EA Collector – 22.253

EA Collector 22.253 will be released December 23, 2016, and includes the following:

Improvements:

  • We’re now setting a discover.workers option for new Collectors (in the Collector’s agent.conf file).  This value is based on the selected Collector size, and changes the threadpool resources allocated for Active Discovery.
  • XML DataSource post processing wasn’t working for DOCTYPE XML data.  This was due to a previous security improvement.  We’ve improved how the security improvement was implemented to allow XML DOCTYPE DataSource post processing.
  • Log File EventSource alerts weren’t always showing the complete log file path if glob was used in the EventSource definition.  We’ve made improvements such that the full log file path is always displayed in the alert message. 

Bug Fixes:

  • Internal Service checks with the character $ in the POST body (e.g. in a password) were failing for Collector versions > 22.180.  This was due to the $ character not being escaped correctly by the Collector, and has been corrected with version 22.253.
  • Testing Windows Collector connections in the Java configuration dialog wasn’t always working.  This was due to the Collector’s credential not being decrypted correctly for the connection test, and has been corrected.
  • Collectors handling very large volumes of Netflow v9 traffic were sometimes having issues reporting Netflow data. 
  • In EA 22.227 we added logic to verify that the Collector’s sbshutdown process was only shutting down the Collector’s “java.exe” process.  There was one remaining case where this remained an issue, and we’ve corrected this issue with EA 22.253.
  • With EA 22.180 we disabled the gssapi-with-mic and keyboard-interactive user authentication methods for SSH via the Groovy Expect-like API.  However, there were a few rare DataSources that utilized the keyboard-interactive authentication method.  In EA 22.253 we’ve added keyboard-interactive authentication back in.
  • Disabling Syslog EventSource collection didn’t always prevent the Collector from listening on port 514.  This has been corrected.
  • The memory check that occurs during Collector installation wasn’t respecting silent Collector installations.  This has been corrected.
  • Windows Event Logs with an empty attribute field weren’t being correctly reported by the Collector, and therefore weren’t showing up in LogicMonitor.  We’v added logic that ignores empty fields to correct this issue. 
  • The files in the Collector directory only need 755 permissions for the Collector to run.  When the Collector is installed these files are created with the right permissions, but the Collector upgrade process was changing permissions to 777.  This has been corrected. 

In this Article: