Collector Release Notes Timeline

GD Collector 33.001

LogicMonitor GD Collector 33.001 is released on November 23, 2022. GD Collector 33.001 is a patch to the previously released GD Collector 33.000 and includes the following additional fixes:

Fixed Issues

• After upgrading to GD Collector 33.000, core LogicMonitor or custom-created modules that do not properly close Oracle connections accumulate inactive sessions that can affect Oracle database performance and availability. To handle this issue, update core LogicModules to the most recent version (as of November 10, 2022) and audit any custom modules creating Oracle connections. As a precautionary step to mitigate the risk of performance and availability impact on production Oracle environments, we have temporarily rolled back the jar from version 21.5.0.0 to 11.2.0.3.0.
• Upgraded Apache ivy to version 2.5.1, netty-common to version netty-common-4.1.79.Final jar, and aws-java-sdk-s3 to version aws-java-sdk-s3-1.12.264 jar for various minor security updates.
• Fixed an issue where Active Discovery scripts behaved differently and failed to collect data when evaluating an undefined property (for example, host property does not exist). To fix the issue, we introduced HostProps as an environment variable. Active Discovery scripts can now collect data even if property does not exist.
• Fixed an issue where the WMI password in plaintext format was displayed in a text file in collector machine when Windows collector executed PowerShell script for active discovery. We immediately fixed this issue and the WMI password is no longer displayed as plaintext.

EA Collector 33.100

LogicMonitor EA Collector 33.100 is released on November 15, 2022 and includes the following updates.

Enhancements

• Upgraded aws-java-sdk-s3 jar to version aws-java-sdk-s3-1.12.264.
• Upgraded hsqldb jar to version 2.7.1.
• Upgraded netty-common-4.1.63.Final jar to version netty-common-4.1.79.Final.
• Upgraded jsoup to version 1.15.3.
• Added LogSource logging support in Collector for logsource.kubernetes and logsource.collectoringestapi components. You can access them on the Manage Collector Logs page on the UI.
• Added property enable.netflow.parallel.execution to considerably reduce the Netflow packet drop issue. By default, the property is set as true. With this enhancement, you can observe negligible packet drops.
• Forwarding Windows event logs to LogicMonitor logs is now supported only through LogSources. We no longer support log forwarding through lmlogs.windowseventlogs.enabled property in agent.conf and lmlogs.winevents.enable (custom) property in the monitored device.
• Prior to this release users had to add the include filter to get the information level logs. To help users, we now support information level logs by default for WMI logsource.
• Added the following counters to Collector DataSource LogicMonitor_Collector_LMLogs for log collection performance monitoring. This will help clarify the present count during device usage and post consumption after increasing the value of these parameters:
  • lmlogs.thread.count.for.ingest.api.communication
  • eventcollector.wineventlog.threadpool
  • eventcollector.wineventlog.max.eventitem
  • eventcollector.syslog.threadpool
  • eventcollector.syslog.queue
• The value of logcollector.wineventlog.max.eventitem  was by default set to 500 for all collector sizes. We have now updated it to suit collectors of all supported sizes.

Fixed Issues

• Fixed an issue where while processing the Syslog message sent to Collector, the initial string were getting trimmed and as a result, the regexnotmatch filter did not work as expected for Syslog LogSources.
• Fixed an issue where Collector read the entire log file multiple times and as a result created duplicate alerts.
• Fixed an issue where Active Discovery scripts behaved differently and failed to collect data when evaluating an undefined property (for example, host property does not exist). To fix the issue, we introduced HostProps as an environment variable. Now, Active Discovery scripts can collect data even if a property does not exist.
• Fixed an issue where internal webcheck failed to follow redirect for http code 308.
• Fixed an issue where some of the Windows event logs were missing on the LogicMonitor Logs page when LogSources were used for collection.
• Fixed an issue where the remote session did not stop from collector-side. To fix this issue we added remotesession.timeout.seconds property to agent.conf. Its value defaults to 600 seconds and supports minimum 300 seconds. However, we recommend that you set it to less than or equal to 1800 seconds.
• Fixed an issue where using the regex method for resource mapping in LogSource, while performing the regex operation on the Message field of the Syslog event, the messages were trimmed and partial value was sent. As a result, the regex operation was applied only to the partial match. To fix the issue, we now perform the regex operation on the rawMessage field of the Syslog event which ensures that the entire event is sent without trimming.
• Fixed an issue where WMI password in plain text was exposed in the Event viewer during Poll Now. We have masked the password to strengthen its security.

Known Issue

• You might observe that during WMI log collection some logs are missing/duplicate around the time when collector restarts, and hence, on the Logs page the total logs count does not match when compared with the expected logs generated from devices.

GD Collector 33.000

LogicMonitor GD Collector 33.000 is released on November 10, 2022. EA Collector 32.400 has been designated as GD Collector 33.000 and includes the following additional updates:

Enhancement

• Upgraded hsqldb jar to version 2.7.1 to mitigate CVE-2022-41853 vulnerabilities.

Fix

• Fixed an issue where wmi password in plain text was exposed in the Event viewer during Poll Now. We have masked the password to strengthen its security.

GD Collector 32.004

LogicMonitor GD Collector 32.004 is released on November 01, 2022. GD Collector 32.004 is a patch to the previously released GD Collector 32.003. This patch release mitigates the following high severity issue.

Fix

• Fixed an issue where wmi password in plain text was exposed in the Event viewer during Poll Now. We have masked the password to strengthen its security.

EA Collector 32.400

LogicMonitor EA Collector 32.400 is released on September 22, 2022 and includes the following updates.

Enhancements

• Upgraded Corretto JRE version to 11.0.16.8.1 to mitigate Xalan (XSLT) parsing vulnerability CVE-2022-34169.
• To resolve the delay in log ingestion, we removed the synchronisation added to send logs to ingest API. We also verified that the existing flow of logs is working.
• If the updateToNonRoot.sh script fails to migrate Linux Collector from root to non-root, or if there are any issues after migration, customers can now run the revertToRootUser.sh script to roll back migration. The script is available in the agent/bin folder.
• As most of the customers do not use jt400-full-6.0.jar (IBM iSeries/AS400 JAR) in core LogicMonitor DataSources to monitor IBM I series databases, we have removed support for this file.
• Since mail.jar is rarely used in Collector, we removed it from Collector codebase. We replaced it with jakarta.mail-2.0.1.jar.
• The Synthetics Selenium collection will now retry all commands rather than a specific subset, so that customer tests will be more resilient to failures due to minor timing discrepancies. Also, instead of maintaining multiple jars of the Synthetic library, we have now consolidated them in an all-in-one jar in the synthetics-monitoring-all-in-one:1.0.0-RC2.
• Improved the Enhanced Script NetScan feature by enabling NetScan to assign a single device to multiple resource groups.
• Collectors can receive SNMP traps, but they can only use one SNMP community string (V1 and V2C) or a set of credentials (V3) to decrypt the traps. This does not work if users have multiple systems sending traps with different community strings to the same Collector. To bridge this gap, users can now override eventcollector.snmptrap.* by setting that as a host property on the device. Collector will first check for the host property before checking agent.conf when decrypting a trap. If it is not specified in the host property, then it falls back on agent.conf eventcollector.snmptrap.*
• We added LM Log: Script type to LogSources. Using Groovy script you can now collect logs from scripts/APIs and send them to LogicMonitor. There is no need to separately create datasources to send logs from scripts to LogicMonitor. Instead, you can directly use Script LogSource for the same.
• It was reported that MBeans are not queried successfully because Collector does not support the first level attributes that contain dots, for example, jira-software.max.user.count. Collector treated it as composite attribute and split it based on the dots. To instruct Collector not to split the attribute, we added a backslash ( \ ) before a dot (.) such as jira-software\.max\.user\.count

Fixes

• It was reported that the currently used PostgreSQL JDBC jar version 42.3.2 is vulnerable to CVE-2022-31197. We therefore upgraded PostgreSQL JDBC jar to version 42.4.1.
• Fixed an issue where redundant data was concatenated during polling using Windows and Linux Collector for OpenMetrics. 

GD Collector 32.003

LogicMonitor GD Collector 32.003 is released on September 20, 2022. GD Collector 32.003 is a patch to the previously released GD Collector 32.002. This patch release mitigates the following high severity issue.

Fix

• After upgrading Collector from EA Collector 29.106 (or prior version) to MGD Collector 31.004, when you upgrade it to GD Collector 32.002, the upgrade fails with a null pointer exception. We have applied a fix to resolve this issue.

MGD Collector 31.004

LogicMonitor MGD Collector 31.004 is released on August 30, 2022. It is based on the previously released GD Collector 31.004, and includes the following updates:

Enhancement

• Upgraded log4j to version 2.17.1 to mitigate the log4j vulnerabilities. See Log4j Security Vulnerabilities.

Fixes

• To mitigate the Fastjson “Auto Type Bypass” CVE-2022-25845 RCE vulnerability, we have upgraded Fastjson to version 1.2.83.
• Issues were reported for batch script data collection due to multiple or no periods in the formation of instance name and datapoint name. For example, in the datasource the key value pair has multiple periods – keyvalue(##WILDVALUE##.storage.totalsize.filesystem) and therefore it failed.
  We have fixed this issue. A datapoint now will not fail even if it has multiple periods or no periods.
• An error was reported when installing Collector in the Kubernetes environment with proxy configuration. The installation failed due to a syntactical error.
  We have successfully fixed this issue. You can now install Collector in the Kubernetes environment.

GD Collector 32.002

LogicMonitor GD Collector 32.002 is released on August 29, 2022. GD Collector 32.002 is a patch to the previously released GD Collector 32.001. This patch release mitigates the following high severity issues.

Enhancements

• We have identified a security vulnerability in the JDBC Jar file for postgres. As per Veracode SCA scan report, the currently used Postgresql version 42.3.2 is vulnerable to CVE-2022-31197. It is therefore mandatory to upgrade to Postgresql version 42.4.1.

Fixes

• It was reported that it takes more time to upgrade Collector version from MGD Collector 30.002 to GD Collector 31.002. When it crosses more than 3 minutes, a false event is generated which leads to Collector down alert. Although the issue was fixed in EA Collector 32.100, we have again provided a patch to it in this current release.

EA Collector 32.300

LogicMonitor EA Collector 32.300 is released on August 9, 2022 and includes the following updates.

Enhancements

• Improved Advance NetScan by adding a new Enhanced Script NetScan method. It inherits all the features of the existing Script NetScan and includes other new features:
  • Ability to filter resources based on properties for Script NetScan.
  • Resource-level properties are used as filters to determine which resource should be discovered. These properties are analysed during NetScan.
  • Auto create Resource group for Script NetScan. The group name is optional. If the group is not available, the device is assigned to the default group.
  • Users can mention any group name. If it does not exist, the group is created and the device is added to the newly created group.
• As part of the new Enhanced Script NetScan, we have added an ability to assign devices from a single Script NetScan to different Collectors. 
  • The Script output will be a JSONArray containing multiple JSONObjects. Each JSONObject will correspond to one host. 
  • The device credentials can be inherited from a device group, device, or use custom credentials for the scan.
• Upgraded fastjson to version 1.2.83 to mitigate CVE-2022-25845 vulnerability.
• Collector was unable to start services as CentOS Stream R9 did not have the /etc/init.d directory. We have now made changes to support systemd/system as the default Daemon directory to support the CentOS Stream versions.

Looking Ahead

• As most of the customers do not use jt400-full-6.0.jar (a jdbc driver used in Collector) in standard LogicMonitor mod datasources to monitor IBM I series databases, with the upcoming LogicMonitor EA Collector 32.400, we will discontinue support for this jar. We recommend that customers who have custom datasources should check if they are monitoring any IBM I series database and the occurrence of this jar in their datasource scripts. See Adding Groovy Libraries.
• MGD Collector 31.004 which is based on GD Collector 31.004 will be released on August 30, 2022. It will be forced upgraded on September 29, 2022.

GD Collector 32.001

The GD Collector 32.001 is based on the previously released GD Collector 32.000.

LogicMonitor GD Collector 32.001 was released on June 29, 2022 and includes the following changes.

Enhancements

• LogicMonitor Collector now monitors and identifies changes in the jar files shipped during the Collector installation. Changes are highlighted on the Collector status page.

• Upgraded Amazon Java Corretto to version 11.0.14.10.1.

• On the Logs page, you can now view values in the “Level” column as text and not as numbers:

• To scale Netflow collection and support more devices, the following improvements were made to Netflow configurations:

In addition, the following Netflow configurations were added:

Bug Fixes

• To mitigate the Fastjson “Auto Type Bypass” CVE-2022-25845 RCE vulnerability, we have upgraded Fastjson to version 1.2.83.
• Fixed an issue for Thycotic vault where a slash in credentials (e.g., abc\efg) was displayed as double slash (e.g., abc\\efg) in Collector.
• Fixed an issue where the Collector stopped collecting data from a webpage and displayed a task timeout error when it was redirected from a website/web server to another website that had an extra forward slash ( / ) at the end of the URL. To fix the issue, the webpage.normalize.uri property was added to the agent.conf file and set the value to “true”. This allows customers to manually normalize the redirected URL.
• Fixed a security issue that occurred when the ##WMI.PASS## property used with a single quote ( ‘ ) in the Powershell script exposed the WMI password in the script file.
• Fixed an issue that led to instance grouping failure when the Regular Expression group method was used for empty strings.
• Fixed an issue where the JDBC driver did not load properly. To fix the issue, the following properties were added to the JDBC data collection settings in the agent.conf file:
  • forced.register.jdbc.drivers.enable = true
  • forced.register.jdbc.drivers.list = Name of the drivers. For example, com.sybase.jdbc4.jdbc.SybDriver
• Fixed an issue where modules that relied on ScriptCache to store relatively large payloads failed on the latest EA Collector 31.100. To fix the issue, in the agent.conf file you must set value of the property collector.script.cache.isPersistence to “false” to enable “in-memory” implementation of script cache. To avoid this issue in EA Collector 31.200, the collector.script.cache.isPersistence property is set to “false” by default.
• To resolve scalability and performance issues identified with SSE, we have temporarily disabled SSE starting with EA Collector 31.200. For all new Collector installations in EA 31.200 for Windows and Linux (bootstrap and full-package) the default configuration groovy.script.runner has been set to “agent”.
• Fixed an issue with Windows EventSource alert suppression. Alerts are now suppressed based on the event id.
• Fixed an issue where for Windows Collector the log file EventSources sometimes failed to alert on the last lines. To fix this issue, the eventcollector.logfile.autoAppendEndOfFile property was added to the agent.conf file and its value is set to “false” by default. You can manually set it to “true” to auto append carriage return to consider the last line.