EA Collector 37.300
Last updated on 24 April, 2025LogicMonitor EA Collector 37.300 is released on April 24, 2025. It is based on the EA Collector 37.200 and includes the following additional updates.
Enhancements to Windows LogSource to Manage Log Ingestion and Filtering
LogicMonitor has now introduced the following multiple key enhancements to Windows LogSource to give you flexibility to manage log ingestion and filtering:
- On the Windows LogSource page, you can now choose timeWritten or timeGenerated as log timestamp using the Use timeWritten instead of timeGenerated as log timestamp switch.
- Switch Disabled (default and existing behavior)—The system derives the log timestamp for ingested WMI events using the timeGenerated field.
- Switch Enabled—The system derives the log timestamp for ingested WMI events using the timeWritten field. The original timeGenerated value is preserved in the
_winEvent.timeGeneratedlog metadata field in the yyyy-MM-dd HH:mm:ss z format. For example, 2025-02-13 21:20:00 IST.
- Addition of a single Filters section where you can specify filter along with type Exclude or Include. This replaces the previously introduced separate Exclude and Include sections.
- Support for the
ORoperator for filters using the Use OR instead of AND switch. When this switch is turned on, user you can drag and drop filter to specify the filter priority. Filters are evaluated in the order specified by the you. If an event qualifies any filter, the system takes the corresponding action based on the filter type that is Exclude (drop) or Include (ingest). - Fallback behaviour when the
ORoperator is selected for filter and you specify the following:- Only exclude filters and none of them are qualified, the event is included (ingested).
- Only include filters and none of them are qualified, the event is excluded (dropped).
- A combination of include and exclude filters and none of them are qualified, the event is included (ingested).
Note: When you disable the Use OR instead of AND switch, the system allows you to provide either Include or Exclude filters, but not both.
- Addition of new filter operators to the following attributes:
- Level—
NotEqualandNotMoreUrgentThan - LogName—
NotEqualandNotIn - EventId—
NotEqualandRegexMatch
- Level—
Support for OR Operator to Evaluate Filters in Syslog LogSource
Syslog LogSource now supports the Use OR instead of AND switch to filter log events using the OR operator. When you toggle the Use OR instead of AND switch, the specified filters are evaluated using the OR operator. If an event matches at least one filter, the system ingests it.
Support to run Windows_NonAdmin_Config.ps1 script in Domain Setup with Local User
LogicMonitor Collector now supports to run the Windows_NonAdmin_Config.ps1 script in domain setup with local user. This is a new addition to the existing support for running the script in domain setup with domain user and non-domain setup with local user. You can also roll back the changes using the existing rollbackToAdmin.ps1 script.
Support for NTLMv2 as the Default Protocol to Authenticate Remote WMI Hosts
NTLMv2 will be the default protocol to authenticate remote WMI hosts starting from EA Collector 37.300 or later. It replaces NTLMv1, the previous default protocol. For backward compatibility, NTLMv1 is still supported; however, LogicMonitor does not recommend NTLMv1.
Syslog and SNMP Trap LogSource Name Added When Logs are Processed through Agent.conf Flow
When the system ingests SNMP trap and Syslog events as LM Logs through LogSource, the ingested log has the _lm.logsource_name field populated with the name of the LogSource.
However when SNMP trap and Syslog events are ingested as LM Logs through agent.conf where lmlogs.snmptrap.enabled and lmlogs.syslog.enabled are set to true, the ingested logs have _lm.logsource_name field empty. As a result, it cannot be added to queries or filters and displayed a blank entry in the result of aggregate queries that included the _lm.logsource_name field. To bridge this gap, the ingested logs now have the _lm.logsource_name field populated with default.syslog_collector_logsourcefor Syslog and default.trap_collector_logsource for SNMP trap.
Upgraded version of the following files for minor security updates.
| File Component Name | Path | Current Version | Upgraded Version |
guava | LogicMonitor/Agent/lib/synthetics-monitoring-all-in-one.jar -> META-INF/maven/com.google.guava/guava | 31.0.1 | 33.4.0 |
json-smart | LogicMonitor/Agent/lib/synthetics-monitoring-all-in-one.jar -> META-INF/maven/net.minidev/json-smart | 2.4.7 | 2.5.2 |
ssleay | LogicMonitor\Agent\bin\ssleay32.dll | 1.1.0.d | libssl 3.0.12 |
jboss | LogicMonitor/Agent/lib/jboss-remoting-5.0.17.Final.jar | 5.0.17.Final | 5.0.30.Final |
groovy-all | LogicMonitor/Agent/lib/lib-groovy/v2/groovy-all-2.4.15.jar | 2.4.15 | 2.4.21 |
netty-common | LogicMonitor/Agent/lib/netty-common-4.1.109.Final.jar | 4.1.109.Final | 4.1.118.Final |
commons-io | LogicMonitor/Agent/lib/synthetics-monitoring-all-in-one.jar -> META-INF/maven/commons-io/commons-io | 2.11.0 | 2.14.0 |
jsoup | LogicMonitor/Agent/lib/synthetics-monitoring-all-in-one.jar -> META-INF/maven/org.jsoup/jsoup | 1.14.3 | 1.15.3 |
netty-common | LogicMonitor/Agent/lib/synthetics-monitoring-all-in-one.jar -> META-INF/maven/io.netty/netty-common | 4.1.68.Final | 4.1.118.Final |
netty-handler | LogicMonitor/Agent/lib/synthetics-monitoring-all-in-one.jar -> META-INF/maven/io.netty/netty-handler | 4.1.68.Final | 4.1.118.Final |
Fixed an issue where port 162, the default UDP port for SNMP traps, was occupied by a process other than LogicMonitor Collector that led to data collection failure.
Fixed an issue where if you run the Windows_NonAdmin_Config.ps1 script multiple times, the SDDL string made of user SIDs got appended multiple times to the parent SDDL of SCManager and all the Win32_Services.