Skip to main content
Sumo Logic

Collector Release Notes

April 4, 2017 (19.182-25)

  • Bug fix: The Docker Log Source may drop or duplicate logs during collection with certain Docker engine configurations.
  • Bug fix: Unable to upgrade Windows Collector from Web UI. Message indicates unable to remove files.
  • Bug fix: All changes to configuration properties in the file are now picked up by the Sumo Logic service.

February 13, 2017 (19.182-17)

  • Windows Event Sources now translate SID fields to 'domain/user (SID)' format by default
  • File Sources on Windows now support NTLMv2
  • As a security enhancement, access key is automatically removed from following successful installation
  • The Docker Source can ingest logs and statistics from short-lived containers
  • The Docker Log Source can ingest the last set of logs before a container crashes or terminated.
  • Support is added for additional Collector parameters during installation, including hostname, time zone, category, target CPU, and description.  See Installed Collectors.

  • Bug fix: Certain Collector upgrade failures are now reported immediately in the web UI
  • Bug fix: The cacerts folder is now preserved when upgrading Collectors using the Installer
  • Bug fix: The Docker Log Source now collects final log lines while a container is stopping
  • Bug fix: An optional parameter is added during Windows AMI installation to delay registering until the EC2 instance hostname is available.  See Add a Collector to a Windows Machine Image.

  • Bug fix: Fixes a CPU targeting bug that prevents increasing collection when CPU usage is low.
  • Bug fix: Adds support for overriding maximum number of threads per Source when CPU targeting is enabled.
  • Bug fix: Fixes a Collector process CPU usage reporting issue in collector-usage.log.
  • Bug fix: No longer populates Collector name when installing Collector on a Machine Image.
  • Bug fix: Allow sources to forward to multiple syslog destinations with the same host and port.
  • Bug fix: Multi-line messages are now handled correctly when forwarding from a UDP syslog source to a UDP syslog endpoint.

January 12, 2017 (19.170-27)

  • Fixed an issue where the Docker Source ingests duplicate messages and produces excessive collector logging if the Source experiences temporary disconnect with the Docker daemon. 
  • Fixed an issue where the Docker Source collects from less than the configured container limit when container filter is specified.

November 28, 2016 (19.170-24)

  • Added support for enhanced Docker container filters with wildcard and exclusion. See Docker Sources.
  • Added support for enabling SNI extension to use the Collector with transparent proxies.  See Enabling SNI Extension for Transparent Proxy.
  • Fixed an issue that could lead to multiple SFTP connections established for remote file sources.

November 9, 2016 (19.170-20)

  • Fixed an issue where the Docker event stream closes after the Collector starts, and the Docker Source is unable to start collecting from new containers.
  • Fixed a connection leak in Docker Sources that prevents the Collector from collecting from new containers after a series of container start/stop activities.

October 21, 2016 (19.170-18)

  • Fixed an issue where the Host Metrics Source prevented certain versions of the Collector from upgrading or downgrading. Affected versions include 19.162-14, 19.162-17, and 19.170-14.  It is necessary to first remove the Host Metrics Source before upgrading to 19.170-18.
  • Fixed an issue where a Syslog configuration could lead to errors when retrieving the host name.

October 17, 2016 (19.170-14)

Enhanced file system security for installed Collectors. The log cache and configuration files for an installed Collector can contain sensitive information. To address possible security issues associated with the cache and configuration files, this Collector release introduces an enhanced file system security mode for Collector installation. The enhanced security mode protects the Collector installation folder at the file system level. When enabled, only the users in the sumologic_collector group have access to the Collector folder. See Enhanced File System Security for Installed Collectors.

Host key verification for Remote File Source. The Sumo Logic Collector can optionally verify the RSA fingerprint for a remote server against a list of known hosts. When host verification is enabled, the Collector collects from a Remote File Source only if the remote host fingerprint is whitelisted in a known_hosts file. See Enable Collector Remote Host Key Verification.

Cipher formats for Remote Files Sources. Added support for hmac-sha2-256 and hmac-sha2-512 cipher formats for Remote File Sources.

RPM and Debian installations. RPM and Debian Collector installations now support parameters, with backwards compatibility for /etc/sumo.conf parameters.  See

Other issues.

  • Fixed an issue where upgrading a collector using the Collector Installer could lead to missing JRE.
  • Syslog source host resolution now use the provided Source host only for locally-emitted events, instead of both remote and local events.
  • Graphite source now supports metrics from the CollectD UDP write_graphite module.
  • Fixed an issue that could cause multi-line messages at the end of a text file to be split incorrectly when there is no trailing newline

Change Log.

  • Username and password registration support is removed from the Collector Installer. Instead, use Access Id and Access Key to register a new Collector.

September 23, 2016

Deprecation of Username/Password for Collector and Source API Authentication. As of September 28, username and password will no longer be supported for API authentication. The API topics have been updated accordingly. See API Authentication.

August 26, 2016 (19.162-17)

Fixed an issue that could cause local Source configuration to save incorrectly during Collector shutdown, resulting in re-ingestion of data.

August 23, 2016 (19.162-14)

  • Fixed an issue where the Host Metrics source prevented the Collector from immediately shutting down.
  • Fixed an issue where the Collector cache was unable to reach its maximum cache size.
  • Fixed an issue where a specific Host Metrics exception could cause an infinite loop.

August 15, 2016 (19.162-12)

  • The Collector now supports fixed size caching of up to 3GB of log data and 1GB of metrics data. To configure these parameters, see
  • Windows Collectors will now default to using the updated Remote Windows Event Log source, which was first introduced with Collector build 19.155. This applies to newly-installed Collectors or upgraded Collectors which were not previously running a Remote Windows Event Log source. For details, see
  • Upgraded Windows Collectors with pre-existing Remote Event Log sources are encouraged to migrate to the new Remote Event source, as described at
  • The Collector no longer includes the “diagtool” Windows diagnostic tool on installation.
  • Fixed an issue where the Collector is unable to monitor its CPU usage, leading to incorrect CPU usage target.
  • Fixed an issue where the Collector fails to start after upgrade because of missing JRE.
  • Fixed an issue where the Collector upgrade fail because of HTTP 504 error.
  • Fixed an issue where the Windows Collector uninstall fails after upgrade.
  • Fixed a bug where the Docker sources fail to detect new containers and ingest data.

July 15, 2016 (19.155-13)

This version contains the following improvements:

  • Fixed an issue with Remote Windows Event Log Sources that causes the error “The specified handle is invalid” to appear in some event messages and in the Collector log.

  • Fixed an issue that causes message upload to the Sumo Logic service to block in the presence of some error conditions.

June 8, 2016 (19.155-3)

This version contains the following improvements:

  • Updated Collector and Sources documentation on DocHub. Added and corrected examples for Collector Management API and JSON Sources, and revised Windows Event Collection documentation.
  • You can now upgrade or downgrade a Collector to a specific Collector version. See Upgrading Collectors using the Web Application.
  • Added official support for Java Runtime Environment 8 (JRE8).
  • Collector updated to include latest JRE8u92. Collectors bundled with a JRE will automatically be upgraded to JRE8u92 upon installation of Collector version 19.155.
  • Significant update to the Remote Windows Event Log Source:
    • Local and Remote Windows Event Sources now both use the native Windows Event API directly. WMI is no longer used for the Remote Source. This provides significant performance gains, and greatly simplifies configuration.
    • See Remote Windows Event Log Source for configuration details.

Bug Fix | Issues that sometimes caused Local Windows Event Sources to prevent a Collector from shutting down cleanly are fixed.

Bug Fix | Fixed a Docker Source bug where the Collector is unable to listen on new containers.

Change Log | The collector no longer creates the installerSources directory on installation.

April 5, 2016 (19.144-9)

Bug Fix | Issues that sometimes caused Local Windows Event Sources to prevent a Collector from shutting down cleanly are fixed.

Bug Fix | A race condition that could cause the collector's HTTP transmitters to hang is fixed.

Bug Fix | An issue that caused a Collector to catch an infinite loop when trying to request Docker logs/stats from a non-existent container is fixed.

Bug Fix | A race condition on Docker client causing a Collector to stop collecting from all containers is fixed.

Bug Fix | Docker Log Sources properly apply Processing Rules.

Bug Fix | Some Docker Log Sources missed the first few messages for newly started containers. This has been resolved.


March 2, 2016 (i19.144-6)

Bug Fix | Changed the Collector's default TLS settings to avoid connectivity issues with Online Certificate Status Protocol (OCSP) endpoints, which were reported by some users.OCSP) endpoints, which were reported by some users.

February 25, 2016 (i19.144-5)

This version contains the following improvements:

  • Optimized event retrieval from Local Windows Event Log Sources for dramatic improvements in event collection rate and CPU performance.
  • Improved the Local File Configuration Management feature to allow faster synchronization times when Source configuration files are updated.
  • Removed a memory leak in the Syslog Source that could cause large memory utilization when receiving TCP data from a very large number of connections.
  • Improved code quality.

Deprecation warning | The flag providing access to a legacy Microsoft Event Logging API ( is now deprecated.

With the improvements we've introduced in this release, we have consistently observed superior performance by removing this flag, even in single-core scenarios. During the next release of Collector software, this flag will be removed.

January 22, 2016 (i19.137-20)

Bug fix | Fixed a bug that could cause the Collector to miss events from Docker environments with more than eight running containers.

Bug fix | Fixed a bug that could cause the Collector to miss events from Docker environments when the Collector experiences connection issues to Docker.

December 18, 2015 (i19.137-15)

This Collector software minor upgrade contains two important bug fixes. Upgrading Collectors is required to resolve these issues.

Bug fix | Fixed an issue that could result in a large number of messages being written into the Collector log file when using Syslog UDP Sources.

Bug fix | Improved error messages during unattended (quiet) installation.

December 8, 2015 (i19.137)

New feature | We're proud to announce an improved Collector installer. New features include:

  • A new configuration file, named
  • Support for Advanced settings (Proxy support, Source setup, etc.)
  • Improved documentation and failure handling within the installer.
  • The Windows Collector Installer is now signed with Microsoft Authenticode to verify that it comes fromSumo Logic.

New feature | We have new options for data forwarding, including data forwarding from Installed Collectors.

Bug fix | Passwords containing the # symbol are now supported for Windows users specified in the "Run As" field.

Bug fix | An issue that could cause Collectors to be incorrectly marked as Offline in the UI has been fixed.

Bug fix | An issue that could cause Collectors to go Offline for a few seconds after receiving a malformed message from the service has been resolved.

August 31, 2015 (i19.127)

This Collector software update contains two important bug fixes. Upgrading Collectors is required to resolve these issues.

Bug fix | Collector installation no longer fails when using the Setup Wizard on a machine where Collector software is aready installed.

Bug fix | Improvements in Collector diagnostic logging infrastructure resoles an issue that caused a large number of unused threads. This bug only affected customers using Trial accounts.

June 13, 2015 (i19.119)

Collector software was updated to support our new Onboarding experience. These update don't affect existing Collectors.

May 26, 2015 (i19.118)

New feature | Local Event Tracing (ETW) Support with Windows Event Channels. This update to the Local Windows Event Log Source allows you to specify the Windows Custom Event Channels you'd like to collect from. This option replaces the "Others" option that previously collected whatever events Sumo Logic could find on a Collector. Learn more about Windows Events Channels.

April 25, 2015 (i19.115)

JRE 7 Support. We’ve upgraded to JRE 7, which fixes a potential security vulnerability in JRE 6 (

JRE 7 is now included in the Collector package and is installed automatically during the installation process. This applies to new installations on all platforms except UNIX. For UNIX platforms, you need to install JRE before installing the Collector. The Collector still works with JRE 6, but due to the security vulnerability, we encourage you to use JRE 7 and upgrade to the latest Collector.

Performance improvements for Local Windows Event Collection. Local Windows event logs have been optimized and are now collected faster.

Assigning a custom directory for installation. During installation, the Collector installer automatically creates the needed Collector directories in the default location. If you want to specify a different location than the default top level directory, create your own top level directory before you start the installer, and then select it during the installation process.

February 28, 2015 (i19.110)

Change log | When collecting Windows Events, if event record IDs were greater than four billion, the Collector could hang on a record ID, causing it to re-collect that record in a loop, causing ingestion delays of more recent events.This issue was due to a 32bit limitation that affected 64bit Collectors. This version of Collector software addresses this limitation, so events with record numbers greater than four billion are properly collected.

New feature | UTF-16 encoding is now supported for Local File Sources.

February 4, 2015 (i19.108)

New Feature | Support for Local Configuration Management. With Local Configuration Management, you can set up and manage all Sources that you’ve set up on a Local Collector using a file that describes each Source’s parameters. The config file then remains on the Collector, and is checked nearly constantly for any changes, making updating Sources a quick process.

New Feature | Support for CPU usage Target.You can now choose to set a CPU Target to limit the amount of CPU processing a Collector uses. This option is applied only to for Local and Remote file Sources.