Open Collector 2023.11 Release Notes
November 2023 Release Details
The 2023.11 release of Open Collector requires Knowledge Base version 7.1.678.0 (or above).
Software Component | Version Number | New Version? |
|---|---|---|
Open Collector | 5.6.19 | Yes |
LRCTL Script | 6.0.1 | |
LRCTL Container | 6.5.14 | |
LRJQ | 5.1.4 | |
Metrics | 6.0.4 | |
OC Pipeline | 5.1.7 | |
OC-Admin | 6.0.13 | |
OC-DB | 6.0.2 | |
AWS S3 Beat | 6.2.2 | |
Azure Event Hubs Beat | 6.0.8 | |
Carbon Black Cloud Beat | 6.0.7 | |
Cisco AMP Beat | 6.1.6 | |
Darktrace Beat | 6.0.0 | |
Duo Authentication Security Beat | 6.0.5 | |
Generic Beat | 6.1.2 | |
Gmail Message Tracking Beat | 6.0.3 | |
GSuite Beat | 6.0.4 | |
Kafka Beat | 6.0.6 | |
Microsoft Graph API Beat | 6.0.5 | |
Okta Beat | 6.0.4 | |
Prisma Cloud Beat | 6.0.1 | |
Proofpoint Beat | 6.0.3 | |
PubSub Beat | 6.0.3 | |
Qualys FIM Beat | 6.0.5 | |
Salesforce Beat | 6.0.0 | |
Sophos Central Beat | 6.0.3 | |
Symantec WSS Beat | 6.0.3 | |
Webhook Beat | 6.1.6 |
Resolved Issues
Bug ID | Found in Version | Release Notes |
|---|---|---|
ENG-34473 | 2023.05 | An issue where logs would fill indefinitely in certain situations where there are errors present in Open Collector logs or if a beat is set to debug has been resolved. |
ENG-36279 | 2023.06 | The Event Hubs Beat no longer produces errors in certain situations when attempting to collect Microsoft.web logs. |
ENG-34594 | 2023.03 | The Event Hubs Beat no longer produces errors in certain situations when attempting to collect Defender ATP logs. |
Known Issues
Defect ID | Components | Release Notes |
|---|---|---|
ENG-39921 | Beats: MSGraph API Beat | Issue: MS Graph API Beat initially collects Azure AD logs, but then immediately stops and no further logs are collected. Expected Results: The MS Graph API Beat should continue to collect Azure AD logs as expected. Workaround: There is currently no workaround for this issue. |
ENG-49073 | Open Collector: JSON Parser | Issue: The System Monitor JSON parser is not correctly parsing dates. Logs are arriving timestamped with the time received instead of the time occurred. Expected Results: Timestamp for JSON parsed logs should be when the event occurred. Workaround: Use the regular Open Collector native parsing method (old method). |
ENG-41561 | Beats: Azure Event Hubs Beat | Issue: The Azure Event Hubs Beat is not collecting Sentinel One logs when configured using the JSON parsing method. Expected Results: Sentinel One logs should be collected. Workaround: There is currently no workaround for this issue. |