Collector Release Notes Timeline

EA Collector – 30.101

LogicMonitor EA Collector 30.101 was released on June 9, 2021 and includes the following updates.

Updates

• ADDED support for High Security mode (HSM). Users can choose to install in HSM or Orchestration Compatibility Mode (OCM). The default is OCM. 
  • HSM changes the permissions on the Collector installation folder so that only the owner and root/Administrator can access it.
  • OCM allows non-admin users to access the Collector installation folder. This is useful for users who may be using an orchestration utility to manage agent.conf or anything else in the Collector folder.
• ADDED encryption to selected agent.conf properties.
• ADDED functionality to override openmetrics.url property with openmetrics.host or system.hostname properties when the URL isn’t provided.
• CHANGED the timestamp field to be enabled and set to true by default.
• FIXED an issue where instance groups were not being created for OpenMetrics instances.
• FIXED an issue where company.uuid was not encrypted when the Windows Collector was installed in silent mode.

Known Issues

• A privileged LogicMonitor user cannot use the !getconfig debug command to retrieve credential and company.uuid value.
• Users cannot initialize the HSM mode for a Windows Collector that is installed as a non-Administrator user.
• Upgrading from EA Collector 28.604 to EA Collector 30.000 will fail. We recommend upgrading to GD Collector 30.001 before you upgrade to an EA 30.xxx version.

Developer

• We provide Java classes to help you develop your own LogicModules. These Java classes include SNMP, Expect, and so on. See the Javadoc for EA Collector 30.101.

GD Collector – 30.000

GD 30.000 incorporates all enhancements and fixes found in GD 29.003, as well as EA 29.xxx (29.101, 29.102, 29.104, 29.105, 29.106, 29.107, 29.108, and 29.109).

Updates

Here are a few highlights across the various EA 29.xxx releases that GD 30.000 contains.

• NBAR support for NetFlow.
• LM Logs support.
• Non-root installation no longer depends on sudo.
• The Collector Script Cache.
• Updated Amazon Corretto Java to 11.0.10.9.1.
• Fixed an issue where the Collector would intermittently stop forwarding syslog logs to LM Logs.

For a complete list of changes, visit the individual release notes pages for the various releases.

Known Issues

• When a Collector is installed and restarted before calculation of SHA (collector.service.controller.SHA in agent.conf), the watchdog services won’t run. Users must wait approximately 2 minutes after installation for SHA to be calculated for the first time before they restart the Collector. After this, future restarts should not cause an issue.

EA Collector – 30.100

Changes

• Added an agent.conf directive (vault.credentials.refresh.delay) to control the Credential Vault integration cache expiration refresh delay.
• Added JMX metrics for monitoring the CyberArk AAM Credential Vault integration.
• Added two agent.conf properties (sse.collectorgroup.jvm.locale and collector.jvm.locale) to allow tweaking of JVM locale, which is sometimes needed to correct date parsing in some locales. The default for both properties is “en_us”.
• Added obfuscation to the password length in log messages.
• Add metrics to LM Logs Collector DataSource to monitor the performance of the new Windows Event Log integration.
• Added resource mapping logic in LM Logs to use the socket address when hostname is not present for Cisco syslog events.
• Added a new configuration discover.instance.wmi.timeout.seconds for the timeout that is explicitly used in case of adding additional monitoring. The default value of the property is 30s. The property is not added by default in the agent.conf. Customers who face the timeout issue can add this property with the desired timeout value.
• Added agent.conf directive webpage.circular.redirect=false to allow circular redirect following by the WEBPAGE Collector.
• Added support for sFlow v1 and v5 for IPv6.
• Added support for new OpenMetrics collection.
• Added support for filtering by ##DESCRIPTION## in Script ActiveDiscovery.
• Improved Logfile task scheduling after Collector restart.
• Updated to Amazon Java Corretto 11.0.10.9.1.
• Updated the Collector to use G1 garbage collector, instead of the deprecated CMS garbage collector.

Fixes

• Fixed an issue where the Collector would intermittently stop forwarding syslog logs to LM Logs.
• Fixed vulnerabilities in xmlrpc-client-3.1.jar and xmlrpc-common-3.1.jar.
• Fixed an issue where JDBC collection would fail if the username contained a whitespace.
• Fixed an issue with Cisco ASA initiator and responder packet fields in traffic flows. Some ASAs were not showing traffic information in NetFlow.
• Fixed the Collector debug command !snmpdiagnose to now support SNMPv3 with AuthNoPriv mode.
• Fixed proxy.port assignment to properly take the value given in the installer.
• Fixed batchscript collection to properly distinguish instances that share names up to the first period. Previously, “test.test.1” and “test.test.2” were seen as one instance.

EA Collector – 29.109

Updates

• Fixed an issue in EA 29.107 where upgrading failed if the Collector is running as root.

Upgrading from EA 29.107

Note: This issue only applies to upgrades if the Collector is running as root.

To upgrade from EA 29.107 if you’re running it as root, you’ll need to first go to the LogicMonitor portal and try to upgrade the Collector. This upgrade will fail.

Once it fails, execute the following script in the Collector installation directory:

/usr/local/logicmonitor/agent/bin/upgradeFrom29107.sh 29107 29109

The Collector will update after the script runs.

EA Collector – 29.108

Updates

• Added integration support for external credential management using CyberArk Vault. See Credential Vault Integration for the LM Collector.

EA Collector – 29.107

Updates

• Fixed various issues to improve performance for LM Logs and Syslog collection.
• Fixed an issue for NetFlow NBAR that caused the Collector memory to max out.

Known Issues

• EA Collector 29.107 fails to upgrade if the collector is running as root. This has been fixed in EA Collector 29.109. See Release Notes.

Downgrading to older versions

If you are downgrading the Linux Collector from EA 29.107 to EA 29.106 or EA 29.105, the commands are different:

To downgrade to EA 29.106, run the following commands:

sudo chmod +x /usr/local/logicmonitor/agent/bin/nonroot_enhancements.sh
sudo /usr/local/logicmonitor/agent/bin/nonroot_enhancements.sh upgrade

To downgrade to EA 29.105, run the following commands:

sudo chmod +x /usr/local/logicmonitor/agent/bin/nonroot_enhancements.sh
sudo /usr/local/logicmonitor/agent/bin/nonroot_enhancements.sh downgrade

EA Collector – 29.106

Important: This Collector version fixes the known issue present in versions 29.101 through 29.105 that was resulting in resources with heartbeats to be incorrectly marked as dead/down.

Enhancements/Updates

• Added JMX metrics for LM Logs
• To better support LM Logs, two new settings have been added to the Collector agent.conf file:
  • lmlogs.syslog.hostname.format – To accommodate syslog hostname headers, set a value of “DO_NOTHING” for this new setting to instruct the Collector to bypass DNS resolution, thus avoiding a resolution on an already-resolved hostname.
  • lmlogs.syslog.useTimestampWhenCollectorReceivedLogs – In order to avoid incorrect time parsing, this new setting should be set to TRUE (FALSE is default) if the syslog events you are sending to LogicMonitor do not include timezone information.
• Non-root installation no longer requires changes to /etc/sudoers. See the Removing Entries from /etc/sudoers File section of these release notes for instructions on removing the entries placed in this file by older Collector installers.
• NetFlow NBAR2 support now honors application slots from optional templates.
• The MongoDB JAR has been upgraded to version 4.0.22.
• Improved handling of blank responses for internal Web Checks.

Fixes

• Fixed the known issue present in versions 29.101 through 29.105 that was resulting in resources with heartbeats to be incorrectly marked as dead/down.
• Fixed issue causing JDBC Active Discovery to ignore non-default ports (the port for a given instance will be stored in WILDVALUE2).
• Fixed SiteMonitor issue causing redirects containing percentage sign (%) characters to fail to be resolved.
• Fixed issue preventing NetFlow data from being displayed.

Removing Entries from /etc/sudoers File

If you installed a Linux-based Collector version 29.105 or earlier running as non-root, edits were made to your /etc/sudoers file to allow the Collector to restart.

As of Collector version 29.106, there is now a separate binary with SUID for this purpose. This means that, upon update to 29.106, edits to your /etc/sudoers file are no longer needed and you can safely remove them—either manually or via script.

Manual Removal of /etc/sudoers Entries

1. Open /etc/sudoers.
2. Remove the following lines:

   Defaults:root !requiretty
   Cmnd_Alias SYSTEMD_LOGICMONITOR_WATCHDOG = /bin/systemctl start logicmonitor-watchdog.service, /bin/systemctl stop logicmonitor-watchdog.service, /bin/systemctl restart logicmonitor-watchdog.service, /bin/systemctl status logicmonitor-watchdog.service
   Cmnd_Alias SYSTEMD_LOGICMONITOR_AGENT = /bin/systemctl start logicmonitor-agent.service, /bin/systemctl stop logicmonitor-agent.service, /bin/systemctl restart logicmonitor-agent.service, /bin/systemctl status logicmonitor-agent.service
   Defaults:logicmonitor !requiretty
   logicmonitor ALL=NOPASSWD: SYSTEMD_LOGICMONITOR_WATCHDOG 
   logicmonitor ALL=NOPASSWD: SYSTEMD_LOGICMONITOR_AGENT 
   logicmonitor ALL=NOPASSWD: /bin/systemctl daemon-reload

3. Run the following commands as root.

   chown root $DEST_DIR/agent/bin/CollectorServiceController
   chmod +x $DEST_DIR/agent/bin/CollectorServiceController
   chmod u+s $DEST_DIR/agent/bin/CollectorServiceController

Where “DEST_DIR” is the location of the installed Collector. The default location is /usr/local/logicmonitor/

Script Removal of /etc/sudoers Entries

1. Open a shell on the Collector.
2. Give the script execution rights:
   1. sudo chmod +x
      /usr/local/logicmonitor/agent/bin/nonroot_enhancements.sh
   2. sudo /user/local/logicmonitor/agent/bin/nonroot_enhancements.sh
      upgrade
   3. You are prompted for the Collector install directory. (If default directory is in use, hit Return.)
   4. The script will remove the entries and restart the Collector.

EA Collector – 29.105

Notes

• A new DataSource named LogicMonitor_Collector_BufferDataReporterLatencyJMX for monitoring latency of the Collector buffer data reporter (via JMX) has been released to specifically work with Collector versions 29.105 and higher. The existing DataSource (LogicMonitor_Collector_BufferDataReporterLatency) is still required for versions 29.104 and lower. LogicMonitor recommends that, even if you’re not yet using Collector version 29.105, you still import this new DataSource. The newer DataSource will not associate until the Collector version is updated to 29.105 or higher at which time it will automatically associate, ensuring a smooth monitoring transition. At that time, the older DataSource will cease to function.

Enhancements/Updates

• LM Logs
  • Previously, syslog events without a hostname header were dropped by the Collector for the LM Logs syslog integration. For these log events, the Collector will now use the socket IP rather than dropping the events (which is consistent with the Syslog EventSource logic). This is particularly relevant for syslog events from Cisco devices.
  • Added support for parsing RFC 3164 and RFC 5424 formatted log events. Previously, the Collector failed to parse the hostname for these formats.
• Several new properties, listed next, are now available to tune requests for Web Checks. These properties all default to 30 seconds and all support an acceptable value range between >0 and <=60.
  • website.http.client.so.timeoutInSec (socket timeout in seconds)
  • website.http.client.connect.timeoutInSec (TCP connection timeout in seconds)
  • website.http.client.read.timeoutInSec (read timeout in seconds)

Fixes

• Fixed issue with syslog collection from Cisco devices.
• Fixed issue preventing ingestion of flow sampling rate when sent in an optional template, which resulted in NetFlow traffic underreporting.
• Fixed a bug that would cause JDBC Active Discovery to ignore the “Port # List” field.
• Fixed an issue where configuration monitoring would change line ending characters.

EA Collector – 29.104

Enhancements/Updates

• Support for LM Logs has been added.
• Upgraded Amazon Java Corretto to 11.0.9.11.1 (October 2020 quarterly update). The Windows Collector has been upgraded to 11.0.9.11.2, which includes a Windows-only fix in addition to the quarterly update.
• Support for the Suppress duplicate EventIDs even when messages differ option has been added. This option resides on the configuration dialog for Windows Event Log EventSources and allows you to override the default suppression that takes place for events with identical EventIDs.
• Upgraded included JBoss Java libraries from 2.0.0 to 2.0.10.
• The !splist debug command now shows the name of the PropertySource in addition to its ID.
• Removed unused syslog related directives from the agent.conf file.
• Enhanced logging for ignored received syslog messages.
• Performance improvements for Windows Event Log EventSources.
• Various minor security improvements.
• Updated the default value of the collector.batchscript.threadpool configuration to 20 threads to support LogicMonitor’s increasing reliance on BatchScript in DataSources.
• Implemented aggregation logic to preserve remaining network flow traffic as “remaining traffic” to persist values to equal bandwidth records.

Fixes

• Excessive DNS lookups are now avoided through the utilization of the local cache with LM Logs.
• An issue causing Script EventSources to not properly report events when running in the SSE has been resolved.

GD Collector – 29.003

Enhancements/Updates

• Upgraded the JRE to Amazon Corretto 11.0.8.10.1

Fixes

• Fixed an issue where PropertySource timeouts weren’t set until after the task was complete, causing them to improperly timeout.
• Fixed a buffer overflow bug in sbproxy that would cause it to restart when trying to process some Windows Event Log EventSource events (only applicable to Windows Collectors).

Known issues

• There is an issue where the installer may not apply the proxy settings input. This only affects the installer. If you already had the properties set they should continue to still work. The workaround is to install another version.