Enterprise Changelog

Please note this changelog is for Graylog Enterprise. For the core Graylog changelog, please see the following article.

Graylog Enterprise 6.0.6

Released: 2024-09-04

Fixed

Prevents widgets in reports overlapping by fixing height of widgets with uncontrolled height.

Graylog Enterprise 6.0.5

Released: 2024-08-07

Fixed

Fixing error in report widget preview for message table widget.
Fixed index collision issues with investigation log evidence.
Fixed issue where event risk scores would calculate incorrectly if any associated assets no longer existed.
Fixed issue where Illuminate lookup tables caused heavy stress on MongoDB due to customization lookups.

Graylog Enterprise 6.0.4

Released: 2024-07-03

Added

Add ability to calculate risk score for Security Anomaly Detection events.

Changed

Updated machine Asset IP configuration to allow IPv6 addresses.

Fixed

Eliminates meaningless error log message when creating a Salesforce Input.
Fixing up tooltips in public notification creation dialog.
Fixing URLs on archiving pages when path prefix is present.

Graylog Enterprise 6.0.3

Released: 2024-06-05

Fixed

Fixes issue where Illuminate Spotlight Packs would silently fail to install.
Fixing report scheduling to consider the timezone set in the frequency configuration.
Fixing URLs in security product when path prefix is present.
Fix issue where Graylog Security specific migration fails to run on Elasticsearch.

Graylog Enterprise 6.0.2

Released: 2024-05-22

Fixed

Fix warm tier rollover for indices with closing date older than 1 month.

Graylog Enterprise 6.0.1

Released: 2024-05-13

Changed

Omit system events in the Security Events list.

Fixed

Fixes inability to remove older log and event evidence from investigations.
Fixed Symantec EDR Events input issue causing invalid Content Types options on edit.

Graylog Enterprise 6.0.0

Released: 2024-04-17

Added

Adds pipeline function fromForwarderInput(<id>, <name>).
Added ability to bulk add categories to assets.
Introduced warm tier configuration for data tiering functionality, enabling automatic data rollover and providing the option to configure the repository where the data is stored.
New Security Welcome page (secuirty dashboard)
Added new Symantec SES log message input.
Display assets associated with evidence attached to an Investigation.
Added new Symantec EDR log message input
Fixed content pack instalation of reports with scheduling configured
New Security Investigations List view
Added associated asset categories to messages processed by the SetAssociatedAssets pipeline function
Add additional details for Okta input API errors.
Added Illuminate installation status page.
Added more detailed asset history tracking.
Added Security App metrics and Investigations metrics dashboard
Add ability to use enterprise Search Filters on Event Definitions and Sigma rules.
Add Risk Scoring for Graylog Security Events.
Added security perspective investigations details page.
Add multithreading support for Archive creation.
New UI for Events in Security
Add ability to export Sigma rules to content packs
Added investigations search type, allowing to include current investigations in searches
Adding investigations widget, which displays current investigations
Aggregation based risk calculation for events
New page for all security dashboards
Added ability to specify Remediation Steps for Anomaly Detectors, Event Definitions, and Sigma rules.
Added ability to collect Graylog Security metrics, and added dashboard for Investigations metrics.
Investigations - Add Modals to add evidence.
New UI/UX in security perspective for Event Definitions
New Event Notificaitons list view on Security UI.

Changed

Added warning message when enabling many Sigma rules in bulk.
Sort Anomaly Detectors list alphabetically
Adds a ‘Sigma:’ prefix to the title of Event Definitions created for Sigma rules.
Changed Anomaly Detector initialization to run sequentially instead of in parallel.
OIDC custom claims can also be passed in the ID token (not just via the userinfo endpoint).
Enable failure processing features by default on new installations.
Changed Active Directory User Asset import mapping configurations to only allow ‘objectSid’ as the Unique ID mapping value.
Make license warning and info text generic
Adjusted field parsing for F5 BIG-IP Log Events input in preparation for Illuminate content.
Removed redundant use of the Asset word on navigation tabs
Updated Perspective Switcher style to not include the logo and a shorter title.
Updates Illuminate Event Definitions to allow adding Notifications and Notification settings.
An optional query parameter is added to licenses/status/for-subject to avoid race conditions.
Update spacing on hub bundle list of illuminate bundles
Improved Office 365 Input error handling.
Adjusted field parsing for AWS Security Lake input in preparation for Illuminate content.
Adjusted field parsing for Office 365 input in preparation for Illuminate content.
Adjusted field parsing for Okta Log Events input in preparation for Illuminate content.
Enable condition form in event definitions for Illuminate events

Removed

Remove service and vendor_event_description fields from the F5 input.

Fixed

Fix columns selector capitalization
Eliminate archiving error notification when the affected index has been deleted.
Fix F5 BIG-IP Log Events input verify connection issue
Fixed filtering by dates for Sigma Rules and Investigations to account for user’s timezone.
Fixed issue where assets were assigned new IDs on reimport from a source.
Only show the release notes for the selected Illuminate Bundle
Improve error message when importing assets fails in asset sources.
Fixed issue where entities shipped in Illuminate Spotlight Packs would be unnecessarily disabled when enabling a new bundle.
Make sure to update license status immediately after adding or removing security license.
Fixed issue: traffic violation email should display last day output traffic (not input traffic).
Fix an edge case, where an index gets deleted, despite not having been completely archived.
Don’t show toast notifications when page loads or state changes to ‘Running’
Fixed validation gap in Office 365 Inputs that allows for polling intervals less than 1 minute.
Handle missing widgets graceful when returning report widget values.
Added mitigation fix to F5 BIG-IP Log Events Input to avoid intermittent 401 Unauthorized errors.
Fixing report rendering bug where it times out if it takes longer than 30 seconds.
Eliminate exception when deleting a public notification in enterprise customizations.
Add reader permissions for forwarder inputs to READER role
Fixes replay search action for edited events in search events widget.
Do not require security events permissions for plain events widget.
Do not use all time range for investigations widget.
Reset investigations widget pagination when executing search.
Fix inability to sort by the User IDs User Assets column.
Fix F5 BIG-IP Log Events input expired token error.
Fix AWS Security Lake Log Events input verify connection issue
Fixed issue where Investigation Event and Message indices could not be customized
Fail gRPC health check for Forwarders if Graylog server LB status is “throttled”.
Fixed incorrect documentation link on Anomaly Detection pages.
Fix investigation widget to include user timezone and new details view URL
Improve CrowdStrike input error handling for server-side errors.
Fixed error when attempting to save edits for Illuminate Streams.
Enhance Investigations permissions checks.
Fix instant archiving ui broken because of menu component.
Fix sorting issue with indices created by Illuminate versions before 3.0.
Fix Cannot assign input profile to Forwarder.
Fix forwarder creation in UI doesn’t show config snippet.

Graylog Enterprise 5.2.11

Released: 2024-09-04

Fixed

Prevents widgets in reports overlapping by fixing height of widgets with uncontrolled height.

Graylog Enterprise 5.2.10

Released: 2024-08-07

Fixed

Fixed index collision issues with investigation log evidence.
Fixed issue where Illuminate lookup tables caused heavy stress on MongoDB due to customization lookups.

Graylog Enterprise 5.2.9

Released: 2024-07-03

Changed

Updated machine Asset IP configuration to allow IPv6 addresses.

Graylog Enterprise 5.2.8

Released: 2024-06-05

Fixed

Fixes issue where Illuminate Spotlight Packs would silently fail to install.
Fixing report scheduling to consider the timezone set in the frequency configuration.

Graylog Enterprise 5.2.7

Released: 2024-04-30

No changes in Graylog Enterprise for 5.2.7.

Graylog Enterprise 5.2.6

Released: 2024-04-03

Fixed

Add reader permissions for forwarder inputs to READER role.

Graylog Enterprise 5.2.5

Released: 2024-03-06

Added

Fixed content pack installation of reports with scheduling configured.

Fixed

Improve CrowdStrike input error handling for server-side errors.
Fixed error when attempting to save edits for Illuminate streams.
Enhance Investigations permissions checks.
Fix archiver startup.

Graylog Enterprise 5.2.4

Released: 2024-02-07

Fixed

Added mitigation fix to F5 BIG-IP Log Events Input to avoid intermittent 401 Unauthorized errors.
Fixing report rendering bug where it times out if it takes longer than 30 seconds.

Graylog Enterprise 5.2.3

Released: 2024-01-03

Changed

Adjusted field parsing for F5 BIG-IP Log Events input in preparation for Illuminate content.
Improved Office 365 input error handling.
Adjusted field parsing for Office 365 input in preparation for Illuminate content.
Adjusted field parsing for Okta Log Events input in preparation for Illuminate content.

Fixed

Eliminate archiving error notification when the affected index has been deleted.

Graylog Enterprise 5.2.2

Released: 2023-12-06

Changed

Changed Active Directory User Asset import mapping configurations to only allow objectSid as the Unique ID mapping value.

Fixed

Improve error message when importing assets fails in asset sources.
Fixed issue: traffic violation email should display last day output traffic (not input traffic).
Fix an edge case, where an index gets deleted, despite not having been completely archived.
Fixed validation gap in Office 365 Inputs that allows for polling intervals less than 1 minute.
Handle missing widgets graceful when returning report widget values.
Fixed issue where Investigation Event and Message indices could not be customized.

Graylog Enterprise 5.2.1

Released: 2023-11-15

Added

Add additional details for Okta input API errors.

Changed

Adds a ‘Sigma:’ prefix to the title of Event Definitions created for Sigma rules.
Update spacing on hub bundle list of illuminate bundles

Fixed

Fix F5 BIG-IP Log Events input verify connection issue
Fixed issue where entities shipped in Illuminate Spotlight Packs would be unnecessarily disabled when enabling a new bundle.
Fix inability to sort by the User IDs User Assets column.
Fix F5 BIG-IP Log Events input expired token error.
Fix Machine and User Asset forms. Improves validations.

Graylog Enterprise 5.2.0

Released: 2023-11-01

Added

Added support for region selection for GCP Log Events input dataset creation.
Added Event Notification to auto generate Investigations and add Events.
Added ability for anomaly detectors to trigger events/alerts.
Added Asset Enrichment module.
Add claim-based team sync support for OIDC backends.
Show investigation after adding evidence to it and keep it open when navigating to a new tab or window.
Added ability to filter users when assigning investigations.
Adds ability to upload sigma rule files.
Added proper support for F5 BIG-IP webui log parsing
Added the ability to run the AWS Security Lake Input in cloud.
Added AWS Security Lake Input (Thanks: @Srinidhi-Saravanan)
Added Salesforce Input (Thanks: @Srinidhi-Saravanan)
adds gl2_forwarder_input field to messages coming in through the forwarder inputs.
Added search capability when importing a Sigma rule from a git repository
Adds Markdown support to investigations notes.
Added automated email notification for Investigations assignments.
On cloud migrate IndexSetDefault configuration to new time size based rotation strategy in case it is not the configured default
Add endpoint for looking up forwarder input by id.
Adds new plugin component for asset list in log messages
Added ability to download and bulk download sigma rules.
Added ability to upload Sigma Rule files.
Added ability to export Graylog messages to GELF (Newline-delimited) format.
Forwarder heartbeat interval is now adjustable to arbitrary duration.
Added separate tabs for viewing machine and user assets.
Enable the Microsoft Defender for Endpoint input in Graylog Cloud.
Added ability to map User First, Last, and Full Name for asset imports.
Added the ability to run the CrowdStrike Input in Graylog Cloud.

Changed

Give to the user the option to convert a relative search into an absolute search before adding it as evidence in an Investigation.
Changed the minimum allowed Anomaly Detector interval to 10 minutes.
Write an audit log entry when deleting an aged-out archive.
Changed some field parsing for the Microsoft Defender for Endpoint input.
Added ability to skip background Anomaly Detection jobs
Re-enable “CSV File (Upload)” lookup data adapter.
Using composable index templates instead of legacy templates for failure index/illuminate indices.
Changed Illuminate processor so that it no longer needs CSV files for data adapters written to disk.
Merged enterprise integrations plugin into the enterprise plugin.
Adjusted Microsoft Defender for Endpoint input to populate the evidence field inside the full_message.
Adjusted F5 BIG-IP input log fields

Fixed

Fixes GCP Log Events input large memory usage.
Fix Exception being thrown in browser console when logging out
Fixed Illuminate activation errors for non default root users
Fixes race condition in range calculation when restoring small indices
Fix log view messages export, when there search result does not contain messages
Fix archive backend configuration not updated on archives page
Fix forwarder input only loading 10 items.
Fixed bug where Illuminate Spotlight Packs marked as core did not have their content packs installed
Fix anomaly layout padding issue.
Fix archiving with Snappy compression on Java 17.
Fix navigation in plugins when the web app is using a path prefix
Allow selecting all enumerable fields in values of field select in the parameter declaration form.
Fix invalid index prefix options in anomaly detector creation menu
Fix anomaly detector audit log messages not displaying IDs/names.
Fixed handling of backslashes in Sigma rule queries that caused OpenSearch errors.
Fixes a bug where OIDC and Okta errors were not handled on the login page
Update Investigation log evidence link to use saved message copy.
Fix team sync not supported message for OIDC authentication backend.
Retry index action for already archived indices.
Fix instant archiving stream list filtering in configuration creation
Fix Google Workspace Log Events create auditEventType description.
Fixed evidence not being added to all investigations when added to multiple invesitagtions at once.
Fixed issue where assets were assigned new IDs on reimport from a source.
Fixed indefinite error loop in Office 365 Input.
Fix failure to load the New Report page when invalid search ID is referenced
Fixing cases where the session got extended when fetching data in the UI periodically.
Fix unknown email_attributes error when using AD team sync; honor user-configured LDAP attribute names.
Fix event definition enable UI state for Event Correlation.
Improved free license warning on Illuminate install page.
Fixed error when adding Sigma Git repo rule directories with the default branch.
Fix several CrowdStrike input issues and adjusted parsing.
Fix broken pagination for archives with multiple streams.
Fixed API browser sort direction parameter functionality on several Security endpoints.
Improve error handling for CrowdStrike input startup.
Display specific input failure message when Salesforce API request limit is exceeded.
Alphabetically sort Illuminate packs and spotlights by title.
Take timezone of report into consideration when scheduling the trigger.
Fixed several F5 Input runtime issues.

Graylog Operations 5.1.13

Released: 2024-04-03

Fixed

Add reader permissions for forwarder inputs to READER role.

Graylog Operations 5.1.12

Released: 2024-03-06

Fixed

Fixed error when attempting to save edits for Illuminate streams.
Enhance Investigations permissions checks.
Improve CrowdStrike input error handling for server-side errors.

Graylog Enterprise 5.1.11

Released: 2024-02-07

Fixed

Prevent possible field type errors in reports.
Fix issue preventing the lookup_all pipeline function from working with json arrays.
Added mitigation fix to F5 BIG-IP Log Events Input to avoid intermittent 401 Unauthorized errors.

Graylog Enterprise 5.1.10

Released: 2024-01-03

Added

Added proper support for F5 BIG-IP webui log parsing.

Changed

Adjusted field parsing for F5 BIG-IP Log Events input in preparation for Illuminate content.
Improved Office 365 Input error handling.
Adjusted field parsing for Office 365 input in preparation for Illuminate content.
Adjusted field parsing for Okta Log Events input in preparation for Illuminate content.

Fixed

Eliminate archiving error notification when the affected index has been deleted.
Fix issue preventing the array_contains pipeline function from working with JSON arrays.

Graylog Enterprise 5.1.9

Released: 2023-12-06

Added

Add additional details for Okta input API errors.

Changed

Adds a ‘Sigma:’ prefix to the title of Event Definitions created for Sigma rules.

Fixed

Fixed issue where entities shipped in Illuminate Spotlight Packs would be unnecessarily disabled when enabling a new bundle.
Fix an edge case, where an index gets deleted, despite not having been completely archived.
Fixed issue where Investigation Event and Message indices could not be customized.
Fixed validation gap in Office 365 Inputs that allows for polling intervals less than 1 minute.
Fix F5 BIG-IP Log Events input expired token error.

Graylog Enterprise 5.1.8

Released: 2023-11-01

Fixed

Retry index action for already archived indices.
Take timezone of report into consideration when scheduling the trigger.

Graylog Enterprise 5.1.7

Released: 2023-10-12

No changes in Graylog Enterprise for 5.1.7.

Graylog Enterprise 5.1.6

Released: 2023-10-04

Fixed

Fixed Illuminate activation errors for non default root users.
Fix event definition enable UI state for Event Correlation.
Fix several CrowdStrike input issues and adjusted parsing.

Graylog Enterprise 5.1.5

Released: 2023-09-06

Added

Added ability to filter users when assigning investigations.

Added the ability to run the CrowdStrike Input in Graylog Cloud.

Fixed

Fixed error when adding Sigma Git repo rule directories with the default branch.

Graylog Enterprise 5.1.4

Released: 2023-08-02

Changed

Changed the minimum allowed Anomaly Detector interval to 10 minutes.

Fixed

Fixes race condition in range calculation when restoring small indices.
Fixed handling of backslashes in Sigma rule queries that caused OpenSearch errors.
Fix unknown email_attributes error when using AD team sync; honor user-configured LDAP attribute names.

Graylog Enterprise 5.1.3

Released: 2023-07-05

Added

Add claim-based team sync support for OIDC backends.

Fixed

Fix invalid index prefix options in anomaly detector creation menu.
Fix anomaly detector audit log messages not displaying IDs/names.
Fixed indefinite error loop in Office 365 Input.

Graylog Enterprise 5.1.2

Released: 2023-06-07

Changed

Added ability to skip background Anomaly Detection jobs
Adjusted F5 BIG-IP input log fields

Fixed

Fix Archving with Snappy compression on Java 17.
Fix for issue with plugin routes when web server sets a path prefix
Fixed several F5 Input runtime issues.

Graylog Enterprise 5.1.1

Released: 2023-05-25

Changed

On cloud migrate the IndexSetDefault configuration to new time size based rotation strategy.

Graylog Enterprise 5.1.0

Released: 2023-05-11

Added

Added the ability to set TTLs for MongoDB Data Adapter entries.
Added configuration values for hiding widget query and description in reports
Added support for importing Sigma rules from multiple Git repositories.
Add ability to create and edit custom anomaly detectors.
Added support for Sigma rules with Regular Expressions (’re’ modifier).
Added support for CIDR lookups in MongoDB data adapters
Dynamic Startup Page Backend additions for Recent Activity, Pinned Items, Last Opened
Adding shortcut to create search filters from query input with Ctrl+Enter.
Added ability to import all and refresh all rules from a Sigma rule repository.
Added investigations module.
Added ability to assign notifications to Sigma rule Alerts from Sigma pages.
Added filters on Sigma Rules List.
Added the ability to download and install Illuminate from within Graylog.
Added Illuminate hub UI.
Added extra error logging for empty OpenSearch Anomaly Detection error responses
Added info message to bundle page showing there is a new illuminate bundle
Added proxy support to Azure Event Logs input (Thanks: @Srinidhi-Saravanan)
Allow running Azure Event Hubs input in cloud.
Enable “Office 365 Log Events” input in cloud.
Added Microsoft Defender for Endpoint input (Thanks: @Srinidhi-Saravanan)
Added multi-node support for the Azure Event Logs input.

Changed

Improved error message for enabling Anomaly Detectors
Prevent creation of incompatible inputs on Forwarders.
Traffic violation emails will now create an audit log entry.
Unify fields configuration in log view builder with fields configuration in other aggregation builder.
Change date format on Sigma Rules and Investigations lists
Changed Sigma Rule roles to Sigma Rule Manager and Sigma Rule Reader
Changed decommissioned link in O365 Input wizard to updated link.
Created new plugin for CrowdStrike logs (Thanks: @Srinidhi-Saravanan)
Created new plugin for F5 BIG-IP logs (Thanks: @Srinidhi-Saravanan)
Consistent use of message identifiers in strings.
Rename Azure Log Events input to Azure Event Hubs.

Fixed

Hide Team source information on cloud
Fix Enterprise UI badge validation state
Also include query/timerange/filter(s)/streams when switching message table to log view.
Fixed failure to synchronize Anomaly Detectors that are active in Opensearch but marked as inactive in Graylog.
Fix page size selector on archives page is a bit off.
Fix validation logic by adding an additional debounced validation.
Fix sigma rules and repos page not having Graylog footer.
Fix incorrect deprecated Illuminate warning check.
Fix Illuminate data adapters being unusable from user space without a server restart.
Allow configuration of retention time of archives in cloud ui interface.
Fixed failure to load Anomaly Detection Configuration page.
Fixed bug where Illuminate lookup table data adapters were being populated with incorrect values
Fixed bug where disabling Illuminate processing packs displayed an error.
Fixed issue with Lookup Entity Mappings migration that prevented the server from starting on 5.0 if deprecated Illuminate content packs were installed.
Fixed Sigma Rule query creation to correctly handle lists of maps.
Fix broken audit log documention link.
Moved default save location of temporary Sigma Git data to a temp directory
Fix list of priorities not displaying in order of priority in New Investigation modal
Fix handling of unknown input types on Forwarder Input Profiles page.
Fixed issue where Illuminate bundle could not be upgraded if a lookup entity inside had a naming collision with an existing entity.
Fixed slow archive restore.
Fixed bug where Illuminate Spotlight Packs marked as core did not have their content packs installed
Fix incorrect Graylog Security Network dashboard widget name.
Fix breaking change in api/plugins/org.graylog.plugins.archive/config API.
Fixed error causing Illuminate bundle install timeouts.
Fixed error when enabling anomaly detectors in OpenSearch 2.x.
Handle deprecated short time zone IDs in report definitions.
Allow disabling of retention strategies
Avoid exception thrown during report rendering being swallowed.
Closes the add rule modal after sigma rule is created.
Executing reporting widgets in chunks when rendering report.
Fixed bug where MongoDB data adapter entries were not removed when the owning data adapter was deleted.
Fixed unneccessary anomaly detector sync queries causing Opensearch errors.
Avoid erroneous warning message on archive restore.
Fixed problem with concurrently running report jobs
Fixes error on decoding Google Workspace Logs with some types of parameters.
Fix credential check for Gmail Log Events input.
Fix verbose failure of journaled outputs due to license issues.
Show available log types in edit form for Google inputs.
Fixed F5 Big IP input bug causing inability to load API browser components.
Improved informational logging when partition ownership changes occur.
Fix broken on-screen validation of Azure EventHubs Maximum Wait Time field.
Fixed outputs stopping to output messages after messages were dropped, i.e. due to missing pipeline_output or full_message field.
Fix buffering to journal when TCP based outputs experience connection issues.
Fixed issue where users could not create O365 Log Event inputs with GCC High or DOD subscription types.
Fix unclean shutdown of ouput journal under high load.
Run GCP, Gmail, Google Workspace, and Office 365 Inputs on the leader node instead of a random cluster node by default.

Graylog Enterprise 5.0.13

Released: 2023-10-12

No changes in Graylog Enterprise for 5.0.13.

Graylog Enterprise 5.0.12

Released: 2023-10-04

Fixed

Fixed Illuminate activation errors for non default root users.

Graylog Enterprise 5.0.11

Released: 2023-09-06

No changes in Graylog Enterprise for 5.0.11.

Graylog Enterprise 5.0.10

Released: 2023-08-02

Changed

Changed the minimum allowed Anomaly Detector interval to 10 minutes.

Fixed

Fixed handling of backslashes in Sigma rule queries that caused OpenSearch errors.

Graylog Enterprise 5.0.9

Released: 2023-07-05

Fixed

Fix anomaly detector audit log messages not displaying IDs/names.
Fixed indefinite error loop in Office 365 Input.

Graylog Enterprise 5.0.8

Released: 2023-06-07

Changed

Adjusted F5 BIG-IP input log fields

Fixed

Fixed bug where Illuminate Spotlight Packs marked as core did not have their content packs installed
Fix Archving with Snappy compression on Java 17.
Fix for issue with plugin routes when web server sets a path prefix
Fixed problem with concurrently running report jobs
Fixed several F5 Input runtime issues.

Graylog Enterprise 5.0.7

Released: 2023-05-03

Added

Added extra error logging for empty OpenSearch Anomaly Detection error responses.

Fixed

Fixed slow archive restore.
Fixed broken Message Summary and Indicator Templates.

Graylog Enterprise 5.0.6

Released: 2023-04-05

Fixed

Fixed issue where Illuminate bundle could not be upgraded if a lookup entity inside had a naming collision with an existing entity.
Fixed bug where MongoDB data adapter entries were not removed when the owning data adapter was deleted.
Fixed unnecessary anomaly detector sync queries causing OpenSearch errors.
Fix broken on-screen validation of Azure EventHubs Maximum Wait Time field.

Graylog Enterprise 5.0.5

Released: 2023-03-06

Fixed

Fixed F5 Big IP input bug causing inability to load API browser components.

Graylog Enterprise 5.0.4

Released: 2023-03-01

Added

Added proxy support to Azure Event Logs input. (Thanks: @Srinidhi-Saravanan)
Added multi-node support for the Azure Event Logs input.

Changed

Changed decommissioned link in O365 Input wizard to updated link.
Created new plugin for F5 BIG-IP logs. (Thanks: @Srinidhi-Saravanan)
Rename Azure Log Events input to Azure Event Hubs.

Fixed

Also include query/timerange/filter(s)/streams when switching message table to log view.
Fixed issue with Lookup Entity Mappings migration that prevented the server from starting on 5.0 if deprecated Illuminate content packs were installed.
Fixed Sigma Rule query creation to correctly handle lists of maps.
Handle deprecated short time zone IDs in job scheduler definitions.
Avoid exception thrown during report rendering being swallowed.
Fixes error on decoding Google Workspace Logs with some types of parameters.

Graylog Enterprise 5.0.3

Released: 2023-02-01

Fixed

Fixed failure to synchronize Anomaly Detectors that are active in OpenSearch but marked as inactive in Graylog.
Allow configuration of retention time of archives in cloud UI interface.
Fixed bug where Illuminate lookup table data adapters were being populated with incorrect values
Fixed bug where disabling Illuminate processing packs displayed an error.
Fixed error causing Illuminate bundle install timeouts.

Graylog Enterprise 5.0.2

Released: 2023-01-04

Fixed

Fixed failure to load Anomaly Detection Configuration page.
Fixed incorrect Graylog Security Network dashboard widget name.
Fixed error when enabling anomaly detectors in OpenSearch 2.x.
Fix buffering to journal when TCP based outputs experience connection issues.

Graylog Enterprise 5.0.1

Released: 2022-12-14

Fixed

Fix incorrect deprecated Illuminate warning check.
Fix Illuminate data adapters being unusable from user space without a server restart.
Fixed issue where users could not create O365 Log Event inputs with GCC High or DOD subscription types.

Graylog Enterprise 5.0.0

Released: 2022-12-07

Added

Illuminate Lookup tables are now available in user space.
Allow defining multiple scheduling frequencies for report delivery
Adding search filter feature.
Add a config option to automatically delete archive files that are older than a defined age
Added Illuminate Spotlight content packs to Illuminate bundle installation.
Added deprecated warning and status metrics reporting.
Support restoring archives in bulk
Added backend support for storing timerange overrides for each report frequency configuration
Add gRPC health check endpoints.
Added support for Sigma rules.
Added a Store Full Message field option to the Azure Logs input, which stores the entire message payload received from Azure Logs.

Changed

Display parameter inputs inside search bar.
Report deliveries use generic scheduler instead of periodical task
Index archive names are now guaranteed to be unique by appending the index ID.

Graylog Enterprise 4.3.15

Released: 2023-05-03

Added

Added extra error logging for empty OpenSearch Anomaly Detection error responses.

Graylog Enterprise 4.3.14

Released: 2023-04-05

Fixed

Fixed bug where MongoDB data adapter entries were not removed when the owning data adapter was deleted.
Fixed unnecessary anomaly detector sync queries causing OpenSearch errors.
Fix broken on-screen validation of Azure EventHubs Maximum Wait Time field.
Fixed issue with Palo Alto Global Protect logs parsing last 5 fields incorrectly. (Thanks: @giveen)

Graylog Enterprise 4.3.13

Released: 2023-03-01

Changed

Changed decommissioned link in O365 Input wizard to updated link.

Fixed

Handle deprecated short time zone IDs in job scheduler definitions.

Graylog Enterprise 4.3.12

Released: 2023-02-01

Fixed

Fixed failure to synchronize Anomaly Detectors that are active in OpenSearch but marked as inactive in Graylog.

Graylog Enterprise 4.3.11

Released: 2023-01-04

Fixed

Fixed failure to load Anomaly Detection Configuration page.
Fixed error when enabling anomaly detectors in OpenSearch 2.x.
Fixed buffering to journal when TCP based outputs experience connection issues.

Graylog Enterprise 4.3.10

Released: 2022-12-14

Fixed

Fix LDAP group membership matching by memberUid attribute.
Fixed issue where users could not create O365 Log Event inputs with GCC High or DOD subscription types.

Graylog Enterprise 4.3.9

Released: 2022-11-02

Added

Add default_archive_retention_time and max_archive_retention_time config file settings for the archive auto-removal feature.

Fixed

Fix team sync for Okta authentication backends.
Fix S3 archive backend creation form.
Fix license traffic violation error triggering one day too early.

Security

Update Okta UI widget to version 7.0.0 to fix CVE-2020-11023.

Graylog Enterprise 4.3.8

Released: 2022-10-05

Changed

Reduce log level for noisy log messages in the Office365 input.

Fixed

Fix problem with archive retention configuration form.
Fix file handle leak in HTTP-based lookup table adapters.

Graylog Enterprise 4.3.7

Released: 2022-09-16

Added

Add optional archive retention to automatically delete old archives after a configurable time. (This is disabled by default.)

Fixed

Fix archive Overview page to remain operational when one or more cluster nodes are missing.

Graylog Enterprise 4.3.6

Released: 2022-09-07

Added

Add gRPC health check endpoint to the forwarder input.

Fixed

Fix inconsistent sorting and other smaller issues on the archiving overview page.
Gracefully handle unclean shutdown of the forwarder health status manager.
Fix infinite loop problem in the error handling of the Office365 input.

Graylog Enterprise 4.3.5

Released: 2022-08-09

Added

Add custom OIDC claims in the OIDC authentication backend configuration.

Graylog Enterprise 4.3.4

Released: 2022-08-03

Added

Addreport_accept_insecure_certsconfig file option to make reporting work for setups withself-signed TLS certificates.

Fixed

Fix license check for external actions.
Fix timing issue for the Forwarder status display on the Forwarder overview page.

Security

No longer displays (short-lived) session token in-error messages when reporting fails.

Graylog Enterprise 4.3.3

Released: 2022-07-06

Fixed

Fix state detection of anomaly detector status in the UI.
Fix license check on reports page.
Fix duplicate message ingest for the Office365 input by only running the input on the leader node.
Fix thread leak in TCP Enterprise Outputs.

Graylog Enterprise 4.3.2

Released: 2022-06-15

Fixed

Fix problem with UI code that prevented a user session to time out.
Fix parameter handling for parameters that are not used in queries.

Graylog Enterprise 4.3.1

Released: 2022-06-01

Fixed

Fix copying of Security dashboards.
Fix system overview page for non-admin users.

Graylog Enterprise 4.3.0

Released: 2022-05-25

Added

Display roles from assigned teams on the user details page.
Support multiple values in watchlist functions.
Allow users to override built-in Illuminate lookup tables.
Display a warning in the UI for upcoming license violations and export a related backend metric.
Add a configurable notification in the UI when an archiving operation fails.
Add hourly interval for automatic report generation.
Add support for OpenSearch.
Add support for reports creation on ARM64 platforms.
Add validation for search query parameters.
Add Graylog Security application.
Add minimal team sync backend for OIDC authentication service.
Send notification emails for license violations to a configurable list of subscribers.
Add edit links for dashboards, dashboard pages, and widgets to report content pages.
Show forwarder version in the UI. forwarder#53
Add time zone support for report scheduling.
Show the license limit on the daily traffic graph.
Add anomaly detection for Graylog Security.

Changed

Group widgets by dashboard pages in reports content selection.
Send error notifications to report subscribers when report generation fails.

Fixed

Improve license messages for Illuminate.
Avoid unnecessary index updates for Illuminate.
Fix Illuminate bundle upload from browsers running on Microsoft Windows.
Improve notifications for missing or expired licenses on the forwarder pages.
Several improvements for reports creation and update.
Warn users when they delete a dashboard or widget that is referenced in a report.
Improve log output for the reporting backend in case of errors.
Fix logo display in report configuration with large images.
Don't allow report creation or modification when parameter values are missing.
Improve Illuminate processor restart handling.
Improve Illuminate processing restart resiliency.
Improve message failure handler to continue processing if MongoDB is unreachable.
Improve error handling for reports.
Fix log view message export to honor query time limits.
Fix report generation when a report has no widgets configured.
Fix timing issue with logo rendering in reports.
Allow report creation in landscape format.
Disable team deletion when no valid license is installed.

Graylog Enterprise 4.2.11

Released: 2022-07-06

Fixed

Fix thread leak in TCP Enterprise Outputs.

Graylog Enterprise 4.2.10

Released: 2022-06-15

Enterprise

No changes since 4.2.9.

Enterprise Integrations Plugin

Fixed

Add option to store the full message for the Azure Logs plugin.

Graylog Enterprise 4.2.9

Released: 2022-05-04

Enterprise

No changes since 4.2.8.

Enterprise Integrations Plugin

Fixed

Treatazure_connection_stringfield in the Azure Logs input as password to conceal it in the UI.

Graylog Enterprise 4.2.8

Released: 2022-04-12

Enterprise

Changed

Convert built-in forwarder user to service account.

Graylog Enterprise 4.2.7

Released: 2022-03-02

Enterprise

Fixed

Fix report history status icon.

Graylog Enterprise 4.2.6

Released: 2022-02-02

Enterprise

Fixed

Fix a report generation issue with widgets that don’t have a configured time range.
Remove unused log4j 1.x dependency.

Enterprise Integrations Plugin

No changes since 4.2.5.

Graylog Enterprise 4.2.5

Released: 2022-01-05

Enterprise

Add right-click action for GreyNoise IP lookup
Added loading indicator when performing Illuminate bundle operations

Enterprise Integrations Plugin

Check for reserved IP addresses in GreyNoise Community IP Lookup Adapter.
Add Azure Event Logs input (../Getting_in_Log_Data/Azure_Event_Hub.html)

Graylog Enterprise 4.2.4

Released: 2021-12-16

Enterprise

No changes since 4.2.3.

Enterprise Integrations Plugin

No changes since 4.2.3.

Graylog Enterprise 4.2.3

Released: 2021-12-10

Enterprise

No changes since 4.2.2.

Enterprise Integrations Plugin

No changes since 4.2.2.

Graylog Enterprise 4.2.2

Released: 2021-12-01

Enterprise

Fixed

Increase reliability of the failure handler feature.
Fix index set upgrade problem with Illuminate bundles.
Don’t render optional fields in message summary if related value doesn’t exist.

Enterprise Integrations Plugin

Changed

Include more data fields from the NOISE response in the GreyNoise lookup data adapter.

Graylog Enterprise 4.2.1

Released: 2021-11-03

Enterprise

Added

Add ability to delete a disabled Illuminate bundle.

Fixed

Allow archive S3 backend to work without thes3:CreateBucketpermission when the bucket alreadyexists.
Fix misleading log warning regarding index updates on Illuminate installation.
Fix issue with watchlist key creation.

Enterprise Integrations Plugin

Fixed

Fix exception in Gmail input if there are no logs for the current day.
Fix default value for the polling interval setting for Google Cloud inputs.

Graylog Enterprise 4.2.0

Released: 2021-10-13

Enterprise

Added

Display message summaries based on message event types.
Add external value actions for message field values.
Allow horizontal scrolling in log view widget.
Add generic OIDC authentication backend.
Add Illuminate bundle support.
Add Illuminate message processor.
Support lookup tables in search parameters.
Store indexing and processing failures in a separate stream and index set to simplify debugging.
Add watchlist lookup table.
Add watchlist indicator to message details.
Add “Add to watchlist” and “Remove from watchlist” value actions for message fields.
Support custom authentication server for Okta backend.

Changed

Create system notifications for archiving errors to improve visibility.

Fixed

Fix formatting for forwarder related audit log entries.
Add default spool directory for S3 archiving backend.
Improve Okta authentication error reporting.
Improve error handling for S3 archiving.
Fix issue with switchting forwarder input profiles.
Fix search parameter problem when copying widget from search to dashboard.
Improve sorting on forwarders page.
Support an empty archive output path for S3 backends.

Enterprise Integrations Plugin

Added

Add Raw UDP Enterprise output.
Add Google Cloud input to pull VPC, firewall, and audit logs.
Add Google Workspace input to pull admin, drive, login, calendar, token, and message tracking logs.
Add Gmail input to pull mail logs from BigQuery.

Graylog Enterprise 4.1.14

Released: 2022-04-12

Enterprise

Changed

Convert built-in forwarder user to service account.

Graylog Enterprise 4.1.13

Released: 2022-03-02

Enterprise

Fixed

Fix report history status icon.

Graylog Enterprise 4.1.12

Released: 2022-02-02

Enterprise

Fixed

Remove unused log4j 1.x dependency.

Graylog Enterprise 4.1.6

Released: 2021-10-06

Enterprise

Added

Add support for custom auth servers in Okta authentication backend.

Graylog Enterprise 4.1.5

Released: 2021-09-13

Enterprise

Fixed

Fix an issue when adding a widget with an option dropdown parameter in reports.
Fix Graylog Forwarder documentation URLs.

Graylog Enterprise 4.1.4

Released: 2021-09-01

Enterprise

Fixed

Fixed an issue when adding a widget with an option dropdown parameter in reports. (Graylog2/)

Graylog Enterprise 4.1.3

Released: 2021-08-04

Enterprise

No changes since 4.1.2.

Graylog Enterprise 4.1.2

Released: 2021-07-28

Enterprise

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Enterprise Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Fixed

Fix license check issue in LogView widget. Graylog2/Graylog2/

Graylog Enterprise 4.1.1

Released: 2021-07-07

Enterprise

Fixed

Add default value for the spool directory in the UI configuration for the S3 archiving backend.
Improve Forwarder request/response handling when server has high load.

Enterprise Integrations Plugin

Added

Add lookup data adapter for abuse.ch ThreadDox IOC.

Graylog Enterprise 4.1.0

Released: 2021-06-23

Enterprise

Added

Add theme customization options to allow the usage of custom colors.
Add support for global notifications to display announcements and other messages to all users or a selectedgroup of users.
Add authentication and team-sync support for the Okta indentity provider.
Add support for the Graylog Forwarder. The Graylog Forwarder is a standalone agent for sending log data toGraylog Cloud or an on-premise Graylog Server cluster.
Add Log View widget including file export. This allows users to read log messages in a way similar to readingplain text log files.
Add support for exporting messages in JSON, NDJSON and plain text formats.
Add S3 archiving backend to store archives in AWS S3 compatible object stores.
Add option to make archive batch size configurable for performance tuning.
Extend search and dashboard parameters to allow pre-defined values based on static lists or available messagefield values.
Add pagination for reports overview.

Fixed

Improve archiving multiple indices.
Fix rendering world map visualization in reports.
Improved search and dashboard parameter validation and styling.
Use case-insensitive matching for LDAP/AD group sync.
Disable confusing traffic warning log messages by default.

Enterprise Integrations Plugin

Added

Add ActiveDirectory user lookup data adapter.
Add Enterprise Greynoise lookup data adapter.
Add URLhaus lookup data adapter.

Graylog Enterprise 4.0.17

Released: 2022-07-06

Fixed

Fix thread leak in TCP Enterprise Outputs.

Graylog Enterprise 4.0.16

Released: 2022-04-12

Enterprise

Changed

Convert built-in forwarder user to service account.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog Enterprise 4.0.9

Released: 2021-07-07

No changes since 4.0.8.

Graylog Enterprise 4.0.8

Released: 2021-06-02

Enterprise

Fixed

Lower log level for irregular traffic record check.

Graylog Enterprise 4.0.7

Released: 2021-05-05

Enterprise

Fixed

Fix rendering of the world map visualization in reports.

Graylog Enterprise 4.0.6

Released: 2021-04-07

Enterprise

Fixed

Change LDAPGroupResolver to use case-insensitive matching

Enterprise Integrations Plugin

Added

Add “drop sensitive data” option to Microsoft365 input

Enterprise Integrations Plugin

Added

Add full-message transformer to Enterprise Output Framework.

Graylog Enterprise 4.0.2

Released: 2021-01-27

Enterprise

Added

Allow modification of timezone in report scheduling settings.

Fixed

Fix report preview styling when dark mode is active.

Enterprise Integrations Plugin

Fixed

Reduce noise of legacy script alarm callback notification.
Fix timing issue with old checkpoints in Office365 plugin.
Properly shut down TCP connections when stopping Enterprise outputs.

Graylog Enterprise 4.0.1

Released: 2020-11-25

Enterprise

No changes since 4.0.0.

Enterprise Integrations Plugin

Do not shut down Okta input on errors.
Let Office 365 plugin use configured proxy settings.

Graylog Enterprise 4.0.0

Released: 2020-11-18

Enterprise

Added

Add support for grouping users in teams.
- See: Permission Management
Add support for managing access to streams, searches and dashboards through teams.
- See: Permission Management
Add support for syncing groups from LDAP and Active Directory into Graylog teams.
- See: Permission Management
Add configurable header badge.
Create notification for failed Enterprise outputs.
Add cluster resources for archiving to allow archiving to be managed from all server nodes.

Fixed

Don’t fail reports migration if a widget is missing.
Improve error logging for report generation.

Enterprise Integrations Plugin

Added

Script event notification plugin to replace the legacy script alarm callback plugin.

Graylog Enterprise 3.3.17

Released: 2022-04-12

Enterprise

Changed

Convert built-in forwarder user to service account.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog Enterprise 3.3.13

Released: 2021-05-05

Enterprise

Fixed

Fix rendering of the world map visualization in reports.

Graylog Enterprise 3.3.12

Released: 2021-04-14

No changes since 3.3.11.

Graylog Enterprise 3.3.11

Released: 2021-02-16

No changes since 3.3.10.

Graylog Enterprise 3.3.10

Released: 2021-01-27

Enterprise

Added

Allow modification of timezone in report scheduling settings.

Graylog Enterprise 3.3.9

Released: 2020-11-25

Enterprise

Fixed

Fix audit formatting for file resource.
Fix permission issue with reports.
Fix logo images in reports.
Fix issue with rendering help buttons.

Enterprise Integrations Plugin

Fixed

Do not shut down Office 365 input on errors.
Do not shut down Okta input on errors.
Fix issue with Office 365 logon data parsing.
Let Office 365 plugin use configured proxy settings.

Graylog Enterprise 3.3.8

Released: 2020-10-12

Enterprise Integrations Plugin

Fixed

Fixed an issue with the O365 codec where it was not handling the event timestamp correctly.

Graylog Enterprise 3.3.7

Released: 2020-10-08

Enterprise Integrations Plugin

Fixed

Ensure cleanup of on-disk journal when Enterprise Output is deleted.

Graylog Enterprise 3.3.6

Released: 2020-09-28

Enterprise

Fixed

Improve error logging during report generation.

Enterprise Integrations Plugin

Added

Add Google BigQuery output to the Enterprise output framework.

Fixed

FixNullPointerExceptionand thread-safety issues in the Enterprise outputframework.
Fix retry logic and overall robustness of the office365 input.
Improve error detection and error handling in the Enterprise output framework.

Graylog Enterprise 3.3.5

Released: 2020-08-17

Fixed

Fix NullPointerException when deleting an output, which caused the on-disk journal to not get cleaned up.

Graylog Enterprise 3.3.4

Released: 2020-08-06

Changed

Fix pipeline selection on output creation to make the pipeline optional rather than required.

Fixed

Fixed a bug which occurred during the setup of the O365 Input.
Fix error when starting the Forwarder with the Enterprise Integrations plugin.

Graylog Enterprise 3.3.3

Released: 2020-07-29

Added

Add office365 input plugin.
Add reliable output framework and TCP and TCP Syslog outputs.

Graylog Enterprise 3.3.2

Released: 2020-06-24

Fixed

Fix message table headers in reports.

Graylog Enterprise 3.3.1

Released: 2020-06-10

Fixed

Fix issue with reports database migration when widgets are missing.
Add a cluster resource for the archiving API and use it in the UI. All endpoints in the cluster resourceare routed to the regular endpoints on the master node to avoid the need for custom proxy configuration.

Graylog Enterprise 3.3.0

Released: 2020-05-20

Added

Input for Okta log events.
Create detailed audit log messages for search jobs.
Create detailed audit log messages for message exports.
Automatically install trial licenses requested from the UI.
Add 1 day mute option to trial license reminders.

Changed

Implement message list limit in reports.

Fixed

Fix archive catalog response with different backends having the same archive.
Improve keyboard input for search/dashboard parameter fields.
Improve error messages with missing parameters in reports.
Fix problem with non-ascii characters in correlation field names.
Fix unintended selection of multiple widgets in report widget selection.
Fix detection of value-less parameters in reports.
Hide license warning on search/dashboard page if no license is installed.
Use user defined chart colors in reports.

Graylog Enterprise 3.2.6

Released: 2020-06-10

No changes since 3.2.5.

Graylog Enterprise 3.2.5

Released: 2020-05-19

No changes since 3.2.4.

Graylog Enterprise 3.2.4

Released: 2020-03-19

Fixed

Fix issue with search parameter input fields.
Fix error exporting a correlation event definition in content packs.

Graylog Enterprise 3.2.3

Released: 2020-03-11

Fixed

Fix issue with custom fields and correlation event definitions.

Graylog Enterprise 3.2.2

Released: 2020-02-20

Fixed

Fix missing rows in message table widget in reports.
Don’t try to archive indices which have already been archived.

Graylog Enterprise 3.2.1

Released: 2020-02-04

Fixed

Gracefully handle missing dashboards and widgets when collecting parameters for reports.

Graylog Enterprise 3.2.0

Released: 2020-01-14

Added

Dynamic list support for events and alert definition queries.
Search parameter support for reports.
MongoDB lookup data adapter.

Fixed

Remove incomplete archive directory when archiving process fails.
Fix race condition with archive catalog writing.

Graylog Enterprise 3.1.4

Released: 2020-01-14

Fixed

Only write archive metadata if the archiving process succeeded.
Improve resiliency of widgets in reports.

Graylog Enterprise 3.1.3

Released: 2019-11-06

Fixed

Fix problem with correlating events created by aggregation event definitions.
Remove incomplete archive directory when archive job fails or is stopped.

Graylog Enterprise 3.1.2

Released: 2019-09-12

No changes since 3.1.1.

Graylog Enterprise 3.1.1

Released: 2019-09-04

No changes since 3.1.0.

Graylog Enterprise 3.1.0

Released: 2019-08-16

Added

Add correlation engine and UI for new alerts and events system.
Add Enterprise job scheduler implementation.

Removed

Moved views feature to open-source. (except parameter support)

Fixed

Fix report service memory leak.
Fix auto-completion in drop-down fields.
Fix rendering of archive configuration page

Graylog Enterprise 3.0.2

Released: 2019-05-03

Integrations Plugin

Improve Graylog Forwarder configuration defaults.
Improve Graylog Forwarder error handling.
Update Graylog Forwarder dependencies.

Graylog Enterprise 3.0.1

Released: 2019-04-01

Fix missing authorization checks in the license management.
Fix view sharing issue for regular users.
Fix memory leak in the reporting system.

Integrations Plugin

Add Graylog Forwarder feature.

Graylog Enterprise 3.0.0

Released: 2019-02-14

Announcement blog post: https://www.graylog.org/post/announcing-graylog-v3-0-ga
Upgrade notes: Upgrading to Graylog 3.0.x

A detailed changelog is following soon!

Integrations Plugin

Add Script Alert Notification

Graylog Enterprise 2.5.2

Released: 2019-03-15

Plugin: License

Add missing permissions to license API resources.
Only show upcoming license expiration warning to admin users.

Graylog Enterprise 2.5.1

Released: 2018-12-19

No changes since 2.5.0.

Graylog Enterprise 2.5.0

Released: 2018-11-30

No changes since 2.4.6.

Graylog Enterprise 2.4.7

Released: 2019-03-01

Plugin: License

Add missing authorization checks to license resources.

Graylog Enterprise 2.4.6

Released: 2018-07-16

No changes since 2.4.5.

Graylog Enterprise 2.4.5

Released: 2018-05-28

No changes since 2.4.4.

Graylog Enterprise 2.4.4

Released: 2018-05-02

No changes since 2.4.3.

Graylog Enterprise 2.4.3

Released: 2018-01-24

No changes since 2.4.2.

Graylog Enterprise 2.4.2

Released: 2018-01-24

No changes since 2.4.1.

Graylog Enterprise 2.4.1

Released: 2018-01-19

No changes since 2.4.0.

Graylog Enterprise 2.4.0

Released: 2017-12-22

No changes since 2.4.0-rc.2.

Graylog Enterprise 2.4.0-rc.2

Released: 2017-12-20

No changes since 2.4.0-rc.1.

Graylog Enterprise 2.4.0-rc.1

Released: 2017-12-19

No changes since 2.4.0-beta.4.

Graylog Enterprise 2.4.0-beta.4

Released: 2017-12-15

Plugin: License

The license page now shows more details about the installed licenses.

Graylog Enterprise 2.4.0-beta.3

Released: 2017-12-04

No changes since 2.4.0-beta.2.

Graylog Enterprise 2.4.0-beta.2

Released: 2017-11-07

No changes since 2.4.0-beta.1.

Graylog Enterprise 2.4.0-beta.1

Released: 2017-10-20

Plugin: Archive

Add support for Zstandard compression codec.

Graylog Enterprise 2.3.2

Released: 2017-10-19

Plugin: Archive

Fix archive creation for indices with lots of shards.

Graylog Enterprise 2.3.1

Released: 2017-08-25

Plugin: Archive

Lots of performance improvements (up to 7 times faster)
Do not delete an index if not all of its documents have been archived

Graylog Enterprise 2.3.0

Released: 2017-07-26

Plugin: Archive

Record checksums for archive segment files
Add two archive permission roles “admin” and “viewer”
Allow export of filenames from catalog search

Graylog Enterprise 2.2.3

Released: 2017-04-04

Plugin: Archive

Metadata is now stored in MongoDB
Preparation for storage backend support

Graylog Enterprise 2.2.2

Released: 2017-03-02

Plugin: Audit Log

Extend integration with the Archive plugin

Graylog Enterprise 2.2.1

Released: 2017-02-20

Plugin: Archive

Improve stability and smaller UI fixes

Graylog Enterprise 2.2.0

Released: 2017-02-09

Plugin: Archive

Improve index set support

Graylog Enterprise 1.2.1

Released: 2017-01-26

Plugin: Archive

Prepare the plugin to be compatible with the new default stream.

Plugin: Audit Log

Add support for index sets and fix potential NPEs.
Smaller UI improvements.

Graylog Enterprise 1.2.0

Released: 2016-09-14

https://www.graylog.org/blog/70-announcing-graylog-enterprise-v1-2

Plugin: Archive

Add support for selecting which streams should be included in your archives.

Plugin: Audit Log

New plugin to keep track of changes made by users to a Graylog system by automatically saving them in MongoDB.

Graylog Enterprise 1.1

Released: 2016-09-01

Added support for Graylog 2.1.0.

Graylog Enterprise 1.0.1

Released: 2016-06-08

Bugfix release for the archive plugin.

Plugin: Archive

Fixed problem when writing multiple archive segments

There was a problem when exceeding the max segment size so that multiple archive segments are written. The problem has been fixed and wrongly written segments can be read again.

Graylog Enterprise 1.0.0

Released: 2016-05-27

Initial Release including the Archive plugin.

Plugin: Archive

New features since the last beta plugin:

Support for multiple compression strategies. (Snappy, LZ4, Gzip, None)