Announcing Graylog v3.3
Today we are officially releasing Graylog v3.3
This release includes enhancements to search, events, and alerts that introduce greater efficiencies to your daily log management efforts and strengthen your audit and compliance capabilities.
Please read on for detailed descriptions of each feature.
- Deb or RPM packages are available in our repositories
- Docker image
- OVA / Appliance
- Tarball (manual installation)
- Enterprise Plugins
- Enterprise Integrations
Please report bugs and any other issues in our GitHub issue tracker. Thank you!
UPDATE: SECURITY FIXES
Graylog v3.2.5 and v3.3 fixes XSS vulnerabilities and issues in the AWS plugins. We strongly recommend that all Graylog users upgrade regardless of the Graylog version you are running on.
Two XSS issues were discovered in the content packs module and the hyperlink string decorator by Juha Laaksonen, Cyber Security Specialist at Solita. A big thanks to Juha for alerting us about these issues.
AWS Plugin Secret Key Leak
Mika Kulmala, Cyber Security Specialist at Solita, reported a leak of the AWS secret key in certain (authenticated) Graylog REST API calls. Graylog is no longer revealing the AWS secret key in REST API responses. A big thanks to Mika for alerting us about this issue.
Log management just became more efficient with search enhancements.
It’s often the little things that make all the difference. Graylog’s new search enhancements focus on making some of the tasks performed on a regular basis more efficient. For example, users make content choices such as adding a limit on the total number of messages or pull data from multiple streams before exporting a CSV file.
Error messages offer a greater level of detail. For example, if you run a search across three streams but only have permission to access one of them, Graylog will display an error message letting you know. This also applies to saved searches. If a colleague shares a saved search, Graylog will display an error message if you do not have the appropriate permissions to view the results. Other enhancements include UI improvements for better performance and search execution. For the latter, this means if you make any changes to your search you can control when you want to re-execute it.
More flexibility equals more productivity.
Planning ahead? Have alerts you only want to trigger at certain times? Need to pause in the middle of creating an alert? Have an alert creating too much noise and want to disable it and work on it? Now you can create Alert rules and save them for later. You can pause or disable an active Alert. And you can stop and save any time you are creating an alert.
UPDATE: AUDIT EVENTS (ENTERPRISE)
Supporting compliance needs with more data.
Graylog Audit Events now record when someone creates and executes a search along with the search content. This includes stream searches and dashboards as well. For example, if a developer debugs an application and that application has financial data, now you have an audit trail of exactly what and when the data was viewed.
NEW: INPUT FOR OKTA LOG EVENTS (ENTERPRISE)
Tracking your SSO logs made easy.
In Graylog 3.3, we have added a new input for Okta Log Events. You simply enter your domain name and API key to pull your Okta event logs into Graylog. Keeping track of your authentication data in the cloud is critically important for monitoring employee activities. This new input will make this task easier. All logs collected will conform to the new Graylog schema. (Coming soon!)
NEW: ELASTICSEARCH DISK SPACE NOTIFICATIONS
If the disk space in an Elasticsearch cluster runs low or runs out, this can lead to data loss and other problems down the road. To prevent this from happening, Graylog has added visual identification to alert you to the problem and we provide a link to documentation that can guide on how to resolve it. Shout-out to the Graylog community for requesting this feature.
OTHER NOTABLE CHANGES
Let us know what you’d like to have included in our GitHub issue tracker.