NXlog Enterprise Edition Changelog
What's new in NXlog Enterprise Edition 2.8.1248
Dec 19, 2014- The rename_field() procedure was removing the field if the source and destination were the same.
- The regexp and regexp replacement operators can now be used as statements, i.e. Exec $Message =~ s/aaa/bbb/;
- Regular expressions now support the /m modifier to do multiline matching.
- Regular expressions now support the /i modifier to do caseless matching.
- Regular expressions now support the /s modifier to make the '.' match newline characters.
- Fixed a regression introduced with the ActiveFiles directive in im_file when more than one truncation
- did not get noticed. (ticket #40@sf) Credits go to 'savionat'.
- Implemented missing parser support for IPv4 literals.
- Added a host_ip() function to return the IP address associated with the hostname.
- Using exec_async() could have exhausted the memory if it was called at a very high rate.
- om_udp would stop sending messages in some cases after logging "apr_socket_send failed;Connection refused",
- e.g. when graylog2 was not accepting udp packets. It should properly resume now.
- The to_syslog_snare() formatter should now produce better snare compliant output.
- Replace space, ']' and '"' with underscore in IETF syslog structured data field names.
- Context cleaning would result in a segfault in pm_evcorr's thresholded rule if there was no triggering.
- im_tcp and im_ssl on windows is not limited to 500 connections anymore.
- Non-wildcarded File contents would get lost with ReadFromLast FALSE when the file did not exist
- but did appear with unread data.
- im_file does not emit "input file does not exist" warnings at every PollInterval.
- The file_name() function caused assertion failures in some cases on shutdown.
- A regression caused a crash with im_file when the File did not exist.
- A typo in the code was causing a memory leak with rename_field().
New in NXlog Enterprise Edition 2.7.1189 (Feb 5, 2014)
- The LICENSE has changed.
- Added a new extension module to parse binary wtmp files on Linux.
- Fixed a regression causing a crash after the 'failed to determine FQDN hostname' error message.
- The to_syslog_*() procedures can now use $raw_event if $Message is unset to make it easier to convert to syslog.
- Added a fix to im_msvistalog to handle the "EvtNext failed with error 13: The data is invalid." error better.
- The im_file module now emits the last event when using with the xm_multiline extension.
- Fixed the issue with more than 20 fiels and xm_multiline reported in ticket #33.
- Json parse errors in raw_event could cause a double free resulting in a crash or undefined behavior.
- It is now possible to use multiple instances of xm_perl.
- Disallow using a single processor module instance in multiple routes.
- The file_chown() procedure in xm_fileop works with user/group names in addtion to uid/gid values.
- CloseWhenIdle directive for im_file.
- File removal in some circumstances caused im_file to emit "input file does not exist" messages on windows.
- In same rare cases im_file would give a panic on windows with "im_file got EAGAIN for read".
- The regexp replacement operator s/// was leaking memory.
- In some circumstances excess CPU was used when im_file watched several files.
- Added some more performance optimizations to im_file to handle a large number of wildcarded files
- so that it should consume less resources than before. It also comes with a new DirCheckInterval and
- an ActiveFiles directive which can help in some cases when monitoring wildcarded files.
- Added a RenameCheck directive to im_file which should help detecting renamed/rotated files.
- The deb installer got stuck after trying to (re)start the daemon.