EA Collector 36.100

In addition to Kafka, LogicMonitor Data Publisher service now also supports the HTTPS client to send metric data over any HTTPS defined endpoint. LogicMonitor Data Publisher is an integrated service that extracts and sends real-time datasource metrics to a third party destination. Currently, to explore this feature you must participate in the Beta program. To do so, contact your LogicMonitor CSM.

The following metrics data payload improvements are done.

• Updated the Scope field with the DataSource name instead of the DataSource Instance name.
• Added DataSource Instance name to the metrics section in the OTPL format payload.
• Added DataSource Instance WildValue and WildName to the metrics section.
• Updated the Kafka data key to have “$” separated DataSource and Instance name as key.

LogicMonitor now supports BatchScript data collection method to collect data for ConfigSources. The BatchScript data collection method collects configuration data for multiple instances at the same time (instead of collecting data per instance).

When you upgrade Linux docker containers to EA Collector 36.100 or a later version, the Linux docker containers which are currently operating under root account user are automatically migrated to non-root account user.

To ingest the SNMP v1 and v2c traps as LM Logs without the community string validation, a new property lmlogs.snmptrap.community.based.auth.enabled is added to the agent.conf settings. By default, it is set to true. To skip community string validation, you can set it to false.

For both the monitored and unmonitored devices, the LM Log users can now define a list of community strings (for SNMP v1 and v2c traps) or credentials (for SNMP v3 traps) on a collector device to validate the incoming traps. This helps users who do not know the community string or credentials of their devices.

Removed the ability to set ssl.enable=false in the agent.conf settings. With this update, the connection between collector and LogicMonitor platform will always be encrypted via SSL.

To strengthen the security of LogicMonitor and customer data, LogicMonitor has implemented new access control measures. As a result, only the users with Admin privileges and users within the domain where the collector is installed can modify or run the agent-jar and encryptCredential.bat files.

When installing Windows collector in silent mode, LogicMonitor has removed the Npcap setup from the collector installer.

LogicMonitor has renamed the debug command !testwinrmconfig to !winrm. The command now accepts all parameters to debug the issue. You can run !winrm for any query to get the output. When !winrm is run successfully, it prints the output of the query.

Currently, for WMI and Kubernetes LogSource (Kubernetes pods and Kubernetes event logging), the regex method returns a complete match of regex instead of returning only the group match. To overcome this gap, LogicMonitor now supports dynamic group regex for Windows event LogSource and Kubernetes LogSource. Users can now capture a specific regex group using a key:value pair. For example, key1:abc and key2:xyz.

Fixed an issue related to corrupt script cache file. As a result of the fix, we can now quickly recover the corrupt file.

Fixed an issue where Windows Groovy4 collector faced some error when using JSON Slurper. To fix the issue, a new classloader configuration property groovy.v4.classloader.enable is added to the agent.conf settings. By default, it is set to true.

Fixed an issue where collector was unable to correctly parse the syslog events that have the date time format such as Jun 21 2024 11:28:14.522 EST.

Fixed a security issue related to ConnectivityTester.

Fixed a security issue related to collector logs and PollNow data.

Fixed a security issue related to the debug command.

Fixed a security issue related to the use of ‘@‘ here string in PowerShell script.

Upgraded version of the following files due to minor security updates.