug Fix | Docker Log Sources properly apply Processing Rules.
Bug Fix | Some Docker Log Sources missed the first few messages for newly started containers. This has been resolved.
March 2, 2016 (i19.144-6)
Bug Fix | Changed the Collector's default TLS settings to avoid connectivity issues with Online Certificate Status Protocol (OCSP) endpoints, which were reported by some users.OCSP) endpoints, which were reported by some users.
February 25, 2016 (i19.144-5)
This version contains the following improvements:
- Optimized event retrieval from Local Windows Event Log Sources for dramatic improvements in event collection rate and CPU performance.
- Improved the Local File Configuration Management feature to allow faster synchronization times when Source configuration files are updated.
- Removed a memory leak in the Syslog Source that could cause large memory utilization when receiving TCP data from a very large number of connections.
- Improved code quality.
Deprecation warning | The flag providing access to a legacy Microsoft Event Logging API (local.win.event.collection.flag) is now deprecated.
With the improvements we've introduced in this release, we have consistently observed superior performance by removing this flag, even in single-core scenarios. During the next release of Collector software, this flag will be removed.
January 22, 2016 (i19.137-20)
Bug fix | Fixed a bug that could cause the Collector to miss events from Docker environments with more than eight running containers.
Bug fix | Fixed a bug that could cause the Collector to miss events from Docker environments when the Collector experiences connection issues to Docker.
2015 Archive
This is an archive of 2015 Collector Release Notes. The current Collector Release Notes are here.
December 18, 2015 (i19.137-15)
This Collector software minor upgrade contains two important bug fixes. Upgrading Collectors is required to resolve these issues.
Bug fix | Fixed an issue that could result in a large number of messages being written into the Collector log file when using Syslog UDP Sources.
Bug fix | Improved error messages during unattended (quiet) installation.
December 8, 2015 (i19.137)
New feature | We're proud to announce an improved Collector installer. New features include:
- A new configuration file, named user.properties.
- Support for Advanced settings (Proxy support, Source setup, etc.)
- Improved documentation and failure handling within the installer.
- The Windows Collector Installer is now signed with Microsoft Authenticode to verify that it comes fromSumo Logic.
New feature | We have new options for data forwarding, including data forwarding from Installed Collectors.
Bug fix | Passwords containing the # symbol are now supported for Windows users specified in the "Run As" field.
Bug fix | An issue that could cause Collectors to be incorrectly marked as Offline in the UI has been fixed.
Bug fix | An issue that could cause Collectors to go Offline for a few seconds after receiving a malformed message from the service has been resolved.
August 31, 2015 (i19.127)
This Collector software update contains two important bug fixes. Upgrading Collectors is required to resolve these issues.
Bug fix | Collector installation no longer fails when using the Setup Wizard on a machine where Collector software is already installed.
Bug fix | Improvements in Collector diagnostic logging infrastructure resoles an issue that caused a large number of unused threads. This bug only affected customers using Trial accounts.
June 13, 2015 (i19.119)
Collector software was updated to support our new Onboarding experience. These update don't affect existing Collectors.
May 26, 2015 (i19.118)
New feature | Local Event Tracing (ETW) Support with Windows Event Channels. This update to the Local Windows Event Log Source allows you to specify the Windows Custom Event Channels you'd like to collect from. This option replaces the "Others" option that previously collected whatever events Sumo Logic could find on a Collector. Learn more about Windows Events Channels.
April 25, 2015 (i19.115)
JRE 7 Support. We’ve upgraded to JRE 7, which fixes a potential security vulnerability in JRE 6 (http://www.oracle.com/technetwork...5-1972971.html).
JRE 7 is now included in the Collector package and is installed automatically during the installation process. This applies to new installations on all platforms except UNIX. For UNIX platforms, you need to install JRE before installing the Collector. The Collector still works with JRE 6, but due to the security vulnerability, we encourage you to use JRE 7 and upgrade to the latest Collector.
Performance improvements for Local Windows Event Collection. Local Windows event logs have been optimized and are now collected faster.
Assigning a custom directory for installation. During installation, the Collector installer automatically creates the needed Collector directories in the default location. If you want to specify a different location than the default top level directory, create your own top level directory before you start the installer, and then select it during the installation process.
--
February 28, 2015 (i19.110)
Change log | When collecting Windows Events, if event record IDs were greater than four billion, the Collector could hang on a record ID, causing it to re-collect that record in a loop, causing ingestion delays of more recent events.This issue was due to a 32bit limitation that affected 64bit Collectors. This version of Collector software addresses this limitation, so events with record numbers greater than four billion are properly collected.
New feature | UTF-16 encoding is now supported for Local File Sources.
February 4, 2015 (i19.108)
New Feature | Support for Local Configuration Management. With Local Configuration Management, you can set up and manage all Sources that you’ve set up on a Local Collector using a file that describes each Source’s parameters. The config file then remains on the Collector, and is checked nearly constantly for any changes, making updating Sources a quick process.
New Feature | Support for CPU usage Target.You can now choose to set a CPU Target to limit the amount of CPU processing a Collector uses. This option is applied only to for Local and Remote file Sources.