EA Collector 33.100

LogicMonitor EA Collector 33.100 is released on November 15, 2022 and includes the following updates.

Enhancements

• Upgraded aws-java-sdk-s3 jar to version aws-java-sdk-s3-1.12.264.
• Upgraded hsqldb jar to version 2.7.1.
• Upgraded netty-common-4.1.63.Final jar to version netty-common-4.1.79.Final.
• Upgraded jsoup to version 1.15.3.
• Added LogSource logging support in Collector for logsource.kubernetes and logsource.collectoringestapi components. You can access them on the Manage Collector Logs page on the UI.
• Added property enable.netflow.parallel.execution to considerably reduce the Netflow packet drop issue. By default, the property is set as true. With this enhancement, you can observe negligible packet drops.
• Forwarding Windows event logs to LogicMonitor logs is now supported only through LogSources. We no longer support log forwarding through lmlogs.windowseventlogs.enabled property in agent.conf and lmlogs.winevents.enable (custom) property in the monitored device.
• Prior to this release users had to add the include filter to get the information level logs. To help users, we now support information level logs by default for WMI logsource.
• Added the following counters to Collector DataSource LogicMonitor_Collector_LMLogs for log collection performance monitoring. This will help clarify the present count during device usage and post consumption after increasing the value of these parameters:
  • lmlogs.thread.count.for.ingest.api.communication
  • eventcollector.wineventlog.threadpool
  • eventcollector.wineventlog.max.eventitem
  • eventcollector.syslog.threadpool
  • eventcollector.syslog.queue
• The value of logcollector.wineventlog.max.eventitem  was by default set to 500 for all collector sizes. We have now updated it to suit collectors of all supported sizes.

Fixed Issues

• Fixed an issue where while processing the Syslog message sent to Collector, the initial string were getting trimmed and as a result, the regexnotmatch filter did not work as expected for Syslog LogSources.
• Fixed an issue where Collector read the entire log file multiple times and as a result created duplicate alerts.
• Fixed an issue where Active Discovery scripts behaved differently and failed to collect data when evaluating an undefined property (for example, host property does not exist). To fix the issue, we introduced HostProps as an environment variable. Now, Active Discovery scripts can collect data even if a property does not exist.
• Fixed an issue where internal webcheck failed to follow redirect for http code 308.
• Fixed an issue where some of the Windows event logs were missing on the LogicMonitor Logs page when LogSources were used for collection.
• Fixed an issue where the remote session did not stop from collector-side. To fix this issue we added remotesession.timeout.seconds property to agent.conf. Its value defaults to 600 seconds and supports minimum 300 seconds. However, we recommend that you set it to less than or equal to 1800 seconds.
• Fixed an issue where using the regex method for resource mapping in LogSource, while performing the regex operation on the Message field of the Syslog event, the messages were trimmed and partial value was sent. As a result, the regex operation was applied only to the partial match. To fix the issue, we now perform the regex operation on the rawMessage field of the Syslog event which ensures that the entire event is sent without trimming.
• Fixed an issue where WMI password in plain text was exposed in the Event viewer during Poll Now. We have masked the password to strengthen its security.

Known Issue

• You might observe that during WMI log collection some logs are missing/duplicate around the time when collector restarts, and hence, on the Logs page the total logs count does not match when compared with the expected logs generated from devices.