-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathChangeLog.txt
167 lines (167 loc) · 10.5 KB
/
ChangeLog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
* 2013-04-30 2.4.1054
Fixed packaging for Centos/Redhat 6.
Regexp and regexp replace operators now support the '\' escape character to be able to specify '/' as '\/'.
Corrected a use-after-free when trying to set $raw_event to an undefined value or non-string type.
Fixed a race condition in im_ssl which could result in a segmentation fault under rare circumstances.
Connection error handling should be more robust now in om_tcp and om_ssl.
The Reconnect directive has been obsoleted, this is handled automatically now.
Fixed some build issues with Solaris.
The xm_perl module can be explicitly disabled even if perl is found.
Tweaked the build process so that it compiles and works on IBM AIX.
Fixed default sample configs (#17).
Added a hostname_fqdn() function to return the hostname with the domain part.
The include directive now supports wildcards in file names to be able to include multiple files in a directory.
im_exec has been fixed on Windows and now comes with a Restart directive.
Added a FlowControl directive (global, input and processor module level).
* 2013-03-11 2.3.1027
The pm_evcorr module has been added with advanced event correlation capabilities.
A memory leak has been fixed in the expression evaluator when comparing an undef value against a string.
pm_pattern's REGEXP match now works with integer fields.
IETFTimestampInGMT config directive added to xm_syslog. Timestamps are now emitted in local time in IETF syslog.
Fixed microsecond formatting in IETF syslog (credits go to Eric Wetzel).
* 2013-02-07 2.2.1017
Regexp substitution is now supported with s/// and s///g.
Enhanced error reporting in pm_pattern when 'pcre match_limit reached' is logged.
The json parser leaked memory when input contained raw_event.
Fixed possible race conditions with memory pool handling.
Shutdown sequence reverted to non-async mode.
Load module in STOPPED state in case of config errors.
The delete() procedure was leaking memory.
Module fields.xml files are now installed.
Compile with -Werror=format-security and -Wformat if gcc accepts it.
Fix invalid write in im_udp with apr-1.2 (mostly affecting Centos/Redhat 5).
nxlog-stmnt-verifier loads all locally available modules.
Fixed a possible endless loop in im_exec.
The rename_field() procedure now removes the 'new' field if it exists before renaming 'old' to it.
Updated the reference manual with some examples about parsing syslog from Cisco devices.
Added Cisco ASA/PIX timestamp format which can be parsed automatically: Nov 3 2005 14:50:30
Fixed expression handling for dynamic filenames in im_file so that it is not only evaluated at startup.
SockBufSize option for im_udp and om_udp.
PollInterval directive for im_msvistalog.
Channels are queried directly from the system instead of the registry in im_msvistalog.
* 2012-12-18 v2.1.956
Added a new output module om_http to send logs over HTTP/HTTPs.
Two new procedures: reroute() and add_to_route().
It is now possible to programatically stop and resume the data flow with pm_blocker using the new block() procedure.
The pm_buffer module now uses file chunks to store the data. Assertion failures were fixed (regression in the 2.0 series).
Fixed an infinite loop when "binary logdata (x bytes) does not fit in output buffer".
Fixed im_mseventlog subscription error on windows 2008, a warning is logged now.
replace() gave an assertion failure if the source did not contain anything to be replaced.
Fixed a double free in drop().
* 2012-10-31 v2.0.926
Fixed a memory leak in xm_csv's parse_csv().
Added SnareDelimiter and SnareReplacement directives to xm_syslog to be able to customize Snare syslog output.
The xm_csv module can now format CSV without quoting strings using the new QuoteMethod directive.
A new extension module xm_perl has been added to enable log processing directly from perl.
Added more sanity checks to Application log sources in im_msvistalog to avoid "invalid query xml" errors.
Added a function dropped() to test whether a message has been dropped.
The 'Processors' directive within a module instance config block has been obsoleted.
Blacklist non-wildcarded single files which don't exist in im_file.
Fixed memory leak in im_file with deleted files, suppress "Module xxx has no input files to read" messages.
Locking for statistical variables and counters.
Handle status parameter in init scripts.
* 2012-08-27 v1.4.803
Fixed a race in windows service shutdown, configcache.dat was not saved.
Fixed an uninitialized variable use in the replace() function.
Added proper synchronization to configcache calls.
Added a PollInterval to im_file.
Error conditions are now handled better in im_file with auto blacklisting and retry.
Further optimized im_file to handle a large number of files.
There was a regression in om_dbi introduced in @734 which broke the SQL statement parser (fix by Chris Lemmons).
Fixed a memory leak in om_dbi.
im_msvistalog pulls all non-system application logs by default (ticket #8).
* 2012-07-17 v1.4.764
Added buffer_size() and buffer_count() to pm_buffer and a section 'Explicit drop' to the docs.
Processor modules could potentially get stuck in paused state.
Fixed possible reconnect bug when openssl returns EBADF (storage control block address invalid).
Added size(), replace() substr() functions to the core.
Fixed asertion failure in om_dbi when a value is undef.
Use syslog severity "WARNING" instead of "WARN".
Allow trailing undef in CSV lines in xm_csv.
Bundle fields.xml in the source to describe the fields used by the modules.
im_file has been rewritten to support a large number of files.
* 2012-06-03 v1.4.729
A new extension module xm_multiline has been added for multi-line message parsing.
Timeout increased to 15 seconds when SIGTERM is sent.
Fixed file_cycle() on windows (gave ERROR failed to check whether file exists).
xm_fileop was missing from the WIX build file (and thus the MSI package).
Added datetime(INTEGER) and ip4addr(INTEGER) functions.
im_exec kills the process if it did not exit on module shutdown.
* 2012-05-18 v1.4.712
String literals specified with double quotes can contain escape sequences such as \n.
im_exec used a non-blocking pipe which resulted in buggy reads.
pm_norepeat was leaking memory.
Error messages from runtime statement evaluation now contain the error location.
Module start stop is now async which should fix segfaults caused by race conditions
during shutdown.
Documentation has been updated with information about the new xm_fileop, the Troubleshooting
and Log rotation sections.
A new extension module xm_fileop has been added to support various file operations
to implement log rotation and retention.
Windows build now comes with apr-1.4.6. Should solve "failed to create pollset
A non-blocking socket operation could not be completed immediately." errors on service start.
Async module start/stop to fix random segfaults on shutdown.
* 2012-04-19 v1.4.686
Print error location (file, line, charpos) of invalid code defined in Exec.
om_tcp could segfault on remote connection reset.
Fixed excess memory use by pause/resume event deduplication.
om_tcp could truncate large buffer writes under hevavy load and slow network.
All field types work in pm_pattern's matchfield.
Added a hostname() function to the core.
There was an off-by-one in regexp captured substring references.
Added an <exec> block into pm_pattern pattern database xml file.
integer(unknown) works also.
Added a CreateDir option to om_file.
Allow x() instead of self->x() when calling private module functions or procedures from self.
Added a file_name() function to im_file.
$SourceModuleName and $SourceModuleType are always set in input modules.
Documented core fields under the Modules section.
Fixed "failed to restore the saved position from bookmark xml" error in im_mseventlog.
om_udp and om_uds could hang when sending data.
xm_csv now supports non-printing and whitespace characters for delimiter, escape and quote chars.
Raised regexp captured substring limit to 100 from 20.
Undef value now properly handled with Binary In/OutputType.
Only link libssl to modules using it.
Support strptime() on platforms without it (e.g. Windows).
parsedate() now supports another loser format: 2011-5-29 0:3:21.
* 2012-03-25 v1.4.635
xm_xml: a new extension module for parsing and generating XML.
xm_json: a new extension module for parsing and generating JSON.
xm_gelf: a new extension module for generating GELF.
Add JSON and XML to Input/OutputFormats for pm_transformer.
Enhanced the documentation with datetime parsing.
* 2012-03-02 v1.4.607
Can now be compiled with older APR v1.2.
Fixed regression in im_file caused by ReadFromLast with wildcarded files.
Memory allocation is more conservative, nxlog should be generally using less memory.
Added reload/restart to init scripts.
Documentation was enhanced, added new chapters: sources.xml, processing.xml, forwarding.xml.
Removed unsafe calls from signal handlers.
Fixed various potential memory leaks and race conditions.
Additional group memberships are honoured on unix/linux when the User directive is defined.
* 2012-01-24 v1.4.571
The code can now be compiled for Android.
The im_mseventlog and im_msvistalog now set the AccountType and Category fields.
SNARE Syslog format support for output.
ReadFromLast configuration directive for im_mseventlog and im_file.
The im_mseventlog module can now produce output in UTF-8.
The im_mseventlog module's error handling was enhanced and is more fault tolerant
against the EventLog subsystems failures.
LICENSE and ChangeLog.txt was missing from the tar.gz source package.
iconv/libiconv dependency was made optional.
Documentation updates and fixes.
* 2012-01-01 v1.4.539
pm_transformer's InputFormat defaults to none if not specified.
om_dbi reconnect fix for MySQL.
Rewritten I/O which yields 2-3x performance boost in some situations.
IETF Syslog (RFC 5424, 5425, 5426) support in xm_syslog and pm_transformer.
* 2011-12-05 v1.2.494
Fixed a database reconnection issue in om_dbi which was affecting postgresql.
Syslog conversion now strips newlines from the message.
A new module, im_msvistalog was added to support reading all messages from
Windows EventLog on Windows2008, Vista and later.
* 2011-11-14 v1.2.464
Added README.txt to windows package.
Fixed service start from command line when invoking nxlog.exe directly.
* 2011-11-05 v1.2.461
exec_async() was creating zombie processes in some cases.