Changelog
  • 02 Nov 2022
  • 15 Minutes to read
  • Dark
    Light

Changelog

  • Dark
    Light

Graylog Operations 4.3.9

Released: 2022-11-02

Added

Fixed

Security

Graylog Operations 4.3.8

Released: 2022-10-05

Changed

Fixed

Graylog Operations 4.3.7

Released: 2022-09-16

Added

Fixed

Graylog Operations 4.3.6

Released: 2022-09-07

Added

Fixed

Graylog Operations 4.3.5

Released: 2022-08-09

Added

Graylog Operations 4.3.4

Released: 2022-08-03

Added

  • Add report_accept_insecure_certs config file option to make reporting work for setups with self-signed TLS certificates. graylog-plugin-enterprise#3852

Fixed

Security

Graylog Operations 4.3.3

Released: 2022-07-06

Fixed

Graylog Operations 4.3.2

Released: 2022-06-15

Fixed

Graylog Operations 4.3.1

Released: 2022-06-01

Fixed

Graylog Operations 4.3.0

Released: 2022-05-25

Added

Changed

Fixed

Graylog Operations 4.2.13

Released: 2022-09-16

Fixed

Graylog Operations 4.2.11

Released: 2022-07-06

Fixed

Graylog Operations 4.2.10

Released: 2022-06-15

Operations

No changes since 4.2.9.

Operations Integrations Plugin

Fixed

  • Add option to store the full message for the Azure Logs plugin.

Graylog Operations 4.2.9

Released: 2022-05-04

Operations

No changes since 4.2.8.

Operations Integrations Plugin

Fixed

  • Treat azure_connection_string field in the Azure Logs input as password to conceal it in the UI.

Graylog Operations 4.2.8

Released: 2022-04-12

Operations

Changed

  • Convert built-in forwarder user to service account.

Graylog Operations 4.2.7

Released: 2022-03-02

Operations

Fixed

  • Fix report history status icon.

Graylog Operations 4.2.6

Released: 2022-02-02

Operations

Fixed

  • Fix a report generation issue with widgets that don’t have a configured time range.
  • Remove unused log4j 1.x dependency.

Operations Integrations Plugin

No changes since 4.2.5.

Graylog Operations 4.2.5

Released: 2022-01-05

Operations

  • Add right-click action for GreyNoise IP lookup
  • Added loading indicator when performing Illuminate bundle operations

Operations Integrations Plugin

Graylog Operations 4.2.4

Released: 2021-12-16

Operations

No changes since 4.2.3.

Operations Integrations Plugin

No changes since 4.2.3.

Graylog Operations 4.2.3

Released: 2021-12-10

Operations

No changes since 4.2.2.

Operations Integrations Plugin

No changes since 4.2.2.

Graylog Operations 4.2.2

Released: 2021-12-01

Operations

Fixed

  • Increase reliability of the failure handler feature.
  • Fix index set upgrade problem with Illuminate bundles.
  • Don’t render optional fields in message summary if related value doesn’t exist.

Operations Integrations Plugin

Changed

  • Include more data fields from the NOISE response in the GreyNoise lookup data adapter.

Graylog Operations 4.2.1

Released: 2021-11-03

Operations

Added

  • Add ability to delete a disabled Illuminate bundle.

Fixed

  • Allow archive S3 backend to work without the s3:CreateBucket permission when the bucket already exists.
  • Fix misleading log warning regarding index updates on Illuminate installation.
  • Fix issue with watchlist key creation.

Operations Integrations Plugin

Fixed

  • Fix exception in Gmail input if there are no logs for the current day.
  • Fix default value for the polling interval setting for Google Cloud inputs.

Graylog Operations 4.2.0

Released: 2021-10-13

Operations

Added

  • Display message summaries based on message event types.
  • Add external value actions for message field values.
  • Allow horizontal scrolling in log view widget.
  • Add generic OIDC authentication backend.
  • Add Illuminate bundle support.
  • Add Illuminate message processor.
  • Support lookup tables in search parameters.
  • Store indexing and processing failures in a separate stream and index set to simplify debugging.
  • Add watchlist lookup table.
  • Add watchlist indicator to message details.
  • Add “Add to watchlist” and “Remove from watchlist” value actions for message fields.
  • Support custom authentication server for Okta backend.

Changed

  • Create system notifications for archiving errors to improve visibility.

Fixed

  • Fix formatting for forwarder related audit log entries.
  • Add default spool directory for S3 archiving backend.
  • Improve Okta authentication error reporting.
  • Improve error handling for S3 archiving.
  • Fix issue with switchting forwarder input profiles.
  • Fix search parameter problem when copying widget from search to dashboard.
  • Improve sorting on forwarders page.
  • Support an empty archive output path for S3 backends.

Operations Integrations Plugin

Added

  • Add Raw UDP Enterprise output.
  • Add Google Cloud input to pull VPC, firewall, and audit logs.
  • Add Google Workspace input to pull admin, drive, login, calendar, token, and message tracking logs.
  • Add Gmail input to pull mail logs from BigQuery.

Graylog Operations 4.1.14

Released: 2022-04-12

Operations

Changed

  • Convert built-in forwarder user to service account.

Graylog Operations 4.1.13

Released: 2022-03-02

Operations

Fixed

  • Fix report history status icon.

Graylog Operations 4.1.12

Released: 2022-02-02

Operations

Fixed

  • Remove unused log4j 1.x dependency.

Operations Integrations Plugin

No changes since 4.1.11.

Graylog Operations 4.1.11

Released: 2022-01-05

Operations

No changes since 4.1.10

Operations Integrations Plugin

No changes since 4.1.10

Graylog Operations 4.1.10

Released: 2021-12-16

Operations

No changes since 4.1.9.

Operations Integrations Plugin

No changes since 4.1.9.

Graylog Operations 4.1.9

Released: 2021-12-10

Operations

No changes since 4.1.8.

Operations Integrations Plugin

No changes since 4.1.8.

Graylog Operations 4.1.8

Released: 2021-12-01

Operations

No changes since 4.1.7.

Operations Integrations Plugin

No changes since 4.1.7.

Graylog Operations 4.1.7

Released: 2021-11-03

Operations

No changes since 4.1.6.

Graylog Operations 4.1.6

Released: 2021-10-06

Operations

Added

  • Add support for custom auth servers in Okta authentication backend.

Graylog Operations 4.1.5

Released: 2021-09-13

Operations

Fixed

  • Fix an issue when adding a widget with an option dropdown parameter in reports.
  • Fix Graylog Forwarder documentation URLs.

Graylog Operations 4.1.4

Released: 2021-09-01

Operations

Fixed

Graylog Operations 4.1.3

Released: 2021-08-04

Operations

No changes since 4.1.2.

Graylog Operations 4.1.2

Released: 2021-07-28

Operations

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Operations Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Fixed

Graylog Operations 4.1.1

Released: 2021-07-07

Operations

Fixed

  • Add default value for the spool directory in the UI configuration for the S3 archiving backend.
  • Improve Forwarder request/response handling when server has high load.

Operations Integrations Plugin

Added

  • Add lookup data adapter for abuse.ch ThreadDox IOC.

Graylog Operations 4.1.0

Released: 2021-06-23

Operations

Added

  • Add theme customization options to allow the usage of custom colors.
  • Add support for global notifications to display announcements and other messages to all users or a selected group of users.
  • Add authentication and team-sync support for the Okta indentity provider.
  • Add support for the Graylog Forwarder. The Graylog Forwarder is a standalone agent for sending log data to Graylog Cloud or an on-premise Graylog Server cluster.
  • Add Log View widget including file export. This allows users to read log messages in a way similar to reading plain text log files.
  • Add support for exporting messages in JSON, NDJSON and plain text formats.
  • Add S3 archiving backend to store archives in AWS S3 compatible object stores.
  • Add option to make archive batch size configurable for performance tuning.
  • Extend search and dashboard parameters to allow pre-defined values based on static lists or available message field values.
  • Add pagination for reports overview.

Fixed

  • Improve archiving multiple indices.
  • Fix rendering world map visualization in reports.
  • Improved search and dashboard parameter validation and styling.
  • Use case-insensitive matching for LDAP/AD group sync.
  • Disable confusing traffic warning log messages by default.

Operations Integrations Plugin

Added

  • Add ActiveDirectory user lookup data adapter.
  • Add Operations Greynoise lookup data adapter.
  • Add URLhaus lookup data adapter.

Graylog Operations 4.0.17

Released: 2022-07-06

Fixed

Graylog Operations 4.0.16

Released: 2022-04-12

Operations

Changed

  • Convert built-in forwarder user to service account.

Graylog Operations 4.0.15

Released: 2021-12-16

Operations

No changes since 4.0.14.

Operations Integrations Plugin

No changes since 4.0.14.

Graylog Operations 4.0.14

Released: 2021-12-10

Operations

No changes since 4.0.13.

Operations Integrations Plugin

No changes since 4.0.13.

Graylog Operations 4.0.13

Released: 2021-09-13

Operations

No changes since 4.0.11.

Graylog Operations 4.0.12

Released: 2021-09-01

Operations

No changes since 4.0.11.

Graylog Operations 4.0.11

Released: 2021-08-04

Operations

No changes since 4.0.10.

Graylog Operations 4.0.10

Released: 2021-07-28

Operations

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Operations Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog Operations 4.0.9

Released: 2021-07-07

No changes since 4.0.8.

Graylog Operations 4.0.8

Released: 2021-06-02

Operations

Fixed

  • Lower log level for irregular traffic record check.

Graylog Operations 4.0.7

Released: 2021-05-05

Operations

Fixed

  • Fix rendering of the world map visualization in reports.

Graylog Operations 4.0.6

Released: 2021-04-07

Operations

Fixed

  • Change LDAPGroupResolver to use case-insensitive matching

Operations Integrations Plugin

Added

  • Add “drop sensitive data” option to Microsoft365 input

Graylog Operations 4.0.5

Released: 2021-02-22

Operations

No changes since 4.0.4.

Graylog Operations 4.0.4

Released: 2021-02-22

Operations

No changes since 4.0.3.

Graylog Operations 4.0.3

Released: 2021-02-16

Operations

No changes since 4.0.2.

Operations Integrations Plugin

Added

  • Add full-message transformer to Enterprise Output Framework.

Graylog Operations 4.0.2

Released: 2021-01-27

Operations

Added

  • Allow modification of timezone in report scheduling settings.

Fixed

  • Fix report preview styling when dark mode is active.

Operations Integrations Plugin

Fixed

  • Reduce noise of legacy script alarm callback notification.
  • Fix timing issue with old checkpoints in Office365 plugin.
  • Properly shut down TCP connections when stopping Operations outputs.

Graylog Operations 4.0.1

Released: 2020-11-25

Operations

No changes since 4.0.0.

Operations Integrations Plugin

  • Do not shut down Okta input on errors.
  • Let Office 365 plugin use configured proxy settings.

Graylog Operations 4.0.0

Released: 2020-11-18

Operations

Added

  • Add support for grouping users in teams.
  • Add support for managing access to streams, searches and dashboards through teams.
  • Add support for syncing groups from LDAP and Active Directory into Graylog teams.
  • Add configurable header badge.
  • Create notification for failed Operations outputs.
  • Add cluster resources for archiving to allow archiving to be managed from all server nodes.

Fixed

  • Don’t fail reports migration if a widget is missing.
  • Improve error logging for report generation.

Operations Integrations Plugin

Added

  • Script event notification plugin to replace the legacy script alarm callback plugin.

Graylog Operations 3.3.17

Released: 2022-04-12

Operations

Changed

  • Convert built-in forwarder user to service account.

Graylog Operations 3.3.16

Released: 2021-12-16

Operations

No changes since 3.3.15.

Operations Integrations Plugin

No changes since 3.3.15.

Graylog Operations 3.3.15

Released: 2021-12-10

Operations

No changes since 3.3.14.

Operations Integrations Plugin

No changes since 3.3.14.

Graylog Operations 3.3.14

Released: 2021-07-28

Operations

Security

Session ID leak in Graylog DEBUG log file and audit log.

We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.

The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Operations Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.

We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.

The following CVE IDs have been assigned: CVE-2021-37759, CVE-2021-37760

Graylog Operations 3.3.13

Released: 2021-05-05

Operations

Fixed

  • Fix rendering of the world map visualization in reports.

Graylog Operations 3.3.12

Released: 2021-04-14

No changes since 3.3.11.

Graylog Operations 3.3.11

Released: 2021-02-16

No changes since 3.3.10.

Graylog Operations 3.3.10

Released: 2021-01-27

Operations

Added

  • Allow modification of timezone in report scheduling settings.

Graylog Operations 3.3.9

Released: 2020-11-25

Operations

Fixed

  • Fix audit formatting for file resource.
  • Fix permission issue with reports.
  • Fix logo images in reports.
  • Fix issue with rendering help buttons.

Operations Integrations Plugin

Fixed

  • Do not shut down Office 365 input on errors.
  • Do not shut down Okta input on errors.
  • Fix issue with Office 365 logon data parsing.
  • Let Office 365 plugin use configured proxy settings.

Graylog Operations 3.3.8

Released: 2020-10-12

Operations Integrations Plugin

Fixed

  • Fixed an issue with the O365 codec where it was not handling the event timestamp correctly.

Graylog Operations 3.3.7

Released: 2020-10-08

Operations Integrations Plugin

Fixed

  • Ensure cleanup of on-disk journal when Operations Output is deleted.

Graylog Operations 3.3.6

Released: 2020-09-28

Operations

Fixed

  • Improve error logging during report generation.

Operations Integrations Plugin

Added

  • Add Google BigQuery output to the Operations output framework.

Fixed

  • Fix NullPointerException and thread-safety issues in the Operations output framework.
  • Fix retry logic and overall robustness of the office365 input.
  • Improve error detection and error handling in the Operations output framework.

Graylog Operations 3.3.5

Released: 2020-08-17

Fixed

  • Fix NullPointerException when deleting an output, which caused the on-disk journal to not get cleaned up.

Graylog Operations 3.3.4

Released: 2020-08-06

Changed

  • Fix pipeline selection on output creation to make the pipeline optional rather than required.

Fixed

  • Fixed a bug which occurred during the setup of the O365 Input.
  • Fix error when starting the Forwarder with the Operations Integrations plugin.

Graylog Operations 3.3.3

Released: 2020-07-29

Added

  • Add office365 input plugin.
  • Add reliable output framework and TCP and TCP Syslog outputs.

Graylog Operations 3.3.2

Released: 2020-06-24

Fixed

  • Fix message table headers in reports.

Graylog Operations 3.3.1

Released: 2020-06-10

Fixed

  • Fix issue with reports database migration when widgets are missing.
  • Add a cluster resource for the archiving HTTP API and use it in the UI. All endpoints in the cluster resource are routed to the regular endpoints on the master node to avoid the need for custom proxy configuration.

Graylog Operations 3.3.0

Released: 2020-05-20

Added

  • Input for Okta log events.
  • Create detailed audit log messages for search jobs.
  • Create detailed audit log messages for message exports.
  • Automatically install trial licenses requested from the UI.
  • Add 1 day mute option to trial license reminders.

Changed

  • Implement message list limit in reports.

Fixed

  • Fix archive catalog response with different backends having the same archive.
  • Improve keyboard input for search/dashboard parameter fields.
  • Improve error messages with missing parameters in reports.
  • Fix problem with non-ascii characters in correlation field names.
  • Fix unintended selection of multiple widgets in report widget selection.
  • Fix detection of value-less parameters in reports.
  • Hide license warning on search/dashboard page if no license is installed.
  • Use user defined chart colors in reports.

Graylog Operations 3.2.6

Released: 2020-06-10

No changes since 3.2.5.

Graylog Operations 3.2.5

Released: 2020-05-19

No changes since 3.2.4.

Graylog Operations 3.2.4

Released: 2020-03-19

Fixed

  • Fix issue with search parameter input fields.
  • Fix error exporting a correlation event definition in content packs.

Graylog Operations 3.2.3

Released: 2020-03-11

Fixed

  • Fix issue with custom fields and correlation event definitions.

Graylog Operations 3.2.2

Released: 2020-02-20

Fixed

Graylog Operations 3.2.1

Released: 2020-02-04

Fixed

Graylog Operations 3.2.0

Released: 2020-01-14

Added

  • Dynamic list support for events and alert definition queries.
  • Search parameter support for reports.
  • MongoDB lookup data adapter.

Fixed

  • Remove incomplete archive directory when archiving process fails.
  • Fix race condition with archive catalog writing.

Graylog Operations 3.1.4

Released: 2020-01-14

Fixed

  • Only write archive metadata if the archiving process succeeded.
  • Improve resiliency of widgets in reports.

Graylog Operations 3.1.3

Released: 2019-11-06

Fixed

  • Fix problem with correlating events created by aggregation event definitions.
  • Remove incomplete archive directory when archive job fails or is stopped.

Graylog Operations 3.1.2

Released: 2019-09-12

No changes since 3.1.1.

Graylog Operations 3.1.1

Released: 2019-09-04

No changes since 3.1.0.

Graylog Operations 3.1.0

Released: 2019-08-16

Added

  • Add correlation engine and UI for new alerts and events system.
  • Add Operations job scheduler implementation.

Removed

  • Moved views feature to open-source. (except parameter support)

Fixed

  • Fix report service memory leak.
  • Fix auto-completion in drop-down fields.
  • Fix rendering of archive configuration page

Graylog Operations 3.0.2

Released: 2019-05-03

Integrations Plugin

  • Improve Graylog Forwarder configuration defaults.
  • Improve Graylog Forwarder error handling.
  • Update Graylog Forwarder dependencies.

Graylog Operations 3.0.1

Released: 2019-04-01

  • Fix missing authorization checks in the license management.
  • Fix view sharing issue for regular users.
  • Fix memory leak in the reporting system.

Integrations Plugin

  • Add Graylog Forwarder feature.

Graylog Operations 3.0.0

Released: 2019-02-14

A detailed changelog is following soon!

Integrations Plugin

  • Add Script Alert Notification

Graylog Operations 2.5.2

Released: 2019-03-15

Plugin: License

  • Add missing permissions to license HTTP API resources.
  • Only show upcoming license expiration warning to admin users.

Graylog Operations 2.5.1

Released: 2018-12-19

No changes since 2.5.0.

Graylog Operations 2.5.0

Released: 2018-11-30

No changes since 2.4.6.

Graylog Operations 2.4.7

Released: 2019-03-01

Plugin: License

  • Add missing authorization checks to license resources.

Graylog Operations 2.4.6

Released: 2018-07-16

No changes since 2.4.5.

Graylog Operations 2.4.5

Released: 2018-05-28

No changes since 2.4.4.

Graylog Operations 2.4.4

Released: 2018-05-02

No changes since 2.4.3.

Graylog Operations 2.4.3

Released: 2018-01-24

No changes since 2.4.2.

Graylog Operations 2.4.2

Released: 2018-01-24

No changes since 2.4.1.

Graylog Operations 2.4.1

Released: 2018-01-19

No changes since 2.4.0.

Graylog Operations 2.4.0

Released: 2017-12-22

No changes since 2.4.0-rc.2.

Graylog Operations 2.4.0-rc.2

Released: 2017-12-20

No changes since 2.4.0-rc.1.

Graylog Operations 2.4.0-rc.1

Released: 2017-12-19

No changes since 2.4.0-beta.4.

Graylog Operations 2.4.0-beta.4

Released: 2017-12-15

Plugin: License

  • The license page now shows more details about the installed licenses.

Graylog Operations 2.4.0-beta.3

Released: 2017-12-04

No changes since 2.4.0-beta.2.

Graylog Operations 2.4.0-beta.2

Released: 2017-11-07

No changes since 2.4.0-beta.1.

Graylog Operations 2.4.0-beta.1

Released: 2017-10-20

Plugin: Archive

  • Add support for Zstandard compression codec.

Graylog Operations 2.3.2

Released: 2017-10-19

Plugin: Archive

  • Fix archive creation for indices with lots of shards.

Graylog Operations 2.3.1

Released: 2017-08-25

Plugin: Archive

  • Lots of performance improvements (up to 7 times faster)
  • Do not delete an index if not all of its documents have been archived

Graylog Operations 2.3.0

Released: 2017-07-26

Plugin: Archive

  • Record checksums for archive segment files
  • Add two archive permission roles “admin” and “viewer”
  • Allow export of filenames from catalog search

Graylog Operations 2.2.3

Released: 2017-04-04

Plugin: Archive

  • Metadata is now stored in MongoDB
  • Preparation for storage backend support

Graylog Operations 2.2.2

Released: 2017-03-02

Plugin: Audit Log

  • Extend integration with the Archive plugin

Graylog Operations 2.2.1

Released: 2017-02-20

Plugin: Archive

  • Improve stability and smaller UI fixes

Graylog Operations 2.2.0

Released: 2017-02-09

Plugin: Archive

  • Improve index set support

Graylog Operations 1.2.1

Released: 2017-01-26

Plugin: Archive

  • Prepare the plugin to be compatible with the new default stream.

Plugin: Audit Log

  • Add support for index sets and fix potential NPEs.
  • Smaller UI improvements.

Graylog Operations 1.2.0

Released: 2016-09-14

https://www.graylog.org/blog/70-announcing-graylog-enterprise-v1-2

Plugin: Archive

  • Add support for selecting which streams should be included in your archives.

Plugin: Audit Log

New plugin to keep track of changes made by users to a Graylog system by automatically saving them in MongoDB.

Graylog Operations 1.1

Released: 2016-09-01

  • Added support for Graylog 2.1.0.

Graylog Operations 1.0.1

Released: 2016-06-08

Bugfix release for the archive plugin.

Plugin: Archive

Fixed problem when writing multiple archive segments

There was a problem when exceeding the max segment size so that multiple archive segments are written. The problem has been fixed and wrongly written segments can be read again.

Graylog Operations 1.0.0

Released: 2016-05-27

Initial Release including the Archive plugin.

Plugin: Archive

New features since the last beta plugin:

  • Support for multiple compression strategies. (Snappy, LZ4, Gzip, None)

Was this article helpful?

What's Next