Skip to main content
Sumo Logic

2016 Collector Release Notes

2016 Collector Release Notes

November 28, 2016 (19.170-24)

  • Added support for enhanced Docker container filters with wildcard and exclusion. See Docker Sources.
  • Added support for enabling SNI extension to use the Collector with transparent proxies.  See Enabling SNI Extension for Transparent Proxy.
  • Fixed an issue that could lead to multiple SFTP connections established for remote file sources.

November 9, 2016 (19.170-20)

  • Fixed an issue where the Docker event stream closes after the Collector starts, and the Docker Source is unable to start collecting from new containers.
  • Fixed a connection leak in Docker Sources that prevents the Collector from collecting from new containers after a series of container start/stop activities.

October 21, 2016 (19.170-18)

  • Fixed an issue where the Host Metrics Source prevented certain versions of the Collector from upgrading or downgrading. Affected versions include 19.162-14, 19.162-17, and 19.170-14.  It is necessary to first remove the Host Metrics Source before upgrading to 19.170-18.
  • Fixed an issue where a Syslog configuration could lead to errors when retrieving the host name.

October 17, 2016 (19.170-14)

Enhanced file system security for installed Collectors. The log cache and configuration files for an installed Collector can contain sensitive information. To address possible security issues associated with the cache and configuration files, this Collector release introduces an enhanced file system security mode for Collector installation. The enhanced security mode protects the Collector installation folder at the file system level. When enabled, only the users in the sumologic_collector group have access to the Collector folder. See Enhanced File System Security for Installed Collectors.

Host key verification for Remote File Source. The Sumo Logic Collector can optionally verify the RSA fingerprint for a remote server against a list of known hosts. When host verification is enabled, the Collector collects from a Remote File Source only if the remote host fingerprint is whitelisted in a known_hosts file. See Enable Collector Remote Host Key Verification.

Cipher formats for Remote Files Sources. Added support for hmac-sha2-256 and hmac-sha2-512 cipher formats for Remote File Sources.

RPM and Debian installations. RPM and Debian Collector installations now support user.properties parameters, with backwards compatibility for /etc/sumo.conf parameters.  See user.properties.

Other issues.

  • Fixed an issue where upgrading a collector using the Collector Installer could lead to missing JRE.
  • Syslog source host resolution now use the provided Source host only for locally-emitted events, instead of both remote and local events.
  • Graphite source now supports metrics from the CollectD UDP write_graphite module.
  • Fixed an issue that could cause multi-line messages at the end of a text file to be split incorrectly when there is no trailing newline

Change Log.

  • Username and password registration support is removed from the Collector Installer. Instead, use Access Id and Access Key to register a new Collector.

September 23, 2016

Deprecation of Username/Password for Collector and Source API Authentication. As of September 28, username and password will no longer be supported for API authentication. The API topics have been updated accordingly. See API Authentication.

August 26, 2016 (19.162-17)

Fixed an issue that could cause local Source configuration to save incorrectly during Collector shutdown, resulting in re-ingestion of data.

August 23, 2016 (19.162-14)

  • Fixed an issue where the Host Metrics source prevented the Collector from immediately shutting down.
  • Fixed an issue where the Collector cache was unable to reach its maximum cache size.
  • Fixed an issue where a specific Host Metrics exception could cause an infinite loop.

August 15, 2016 (19.162-12)

  • The Collector now supports fixed size caching of up to 3GB of log data and 1GB of metrics data. To configure these parameters, see https://help.sumologic.com/Send_Data...lector_Caching.
  • Windows Collectors will now default to using the updated Remote Windows Event Log source, which was first introduced with Collector build 19.155. This applies to newly-installed Collectors or upgraded Collectors which were not previously running a Remote Windows Event Log source. For details, see https://help.sumologic.com/Send_Data...ent_Log_Source.
  • Upgraded Windows Collectors with pre-existing Remote Event Log sources are encouraged to migrate to the new Remote Event source, as described at https://help.sumologic.com/Send_Data....155_Collector
  • The Collector no longer includes the “diagtool” Windows diagnostic tool on installation.
  • Fixed an issue where the Collector is unable to monitor its CPU usage, leading to incorrect CPU usage target.
  • Fixed an issue where the Collector fails to start after upgrade because of missing JRE.
  • Fixed an issue where the Collector upgrade fail because of HTTP 504 error.
  • Fixed an issue where the Windows Collector uninstall fails after upgrade.
  • Fixed a bug where the Docker sources fail to detect new containers and ingest data.

July 15, 2016 (19.155-13)

This version contains the following improvements:

  • Fixed an issue with Remote Windows Event Log Sources that causes the error “The specified handle is invalid” to appear in some event messages and in the Collector log.

  • Fixed an issue that causes message upload to the Sumo Logic service to block in the presence of some error conditions.

June 8, 2016 (19.155-3)

This version contains the following improvements:

  • Updated Collector and Sources documentation on DocHub. Added and corrected examples for Collector Management API and JSON Sources, and revised Windows Event Collection documentation.
  • You can now upgrade or downgrade a Collector to a specific Collector version. See Upgrading Collectors using the Web Application.
  • Added official support for Java Runtime Environment 8 (JRE8).
  • Collector updated to include latest JRE8u92. Collectors bundled with a JRE will automatically be upgraded to JRE8u92 upon installation of Collector version 19.155.
  • Significant update to the Remote Windows Event Log Source:
    • Local and Remote Windows Event Sources now both use the native Windows Event API directly. WMI is no longer used for the Remote Source. This provides significant performance gains, and greatly simplifies configuration.
    • See Remote Windows Event Log Source for configuration details.

Bug Fix | Issues that sometimes caused Local Windows Event Sources to prevent a Collector from shutting down cleanly are fixed.

Bug Fix | Fixed a Docker Source bug where the Collector is unable to listen on new containers.

Change Log | The collector no longer creates the installerSources directory on installation.

April 5, 2016 (19.144-9)

Bug Fix | Issues that sometimes caused Local Windows Event Sources to prevent a Collector from shutting down cleanly are fixed.

Bug Fix | A race condition that could cause the collector's HTTP transmitters to hang is fixed.

Bug Fix | An issue that caused a Collector to catch an infinite loop when trying to request Docker logs/stats from a non-existent container is fixed.

Bug Fix | A race condition on Docker client causing a Collector to stop collecting from all containers is fixed.

Bug Fix | Docker Log Sources properly apply Processing Rules.

Bug Fix | Some Docker Log Sources missed the first few messages for newly started containers. This has been resolved.

 

March 2, 2016 (i19.144-6)

Bug Fix | Changed the Collector's default TLS settings to avoid connectivity issues with Online Certificate Status Protocol (OCSP) endpoints, which were reported by some users.OCSP) endpoints, which were reported by some users.

February 25, 2016 (i19.144-5)

This version contains the following improvements:

  • Optimized event retrieval from Local Windows Event Log Sources for dramatic improvements in event collection rate and CPU performance.
  • Improved the Local File Configuration Management feature to allow faster synchronization times when Source configuration files are updated.
  • Removed a memory leak in the Syslog Source that could cause large memory utilization when receiving TCP data from a very large number of connections.
  • Improved code quality.

Deprecation warning | The flag providing access to a legacy Microsoft Event Logging API (local.win.event.collection.flag) is now deprecated.

With the improvements we've introduced in this release, we have consistently observed superior performance by removing this flag, even in single-core scenarios. During the next release of Collector software, this flag will be removed.

January 22, 2016 (i19.137-20)

Bug fix | Fixed a bug that could cause the Collector to miss events from Docker environments with more than eight running containers.

Bug fix | Fixed a bug that could cause the Collector to miss events from Docker environments when the Collector experiences connection issues to Docker.