Graylog Changelog

Please note this changelog is for the core Open Graylog application. For the Graylog Enterprise changelog, please see the following article.

Graylog 6.1.2

Released: 2024-11-06

Added

  • Automatically trim newline characters for Fortigate messages received through syslog inputs. graylog2-server#20788

Fixed

Graylog 6.1.1

Released: 2024-10-23

No changes in Graylog Open for 6.1.1.

Graylog 6.1.0

Released: 2024-10-21

Added

Changed

Removed

Fixed

Graylog 6.0.8

Released: 2024-11-06

Added

  • Automatically trim newline characters for Fortigate messages received through syslog inputs. graylog2-server#20788

Fixed

Graylog 6.0.7

Released: 2024-10-02

Fixed

Graylog 6.0.6

Released: 2024-09-04

Added

Fixed

Graylog 6.0.5

Released: 2024-08-07

Added

Changed

Fixed

Graylog 6.0.4

Released: 2024-07-03

Fixed

Graylog 6.0.3

Released: 2024-06-05

Fixed

Graylog 6.0.2

Released: 2024-05-22

Fixed

Graylog 6.0.1

Released: 2024-05-13

Added

Fixed

Graylog 6.0.0

Released: 2024-04-17

Added

Changed

Removed

Fixed

Security

Graylog 5.2.11

Released: 2024-09-04

Added

Fixed

Graylog 5.2.10

Released: 2024-08-07

Changed

Fixed

Graylog 5.2.9

Released: 2024-07-03

Fixed

Graylog 5.2.8

Released: 2024-06-05

Added

Fixed

Graylog 5.2.7

Released: 2024-04-30

Fixed

Graylog 5.2.6

Released: 2024-04-03

Fixed

Graylog 5.2.5

Released: 2024-03-06

Changed

Fixed

Graylog 5.2.4

Released: 2024-02-07

Added

Changed

Fixed

Security

Graylog 5.2.3

Released: 2024-01-03

Changed

  • Changed content packs handling to allow import/export of entities that reference streams by title. graylog2-server#16743

Removed

Fixed

Graylog 5.2.2

Released: 2023-12-06

Added

Changed

Fixed

Graylog 5.2.1

Released: 2023-11-15

Added

Changed

Fixed

Graylog 5.2.0

Released: 2023-11-01

Added

Changed

Deprecated

Removed

Fixed

Security

Graylog 5.1.13

Released: 2024-04-03

No changes since 5.1.12.

Graylog 5.1.12

Released: 2024-03-06

Fixed

Graylog 5.1.11

Released: 2024-02-07

Changed

Fixed

Security

Graylog 5.1.10

Released: 2024-01-03

Added

Fixed

Graylog 5.1.9

Released: 2023-12-06

Added

Fixed

Graylog 5.1.8

Released: 2023-11-01

Fixed

Graylog 5.1.7

Released: 2023-10-12

Security

Graylog 5.1.6

Released: 2023-10-04

Added

Fixed

Graylog 5.1.5

Released: 2023-08-02

Fixed

Graylog 5.1.4

Released: 2023-08-02

Added

Fixed

Security

  • Changed the minimum allowed Anomaly Detector interval to 10 minutes.

  • Fixes race condition in range calculation when restoring small indices.

  • Fixed handling of backslashes in Sigma rule queries that caused OpenSearch errors.

  • Fix unknown email_attributes error when using AD team sync; honor user-configured LDAP attribute names. graylog2-server#15652

Graylog 5.1.3

Released: 2023-07-05

Added

Fixed

Security

Graylog 5.1.2

Released: 2023-06-07

Fixed

Graylog 5.1.1

Released: 2023-05-25

Added

Fixed

Graylog 5.1.0

Released: 2023-05-11

Added

Changed

Removed

Fixed

Security

Graylog 5.0.13

Released: 2023-10-12

Security

Graylog 5.0.12

Released: 2023-10-04

Added

Fixed

  • Indexer cluster checker thread start is delayed by 5s to avoid potential deadlock. graylog2-server#16481

  • Fix description for the scenario that one term or value has multiple matching highlighting rules. graylog2-server#16668

Graylog 5.0.11

Released: 2023-09-06

Fixed

Graylog 5.0.10

Released: 2023-08-02

Fixed

Security

  • Changed the minimum allowed Anomaly Detector interval to 10 minutes.

  • Fixed handling of backslashes in Sigma rule queries that caused OpenSearch errors.

Graylog 5.0.9

Released: 2023-07-05

Added

Fixed

Security

Graylog 5.0.8

Released: 2023-06-07

Fixed

Graylog 5.0.7

Released: 2023-05-03

Fixed

Security

Graylog 5.0.6

Released: 2023-04-05

Added

Changed

Fixed

Graylog 5.0.5

Released: 2023-03-06

Fixed

Graylog 5.0.4

Released: 2023-03-01

Fixed

Security

Graylog 5.0.3

Released: 2023-02-01

Fixed

Graylog 5.0.2

Released: 2023-01-04

Changed

  • Start JSON path value from HTTP API input on leader node only if Global option was selected in input configuration. graylog2-server#14074

Fixed

Security

Graylog 5.0.1

Released: 2022-12-14

Fixed

Graylog 5.0.0

Released: 2022-12-07

Added

Changed

Removed

Fixed

Security Fixes

Graylog 4.3.15

Released: 2023-05-03

Fixed

Graylog 4.3.14

Released: 2023-04-05

Changed

Fixed

Graylog 4.3.13

Released: 2023-03-01

Fixed

Graylog 4.3.12

Released: 2023-02-01

Fixed

Graylog 4.3.11

Released: 2023-01-04

Changed

  • Start JSON path value from HTTP API input on leader node only if Global option was selected in input configuration. graylog2-server#14074

Fixed

Security

Graylog 4.3.10

Released: 2022-12-14

Changed

Fixed

Graylog 4.3.9

Released: 2022-11-02

Added

Changed

Fixed

Security

  • Fix potential disclosure of field values from other streams in query field value suggestions. graylog2-server#13817

  • Update underscore package dependency of the API browser UI to 1.13.6. graylog2-server#13668

Graylog 4.3.8

Released: 2022-10-05

Changed

  • Change the default value for the elasticsearch_index_optimization_jobs config option to 10 to resolve an issue where index optimization could block message ingestion. graylog2-server#12025 graylog2-server#13521

Fixed

Graylog 4.3.7

Released: 2022-09-16

Changed

Fixed

Security

  • Update jQuery version used in the API browser to 3.6.1 to fix security vulnerabilities. (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-7656) graylog2-server#13435

Graylog 4.3.6

Released: 2022-09-07

Added

Fixed

Graylog 4.3.5

Released: 2022-08-09

Added

Graylog 4.3.4

Released: 2022-08-03

Added

Changed

Fixed

Security

  • Add X-Frame-Options header to fix a potential clickjacking issue when the frontend is embedded into other pages with an iframe. graylog2-server#13160

Graylog 4.3.3

Released: 2022-07-06

Added

Fixed

Graylog 4.3.2

Released: 2022-06-15

Added

Removed

Fixed

Graylog 4.3.1

Released: 2022-06-01

Fixed

Graylog 4.3.0

Released: 2022-05-25

Added

Changed

Removed

Fixed

Graylog 4.2.12

Released: 2022-08-09

Core

Added

Graylog 4.2.11

Released: 2022-07-06

No changes since 4.2.10.

Graylog 4.2.10

Released: 2022-06-15

Core

Removed

Graylog 4.2.9

Released: 2022-05-04

Core

Fixed

Graylog 4.2.8

Released: 2022-04-12

Core

Added

Changed

  • Convert built-in sidecar user to service account.

Fixed

Security

Graylog 4.2.7

Released: 2022-03-02

Core

Fixed

Graylog 4.2.6

Released: 2022-02-02

Core

Security

Integrations Plugin

No changes since 4.2.5

Graylog 4.2.5

Released: 2022-01-05

Core

Integrations Plugin

Graylog 4.2.4

Released: 2021-12-16

Core

Security

Integrations Plugin

No changes since 4.2.3.

Graylog 4.2.3

Released: 2021-12-10

Core

Fixed

Security

Integrations Plugin

No changes since 4.2.2.

Graylog 4.2.2

Released: 2021-12-01

Core

Added

Fixed

Integrations Plugin

Added

Graylog 4.2.1

Released: 2021-11-03

Core

Fixed

Integrations Plugin

Added

Fixed

Graylog 4.2.0

Released: 2021-10-13

Search

  • Keyword From/To search breaking change to prior semantics: alignment of the interval for e.g. "last monday" to the start/end of the day instead of a time in the day. Also, the interval ends the next day at 00:00:00. https://graylog2/graylog2-server#10291

Core

Added

Changed

Removed

  • Remove deprecated legacy view permissions extendedsearch:use and view:use.
  • Remove irrelevant forwarder client-side metrics from Prometheus exporter. Graylog2/graylog2-server#10964
  • Remove graceful node shutdown menu entry. The API endpoint still exists but is deprecated. Graylog2/graylog2-server#11129

Fixed

Graylog 4.1.14

Released: 2022-04-12

Core

Added

Changed

  • Convert built-in sidecar user to service account.

Fixed

Security

Graylog 4.1.13

Released: 2022-03-02

Core

Fixed

Graylog 4.1.12

Released: 2022-02-02

Core

Security

Integrations Plugin

No changes since 4.1.11

Graylog 4.1.11

Released: 2022-01-05

Core

Integrations Plugin

No changes since 4.1.10

Graylog 4.1.10

Released: 2021-12-16

Core

Security

Integrations Plugin

No changes since 4.1.9.

Graylog 4.1.9

Released: 2021-12-10

Core

Security

Integrations Plugin

No changes since 4.1.8.

Graylog 4.1.8

Released: 2021-12-01

Core

Added

Fixed

Graylog 4.1.7

Released: 2021-11-03

Core

Fixed

Integrations Plugin

Added

Fixed

Graylog 4.1.6

Released: 2021-10-06

Core

Fixed

Graylog 4.1.5

Released: 2021-09-13

Core

Fixed

Graylog 4.1.4

Released: 2021-09-01

Core

Fixed

Graylog 4.1.3

Released: 2021-08-04

Core

Fixed

Graylog 4.1.2

Released: 2021-07-28

Core

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Enterprise Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Fixed

Graylog 4.1.1

Released: 2021-07-07

Core

Fixed

Graylog 4.1.0

Released: 2021-06-23

Core

Added

Changed

Also see: 4.1 upgrade notes

Fixed

Integrations Plugin

Added

Graylog 4.0.17

Released: 2022-07-06

No changes since 4.0.16.

Graylog 4.0.16

Released: 2022-04-12

Core

Added

Changed

  • Convert built-in sidecar user to service account.

Security

Graylog 4.0.15

Released: 2021-12-16

Core

Security

Integrations Plugin

No changes since 4.0.14.

Graylog 4.0.14

Released: 2021-12-10

Core

Fixed

Security

Integrations Plugin

No changes since 4.0.13.

Graylog 4.0.13

Released: 2021-09-13

Core

Fixed

Graylog 4.0.12

Released: 2021-09-01

Core

Fixed

Graylog 4.0.11

Released: 2021-08-04

Core

Fixed

Graylog 4.0.10

Released: 2021-07-28

Core

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Enterprise Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog 4.0.9

Released: 2021-07-07

Core

Fixed

Graylog 4.0.8

Released: 2021-06-02

Core

Fixed

Integrations Plugin

Fixed

Graylog 4.0.7

Released: 2021-05-05

Core

Changed

Fixed

Graylog 4.0.6

Released: 2021-04-07

Core

Fixed

Graylog 4.0.5

Released: 2021-02-22

Core

Fixed

Graylog 4.0.4

Released: 2021-02-22

Core

Fixed

Integrations Plugin

Fixed

Graylog 4.0.3

Released: 2021-02-16

Core

Fixed

Integrations Plugin

Added

Graylog 4.0.2

Released: 2021-01-27

Core

Added

Fixed

Legacy Collector Plugin

Fixed

Threatintel Plugin

Changed

Graylog 4.0.1

Released: 2020-11-25

Core

Fixed

Integrations Plugin

Fixed

Threatintel Plugin

Fixed

Graylog 4.0.0

Released: 2020-11-18

Core

Added

Changed

Also see: 4.0 upgrade notes

Removed

Also see: 4.0 upgrade notes

Fixed

Integrations Plugin

Added

Graylog 3.3.17

Released: 2022-04-12

Core

Added

Changed

  • Convert built-in sidecar user to service account.

Security

Graylog 3.3.16

Released: 2021-12-16

Core

Security

Integrations Plugin

No changes since 3.3.15.

Graylog 3.3.15

Released: 2021-12-10

Core

Security

Integrations Plugin

No changes since 3.3.14.

Graylog 3.3.14

Released: 2021-07-28

Core

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Enterprise Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog 3.3.13

Released: 2021-05-05

No changes since 3.3.12.

Graylog 3.3.12

Released: 2021-04-14

Core

Fixed

Graylog 3.3.11

Released: 2021-02-16

Core

Fixed

Graylog 3.3.10

Released: 2021-01-27

Core

Added

Fixed

Graylog 3.3.9

Released: 2020-11-25

Core

Fixed

Graylog 3.3.8

Released: 2020-10-12

No changes since 3.3.7 (see Graylog Enterprise for changes there).

Graylog 3.3.7

Released: 2020-10-08

Core

Security

Fixed

Graylog 3.3.6

Released: 2020-09-28

Core

Security

  • Fixing a path traversal issue in the API Browser for non-standard installations. Graylog2/graylog2-server#8986Graylog2/graylog2-server#8988 Due to a check happening before pathname normalization, a directory traversal was possible in the REST resource that serves the API browser UI. If the Graylog server was started with non-standard JRE options (using an additional classpath setting), it could have been used to access files from this additional classpath directory without authentication. Many thanks to Florian Hauser and Christian Fünfhaus of Code White for disclosing this vulnerability.

Changed

Fixed

Legacy AWS Plugin

Added

Integrations Plugin

Added

Fixed

Graylog 3.3.5

Released: 2020-08-17

No changes since 3.3.3 (see Graylog Enterprise for changes there).

Graylog 3.3.4

Released: 2020-08-06

No changes since 3.3.3.

Graylog 3.3.3

Released: 2020-07-29

Core

Added

Security

  • [BREAKING]: Enable hostname validation for SSL/TLS-backed LDAP connections. Graylog2/graylog2-server#8625 Prior to v3.3.3, the certificates of LDAP servers which are connected to using a secure connection (SSL or TLS) were not validated, even if the “Allow self-signed certificates” option was unchecked. Starting with v3.3.3, certificates are validated against the local default keystore. This might introduce a breaking change, depending on your local LDAP settings and the validity of the certificates used (if any). Please ensure that all certificates used are valid, their common name matches the host part of your configured LDAP server and your local keystore contains all CA/intermediate certs required for validation.

See also: CVE-2020-15813

Changed

Fixed

Graylog 3.3.2

Released: 2020-06-24

Core

Changed

Fixed

Integrations Plugin

Added

Graylog 3.3.1

Released: 2020-06-10

Core

Fixed

Graylog 3.3.0

Released: 2020-05-20

Core

Added

Changed

Removed

Fixed

Security

  • Two XSS issues were discovered in the content packs module and the hyperlink string decorator by Juha Laaksonen, Cyber Security Specialist at Solita. A big thanks to Juha for alerting us about these issues. Graylog2/graylog2-server#8072Graylog2/graylog2-server#8104Graylog2/graylog2-server#8150
  • Mika Kulmala, Cyber Security Specialist at Solita, reported a leak of the AWS secret key in certain (authenticated) Graylog REST API calls. Graylog is no longer revealing the AWS secret key in REST API responses. A big thanks to Mika for alerting us about this issue. Graylog2/graylog-plugin-aws#361

Graylog 3.2.6

Released: 2020-06-10

Core

Fixed

Graylog 3.2.5

Released: 2020-05-19

Core

Added

Changed

Fixed

AWS Plugin (legacy)

Changed

Graylog 3.2.4

Released: 2020-03-19

Core

Changed

Fixed

Graylog 3.2.3

Released: 2020-03-11

Core

Added

Changed

Fixed

Graylog 3.2.2

Released: 2020-02-20

Core

Changed

Fixed

Integrations Plugin

Fixed

Graylog 3.2.1

Released: 2020-02-04

Core

Fixed

Graylog 3.2.0

Released: 2020-01-31

Core

Added

Changed

Removed

Fixed

Integrations Plugin

Added

  • Add IPFIX input plugin.

Graylog 3.1.4

Released: 2020-01-14

Core

Added

  • Add URL whitelist service to make sure that lookup data adapters and event notifications cannot use arbitrary URLs. Attention: The URL whitelist is enabled by default! On the first server startup after the upgrade, the URL whitelist service will automatically generate whitelist entries for existing lookup data adapters and event notifications. See URL whitelist documentation for details.

Changed

Fixed

Integrations Plugin

Added

Fixed

Graylog 3.1.3

Released: 2019-11-06

Core

Added

Changed

Fixed

Integrations Plugin

Fixed

Graylog 3.1.2

Released: 2019-09-12

Core

Fixed

Graylog 3.1.1

Released: 2019-09-04

Core

Fixed

Integrations Plugin

Added

  • Add a new AWS Kinesis/CloudWatch Input to Graylog, which guides the user through the setup process and performs checks along the way. It also supports an automated CloudWatch Logs to Kinesis Streams setup which helps to automate much of the complicated manual setup.

Graylog 3.1.0

Released: 2019-08-16

Views & Extended Search

  • This feature was partially (everything besides support for parameters in queries) open-sourced in this version. Formerly it was accessible only through the commercial enterprise plugin.
  • The API prefix for the views/extended search endpoints has changed from /api/plugins/org.graylog.plugins.enterprise/(views|search) to /api/views & /api/views/search.
  • The configuration file directive specifying the maximum age of an unreferenced search object before it is purged has changed from enterprise_search_maximum_search_age to views_maximum_search_age.

Core

Added

Changed

Removed

  • Remove “show documents” action for message widgets.
  • Remove old stream alerts system. (replaced by new alerts and events system, including automatic alerts migration)

Fixed

Graylog 3.0.2

Released: 2019-05-03

Integrations Plugin

Graylog 3.0.1

Released: 2019-04-01

Core

Integrations Plugin

Threatintel Plugin

Graylog 3.0.0

Released: 2019-02-14

A detailed changelog is following soon!

Graylog 2.5.2

Released: 2019-03-15

Core

Integrations Plugin

Graylog 2.5.1

Released: 2018-12-19

Core

AWS Plugin

Pipeline Processor Plugin

Graylog 2.5.0

Released: 2018-11-30

Core

Integrations Plugin

  • Add Palo Alto input

AWS Plugin

Pipeline Processor Plugin

Graylog 2.4.7

Released: 2019-03-01

Core

Graylog 2.4.6

Released: 2018-07-16

Core

Graylog 2.4.5

Released: 2018-05-28

Core

Graylog 2.4.4

Released: 2018-05-02

Core

ThreatIntel Plugin

AWS Plugin

Graylog 2.4.3

Released: 2018-01-24

https://www.graylog.org/blog/108-announcing-graylog-v2-4-3

Core

Graylog 2.4.2

Released: 2018-01-24

Core

Threatintel Plugin

Graylog 2.4.1

Released: 2018-01-19

https://www.graylog.org/blog/107-announcing-graylog-v2-4-1

Core

Pipeline Processor Plugin

AWS Plugin

Threatintel Plugin

Graylog 2.4.0

Released: 2017-12-22

https://www.graylog.org/blog/106-announcing-graylog-v2-4-0

No changes since 2.4.0-rc.2.

Graylog 2.4.0-rc.2

Released: 2017-12-20

Core

Graylog 2.4.0-rc.1

Released: 2017-12-19

https://www.graylog.org/blog/105-announcing-graylog-v2-4-0-rc-1

Core

Threatintel Plugin

Graylog 2.4.0-beta.4

Released: 2017-12-15

Core

Pipeline Processor Plugin

Threatintel Plugin

Anonymous Usage-Stats Plugin

  • The plugin got removed.

Graylog 2.4.0-beta.3

Released: 2017-12-04

Core

AWS Plugin

CEF Plugin

Threatintel Plugin

Graylog 2.4.0-beta.2

Released: 2017-11-07

https://www.graylog.org/blog/104-announcing-graylog-v2-4-0-beta-2

Core

Graylog 2.4.0-beta.1

Released: 2017-10-20

https://www.graylog.org/blog/103-announcing-graylog-v2-4-0-beta-1

Core

Map Widget plugin

Pipeline Processor plugin

Collector plugin

AWS plugin

CEF plugin

  • Improve CEF parser and add proper testing infrastructure.
  • Fix problems with Kafka and AMQP inputs.

NetFlow plugin

Threat Intelligence plugin

Graylog 2.3.2

Released: 2017-10-19

https://www.graylog.org/blog/102-announcing-graylog-v2-3-2

Core

Graylog 2.3.1

Released: 2017-08-25

https://www.graylog.org/blog/100-announcing-graylog-v2-3-1

Core

Pipeline Processor Plugin

Graylog 2.3.0

Released: 2017-07-26

https://www.graylog.org/blog/98-announcing-graylog-v2-3-0

Core

Beats Plugin

Collector Plugin

Map Widget Plugin

Pipeline Processor Plugin

Graylog 2.2.3

Released: 2017-04-04

https://www.graylog.org/blog/92-announcing-graylog-v2-2-3

Core

Pipeline Processor

Graylog 2.2.2

Released: 2017-03-03

https://www.graylog.org/blog/90-announcing-graylog-v2-2-2

Core

Graylog 2.2.1

Released: 2017-02-20

https://www.graylog.org/blog/89-announcing-graylog-v2-2-1

Core

Graylog 2.2.0

Released: 2017-02-14

https://www.graylog.org/blog/88-announcing-graylog-v2-2-0

Core

Beats plugin

  • Add support for Metricbeat
  • Extract “fields” for every type of beat

Pipeline processor plugin

Collector sidecar plugin

Graylog 2.1.3

Released: 2017-01-26

https://www.graylog.org/blog/84-announcing-graylog-2-1-3

Core

Beats plugin

Graylog 2.1.2

Released: 2016-11-04

https://www.graylog.org/blog/75-announcing-graylog-v2-1-2

Core

Beats plugin

Pipeline processor plugin

Graylog 2.1.1

Released: 2016-09-14

https://www.graylog.org/blog/69-announcing-graylog-v2-1-1

Core

Map plugin

Pipeline processor plugin

Graylog 2.1.0

Released: 2016-09-01

https://www.graylog.org/blog/68-announcing-graylog-v-2-1-0-ga

Core

Collector sidecar plugin

  • Return updated configuration after changing configuration name
  • Prevent crashes when failed to propagate state to the server
  • Improve compatibility with old API
  • Display collector IP address. Graylog2/graylog-plugin-collector#9
  • Ability to clone collector configuration. Graylog2/graylog-plugin-collector#10
  • NXLog GELF/TLS input should work without cert files. Graylog2/graylog-plugin-collector#13
  • Add tail_files option
  • Expand verbatim text area if value is present
  • Validation improvements
  • Add buffer option to NXLog outputs
  • Make defaults compatible with Windows hosts
  • Add support for Beats. Filebeat, Winlogbeat.
  • Beats binaries are bundled with the Collector-Sidecar package
  • Improve server side validation. Graylog2/graylog2-server#2247 and Graylog2/graylog-plugin-collector#7.
  • Add NXlog GELF TCP and TCP/TLS output
  • Add support to clone input, outputs and snippets
  • Optionally display collector status information in web interface
  • Optionally display log directory listing on status page
  • If no node-id is given use the hostname as identification
  • Linux distribution is detected and can be used in Snippet template
  • Silent install on Windows works now
  • Collector log files are now auto-rotated
  • Collector processes are supervised and restarted on crashes
  • NXlog Inputs and Outputs support free text configuration
  • Fix web plugin loading on IE 11

Pipeline processor plugin

Graylog 2.0.3

Released: 2016-06-20

https://www.graylog.org/blog/58-graylog-v2-0-3-released

Improvements

Bug fixes

Graylog 2.0.2

Released: 2016-05-27

https://www.graylog.org/blog/57-graylog-v2-0-2-released

Improvements

Bug Fixes

Plugin: Pipeline Processor

Graylog 2.0.1

Released: 2016-05-11

https://www.graylog.org/blog/56-graylog-v2-0-1-released

Improvements

Bug Fixes

Plugin: Collector

  • Rotate nxlog logfiles once a day by default.
  • Add GELF TCP output for nxlog.

Graylog 2.0.0

Released: 2016-04-27

https://www.graylog.org/blog/55-announcing-graylog-v2-0-ga

Note
Please make sure to read the Upgrade Guide before upgrading to Graylog 2.0. There are breaking changes!

Note

Please make sure to read the Upgrade Guide before upgrading to Graylog 2.0. There are breaking changes!

Feature Highlights

See the release announcement for details on the new features.

  • Web interface no longer a separate process
  • Support for Elasticsearch 2.x
  • Live tail support
  • Message Processing Pipeline
  • Map Widget Plugin
  • Collector Sidecar
  • Streams filter UI
  • Search for surrounding messages
  • Query range limit
  • Configurable query time ranges
  • Archiving (commercial feature)

Bug Fixes

There have been lots of bug fixes since the 1.3 releases. We only list the ones that we worked on since the 2.0 alpha phase.

Graylog 1.3.4

Released: 2016-03-16

https://www.graylog.org/blog/49-graylog-1-3-4-is-now-available

Graylog 1.3.3

Released: 2016-01-14

https://www.graylog.org/graylog-1-3-3-is-now-available/

Graylog 1.3.2

Released: 2015-12-18

https://www.graylog.org/graylog-1-3-2-is-now-available/

Graylog 1.3.1

Released: 2015-12-17

https://www.graylog.org/graylog-1-3-1-is-now-available/

Graylog 1.3.0

Released: 2015-12-09

https://www.graylog.org/graylog-1-3-ga-is-ready/

Graylog 1.2.2

Released: 2015-10-27

https://www.graylog.org/graylog-1-2-2-is-now-available/

Graylog 1.2.1

Released: 2015-09-22

https://www.graylog.org/graylog-1-2-1-is-now-available/

Graylog 1.2.0

Released: 2015-09-14

https://www.graylog.org/announcing-graylog-1-2-ga-release-includes-30-new-features/

Graylog 1.2.0-rc.4

Released: 2015-09-08

https://www.graylog.org/announcing-graylog-1-2-rc-4/

Graylog 1.2.0-rc.2

Released: 2015-08-31

https://www.graylog.org/announcing-graylog-1-2-rc/

Graylog 1.1.6

Released: 2015-08-06

https://www.graylog.org/graylog-1-1-6-released/

Graylog 1.1.5

Released: 2015-07-27

https://www.graylog.org/graylog-1-1-5-released/

Graylog 1.1.4

Released: 2015-06-30

https://www.graylog.org/graylog-v1-1-4-is-now-available/

Graylog 1.1.3

Released: 2015-06-19

https://www.graylog.org/graylog-v1-1-3-is-now-available/

Graylog 1.1.2

Released: 2015-06-10

https://www.graylog.org/graylog-v1-1-2-is-now-available/

Graylog 1.1.1

Released: 2015-06-05

https://www.graylog.org/graylog-v1-1-1-is-now-available/

Graylog 1.1.0

Released: 2015-06-04

https://www.graylog.org/graylog-1-1-is-now-generally-available/

  • Properly set node_id on message input Graylog2/graylog2-server#1210
  • Fixed handling of booleans in configuration forms in the web interface
  • Various design fixes in the web interface

Graylog 1.1.0-rc.3

Released: 2015-06-02

https://www.graylog.org/graylog-v1-1-rc3-is-now-available/

Graylog 1.1.0-rc.1

Released: 2015-05-27

https://www.graylog.org/graylog-v1-1-rc1-is-now-available/

Graylog 1.1.0-beta.3

Released: 2015-05-27

https://www.graylog.org/graylog-1-1-beta-3-is-now-available/

Graylog 1.1.0-beta.2

Released: 2015-05-20

https://www.graylog.org/graylog-1-1-beta-is-now-available/

  • CSV output streaming support including full text message
  • Simplified MongoDB configuration with URI support
  • Improved tokenizer for extractors
  • Configurable UDP buffer size for incoming messages
  • Enhanced Grok support with type conversions (integers, doubles and dates)
  • Elasticsearch 1.5.2 support
  • Added support for integrated Log Collector
  • Search auto-complete
  • Manual widget resize
  • Auto resize of widgets based on screen size
  • Faster search results
  • Moved search filter for usability
  • Updated several icons to text boxes for usability
  • Search highlight toggle
  • Pie charts (Stacked charts are coming too!)
  • Improved stream management
  • Output plugin and Alarm callback edit support
  • Dashboard widget search edit
  • Dashboard widget direct search button
  • Dashboard background update support for better performance
  • Log collector status UI

Graylog 1.0.2

Released: 2015-04-28

https://www.graylog.org/graylog-v1-0-2-has-been-released/

Graylog 1.0.1

Released: 2015-03-16

https://www.graylog.org/graylog-v1-0-1-has-been-released/

Graylog 1.0.0

Released: 2015-02-19

https://www.graylog.org/announcing-graylog-v1-0-ga/

  • No changes since Graylog 1.0.0-rc.4

Graylog 1.0.0-rc.4

Released: 2015-02-13

https://www.graylog.org/graylog-v1-0-rc-4-has-been-released/

Graylog 1.0.0-rc.3

Released: 2015-02-05

https://www.graylog.org/graylog-v1-0-rc-3-has-been-released/

Graylog 1.0.0-rc.2

Released: 2015-02-04

https://www.graylog.org/graylog-v1-0-rc-2-has-been-released/

Graylog 1.0.0-rc.1

Released: 2015-01-28

https://www.graylog.org/graylog-v1-0-rc-1-has-been-released/

Graylog 1.0.0-beta.2

Released: 2015-01-21

https://www.graylog.org/graylog-v1-0-beta-3-has-been-released/

Graylog 1.0.0-beta.2

Released: 2015-01-16

https://www.graylog.org/graylog-v1-0-0-beta2/

Graylog2 0.92.4

Released: 2015-01-14

https://www.graylog.org/graylog2-v0-92-4/

Graylog 1.0.0-beta.1

Released: 2015-01-12

https://www.graylog.org/graylog-v1-0-0-beta1/

  • Message Journaling
  • New Widgets
  • Grok Extractor Support
  • Overall stability and resource efficiency improvements
  • Single binary for graylog2-server and graylog2-radio
  • Inputs are now editable
  • Order of field charts rendered inside the search results page is now maintained.
  • Improvements in focus and keyboard behaviour on modal windows and forms.
  • You can now define whether to disable expensive, frequent real-time updates of the UI in the settings of each user. (For example the updating of total messages in the system)
  • Experimental search query auto-completion that can be enabled in the user preferences.
  • The API browser now documents server response payloads in a better way so you know what to expect as an answer to your call.
  • Now using the standard Java ServiceLoader for plugins.

Graylog2 0.92.3

Released: 2014-12-23

https://www.graylog.org/graylog2-v0-92-3/

Graylog2 0.92.1

Released: 2014-12-11

https://www.graylog.org/graylog2-v0-92-1/

  • [SERVER] Fixed name resolution and overriding sources for network inputs.
  • [SERVER] Fixed wrong delimiter in GELF TCP input.
  • [SERVER] Disabled the output cache by default. The output cache is the source of all sorts of interesting problems. If you want to keep using it, please read the upgrade notes.
  • [SERVER] Fixed message timestamps in GELF output.
  • [SERVER] Fixed connection counter for network inputs.
  • [SERVER] Added warning message if the receive buffer size (SO_RECV) couldn’t be set for network inputs.
  • [WEB] Improved keyboard shortcuts with most modal dialogs (e. g. hitting Enter submits the form instead of just closing the dialogs).
  • [WEB] Upgraded to play2-graylog2 1.2.1 (compatible with Play 2.3.x and Java 7).

Graylog2 0.92.0

Released: 2014-12-01

https://www.graylog.org/graylog2-v0-92/

  • [SERVER] IMPORTANT SECURITY FIX: It was possible to perform LDAP logins with crafted wildcards. (A big thank you to Jose Tozo who discovered this issue and disclosed it very responsibly.)
  • [SERVER] Generate a system notification if garbage collection takes longer than a configurable threshold.
  • [SERVER] Added several JVM-related metrics.
  • [SERVER] Added support for Elasticsearch 1.4.x which brings a lot of stability and resilience features to Elasticsearch clusters.
  • [SERVER] Made version check of Elasticsearch version optional. Disabling this check is not recommended.
  • [SERVER] Added an option to disable optimizing Elasticsearch indices on index cycling.
  • [SERVER] Added an option to disable time-range calculation for indices on index cycling.
  • [SERVER] Lots of other performance enhancements for large setups (i.e. involving several Radio nodes and multiple Graylog2 Servers).
  • [SERVER] Support for Syslog Octet Counting, as used by syslog-ng for syslog via TCP (#743)
  • [SERVER] Improved support for structured syslog messages (#744)
  • [SERVER] Bug fixes regarding IPv6 literals in mongodb_replica_set and elasticsearch_discovery_zen_ping_unicast_hosts
  • [WEB] Added additional details to system notification about Elasticsearch max. open file descriptors.
  • [WEB] Fixed several bugs and inconsistencies regarding time zones.
  • [WEB] Improved graphs and diagrams
  • [WEB] Allow to update dashboards when browser window is not on focus (#738)
  • [WEB] Bug fixes regarding timezone handling
  • Numerous internal bug fixes

Graylog2 0.92.0-rc.1

Released: 2014-11-21

https://www.graylog.org/graylog2-v0-92-rc-1/

  • [SERVER] Generate a system notification if garbage collection takes longer than a configurable threshold.
  • [SERVER] Added several JVM-related metrics.
  • [SERVER] Added support for Elasticsearch 1.4.x which brings a lot of stability and resilience features to Elasticsearch clusters.
  • [SERVER] Made version check of Elasticsearch version optional. Disabling this check is not recommended.
  • [SERVER] Added an option to disable optimizing Elasticsearch indices on index cycling.
  • [SERVER] Added an option to disable time-range calculation for indices on index cycling.
  • [SERVER] Lots of other performance enhancements for large setups (i. e. involving several Radio nodes and multiple Graylog2 Servers).
  • [WEB] Upgraded to Play 2.3.6.
  • [WEB] Added additional details to system notification about Elasticsearch max. open file descriptors.
  • [WEB] Fixed several bugs and inconsistencies regarding time zones.
  • Numerous internal bug fixes

Graylog2 0.91.3

Released: 2014-11-05

https://www.graylog.org/graylog2-v0-90-3-and-v0-91-3-has-been-released/

  • Fixed date and time issues related to DST changes
  • Requires Elasticsearch 1.3.4; Elasticsearch 1.3.2 had a bug that can cause index corruptions.
  • The mongodb_replica_set configuration variable now supports IPv6
  • Messages read from the on-disk caches could be stored with missing fields

Graylog2 0.91.3

Released: 2014-11-05

https://www.graylog.org/graylog2-v0-90-3-and-v0-91-3-has-been-released/

  • Fixed date and time issues related to DST changes
  • The mongodb_replica_set configuration variable now supports IPv6
  • Messages read from the on-disk caches could be stored with missing fields

Graylog2 0.92.0-beta.1

Released: 2014-11-05

https://www.graylog.org/graylog2-v0-92-beta-1/

  • Content packs
  • [SERVER] SSL/TLS support for Graylog2 REST API
  • [SERVER] Support for time based retention cleaning of your messages. The old message count based approach is still the default.
  • [SERVER] Support for Syslog Octet Counting, as used by syslog-ng for syslog via TCP (Graylog2/graylog2-server#743)
  • [SERVER] Improved support for structured syslog messages (Graylog2/graylog2-server#744)
  • [SERVER] Bug fixes regarding IPv6 literals in mongodb_replica_set and elasticsearch_discovery_zen_ping_unicast_hosts
  • [WEB] Revamped “Sources” page in the web interface
  • [WEB] Improved graphs and diagrams
  • [WEB] Allow to update dashboards when browser window is not on focus (Graylog2/graylog2-web-interface#738)
  • [WEB] Bug fixes regarding timezone handling
  • Numerous internal bug fixes

Graylog2 0.91.1

Released: 2014-10-17

https://www.graylog.org/two-new-graylog2-releases/

  • Messages written to the persisted master caches were written to the system with unreadable timestamps, leading to
  • errors when trying to open the message.
  • Extractors were only being deleted from running inputs but not from all inputs
  • Output plugins were not always properly loaded
  • You can now configure the alert_check_interval in your graylog2.conf
  • Parsing of configured Elasticsearch unicast discovery addresses could break when including spaces

Graylog2 0.90.1

Released: 2014-10-17

https://www.graylog.org/two-new-graylog2-releases/

  • Messages written to the persisted master caches were written to the system with unreadable timestamps, leading to errors when trying to open the message.
  • Extractors were only being deleted from running inputs but not from all inputs
  • Output plugins were not always properly loaded
  • You can now configure the alert_check_interval in your graylog2.conf
  • Parsing of configured Elasticsearch unicast discovery addresses could break when including spaces

Graylog2 0.91.0-rc.1

Released: 2014-09-23

https://www.graylog.org/graylog2-v0-90-has-been-released/

  • Optional ElasticSearch v1.3.2 support

Graylog2 0.90.0

Released: 2014-09-23

https://www.graylog.org/graylog2-v0-90-has-been-released/

  • Real-time data forwarding to Splunk or other systems
  • Alert callbacks for greater flexibility
  • New disk-based architecture for buffering in load spike situations
  • Improved graphing
  • Plugin API
  • Huge performance and stability improvements across the whole stack
  • Small possibility of losing messages in certain scenarios has been fixed
  • Improvements to internal logging from threads to avoid swallowing Graylog2 error messages
  • Paused streams are no longer checked for alerts
  • Several improvements to timezone handling
  • JavaScript performance fixes in the web interface and especially a fixed memory leak of charts on dashboards
  • The GELF input now supports CORS
  • Stream matching now has a configurable timeout to avoid stalling message processing in case of too complex rules or erroneous regular expressions
  • Stability improvements for Kafka and AMQP inputs
  • Inputs can now be paused and resumed
  • Dozens of bug fixes and other improvements

Graylog2 0.20.3

Released: 2014-08-09

https://www.graylog.org/graylog2-v0-20-3-has-been-released/

  • Bugfix: Storing saved searches was not accounting custom application contexts
  • Bugfix: Editing stream rules could have a wrong a pre-filled value
  • Bugfix: The create dashboard link was shown even if the user has no permission to so. This caused an ugly error page because of the missing permissions.
  • Bugfix: graylog2-radio could lose numeric fields when writing to the message broker
  • Better default batch size values for the Elasticsearch output
  • Improved rest_transport_uri default settings to avoid confusion with loopback interfaces
  • The deflector index is now also using the configured index prefix

Graylog2 0.20.2

Released: 2014-05-24

https://www.graylog.org/graylog2-v0-20-2-has-been-released/

  • Search result highlighting
  • Reintroduces AMQP support
  • Extractor improvements and sharing
  • Graceful shutdowns, Lifecycles, Load Balancer integration
  • Improved stream alert emails
  • Alert annotations
  • CSV exports via the REST API now support chunked transfers and avoid heap size problems with huge result sets
  • Login now redirects to page you visited before if there was one
  • More live updating information in node detail pages
  • Empty dashboards no longer show lock/unlock buttons
  • Global inputs now also show IO metrics
  • You can now easily copy message IDs into native clipboard with one click
  • Improved message field selection in the sidebar
  • Fixed display of floating point numbers in several places
  • Now supporting application contexts in the web interface like https://example.org/graylog2
  • Several fixes for LDAP configuration form
  • Message fields in the search result sidebar now survive pagination
  • Only admin users are allowed to change the session timeout for reader users
  • New extractor: Copy whole input
  • New converters: uppercase/lowercase, flexdate (tries to parse any string as date)
  • New stream rule to check for presence or absence of fields
  • Message processing now supports trace logging
  • Better error message for ES discovery problems
  • Fixes to GELF input and it holding open connections
  • Some timezone fixes
  • CSV exports now only contain selected fields
  • Improvements for bin/graylog* control scripts
  • UDP inputs now allow for custom receive buffer sizes
  • Numeric extractor converter now supports floating point values
  • Bugfix: Several small fixes to system notifications and closing them
  • Bugfix: Carriage returns were not escaped properly in CSV exports
  • Bugfix: Some AJAX calls redirected to the startpage when they failed
  • Bugfix: Wrong sorting in sources table
  • Bugfix: Quickvalues widget was broken with very long values
  • Bugfix: Quickvalues modal was positioned wrong in some cases
  • Bugfix: Indexer failures list could break when you had a lot of failures
  • Custom application prefix was not working for field chart analytics
  • Bugfix: Memory leaks in the dashboards
  • Bugfix: NullPointerException when Elasticsearch discovery failed and unicast discovery was disabled
  • Message backlog in alert emails did not always include the correct number of messages
  • Improvements for message outputs: No longer only waiting for filled buffers but also flushing them regularly. This avoids problems that make Graylog2 look like it misses messages in cheap benchmark scenarios combined with only little throughput.