3.11.0

In version 3.12, we will remove support for TLS < 1.2 in Rsyslog. Please inspect your log sources that are using TLS and make sure they are using TLS >= 1.2 - otherwise they will stop working after an update to Logmanager version 3.12 once it’s released.

• Logmanager can be now ran as a virtual machine in VMWare ESXi and Microsoft Hyper-V

• added full-screen toggle button to the Blockly window

• in system/software page, when a newer version of Logmanager is available, added a link to release notes of the newer version next to the version string

• added support for Sysmon which includes custom-made Sysmon XML config, dedicated dashboard and alerts. Refer to: Sysmon for more info.

• SSL/TLS certificates for web server are now applied to the Alternative API Port as well

• Certificate setup from Logmanager is synchronized to Logmanager Forwarder every 15 minutes. This allows users to enable server certificate validation for the Windows agent even if it ships logs via Forwarder as middleman.

Needs Logmanager >= 3.11.0

• The VMware component has been rewritten to Go. Due to persistent issues with Python VMware API library as well as VMware API itself, we decided to switch to Go version of the same library. While VMware API is still buggy, a switch to Go enabled us to workaround them. This change is bringing more stability and performance.

• New version of VMware parser

• New version of VMware dashboards

• New VMware dashboard -> VMware-virtual-machines

• VMware versions starting with 8 are now supported

We had to introduce a change to VMware events structure. We preserved all fields that were part of the Logmanager standard but some fields had to be renamed and alerts using those renamed fields will not work. Below is a list of old field names mapped to new field names.

• msg.event_class -> msg.event
• msg.from -> msg.old_value
• msg.to -> msg.new_value
• msg.object_name -> msg.objectname
• msg.command -> msg.msg
• msg.entity -> msg.vm

Below is also a list of fields that do not exist in new VMware component or we decided not to parse them. As we cannot generate every possible event in VMware there might be more fields which do not exist/are not parsed in this version of component. Please contact support if you will need to parse some field important to you.

• msg.user_agent
• msg.session_id
• msg.locale
• msg.chain_id
• msg.key
• msg.session_id
• msg.compute_resource
• msg.object_id
• msg.scheduled_task
• msg.info

• Updated Filebeat and Winlogbeat to 8.10.2 (https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.10.2.html)
• Dropped support for Windows 7 and Windows Server 2008
• Added alternative api port functionality: Alternative API Port
• Added support for GPO installation with parameters: Installation with parameters
• Added ping command to Orchestrator for easier network debugging: Test connection with LM

Due to recent changes in Beats agents (https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.9.0.html#_added_10) ALL hostnames coming from either Filebeat or Winlogbeat will now be in lowercase. If you are using UPPERCASE hostnames (⚠️ valid only for Filebeat and Winlogbeat events) in Logmanager (alerts/classifications/parsers/dashboards/source tracking) make sure to change it to lowercase.

In this release we are introducing an automatic migrator software for old and obsolete WES agents.

Automatic Migration

• Index management optimization, improved responsiveness of the page “Database status”
• Set Internet facing proxy is honored for system updates as well
• Fixed false positive alert of RAID controller battery status