Today we are releasing the first beta version of Graylog v2.1. It is the first feature-complete release of the 2.1 pre-GA series and ready for your feedback. You can find a changelog and overview of new features in this post.
DOWNLOAD
Download Graylog 2.1.0-beta.1:
- DEB or RPM package (documentation for details)
- Docker image
- OVA / Appliance
- Tarball (manual installation)
NEW FEATURES SINCE ALPHA.2
Here are the new features since the last Graylog v2.1 alpha release:
MESSAGE DECORATORS
This new feature allows you to mutate message values on search result pages automatically. A classic example would be to change the numerical severity level of a syslog message (level=4) to a human readable string like level=warning (4).
We’ll ship standard decorators but you can also write your own using our plugin system. Another really cool way to use this feature is to select a message processing pipeline that every message of the current search result page will run through. Mutation logic can get pretty powerful when using the pipelines.
More example use-cases are:
- WHOIS lookup of IP addresses
- Data center inventory link to known hostnames
- User ID to username
- User ID to hostname the user is located on
- IP to hostname using reverse DNS or a lookup table / inventory
- IP to parent data center
- Anything else you can express in code
The decorator config is always bound to streams, so you can have standard mutations per stream.
SSO & PLUGGABLE AUTHENTICATION
Graylog has always supported the built-in user/password and LDAP authentication methods but this release finally makes the authentication methods pluggable. The first plugin we released is for Single-Sign-On (SSO).
The SSO plugin supports automatic login and user account creation based on trusted HTTP headers set by an authentication proxy.
MORE CHANGES
- Journal info command does not work. Graylog2/graylog2-server#2493 and Graylog2/graylog2-server#2495
- Search result highlighting color similar to white. Graylog2/graylog2-server#2480
- Cannot POST on Regex Tester (error 500). Graylog2/graylog2-server#2471 and Graylog2/graylog2-server#2472
- Middle-clicking to open new tab not working for some System menu items. Graylog2/graylog2-server#2468
- Json extractor should check for valid lucene keys. Graylog2/graylog2-server#2434 and Graylog2/graylog2-server#2481
- Elasticsearch Red cluster state triggered by index rotation under some conditions. Graylog2/graylog2-server#2371, Graylog2/graylog2-server#2429 and Graylog2/graylog2-server#2477
- Report syntax error when search query contains unescaped slash. Graylog2/graylog2-server#2372 and Graylog2/graylog2-server#2450
- Allowing path prefixes in weblistenuri so web interface is accessible via path != “/”. Graylog2/graylog2-server#2271 and Graylog2/graylog2-server#2440
- LDAP group mapping: stringwise comparison fails due to different DN formats. Graylog2/graylog2-server#1790 and Graylog2/graylog2-server#2484
- Json extractor prefix. Graylog2/graylog2-server#1646 and Graylog2/graylog2-server#2481
- LDAP users are shown a change password form. Graylog2/graylog2-server#2124, Graylog2/graylog2-server#2327 and Graylog2/graylog2-server#2485
- Switch message filters from polling to subscribing to change events. Graylog2/graylog2-server#2391 and Graylog2/graylog2-server#2496
- Make auth providers fully pluggable. Graylog2/graylog2-server#2232, Graylog2/graylog2-server#2367 and Graylog2/graylog2-server#2522
- Grok extractor: Allow returning only named captures. Graylog2/graylog2-server#1486 and Graylog2/graylog2-server#2500
- Attempt reading DSA key if RSA failed. Graylog2/graylog2-server#2503. Special thanks to @mikkolehtisalo!
- Fix session validation propagation. Graylog2/graylog2-server#2498
- A wrapper to protect from decompression bombs. Graylog2/graylog2-server#2339. Thank you again, @mikkolehtisalo!
- Make exceptions more useful by providing messages and context. Graylog2/graylog2-server#2478
- Decorate search results. Graylog2/graylog2-server#2408, Graylog2/graylog2-server#2482, Graylog2/graylog2-server#2499, Graylog2/graylog-plugin-pipeline-processor#41, Graylog2/graylog-plugin-pipeline-processor#43 and Graylog2/graylog-plugin-pipeline-processor#52
- Introduce CombinedProvider to sync actions and stores initialization. Graylog2/graylog2-server#2523
COLLECTOR SIDECAR PLUGIN
- Add buffer option to NXLog outputs
- Make defaults compatible with Windows hosts
PIPELINES PROCESSOR PLUGIN
- Unescape string literals before using them. Graylog2/graylog-plugin-pipeline-processor#47
- Add rename_field function. Graylog2/graylog-plugin-pipeline-processor#50
- Allow null matcher group values in regex function. Graylog2/graylog-plugin-pipeline-processor#49
- Fix 500 error during simulation. Graylog2/graylog-plugin-pipeline-processor#51
- IpAddressConversion caught wrong exception. Graylog2/graylog-plugin-pipeline-processor#32
WE LOVE YOUR FEEDBACK
We need feedback about what’s working and what’s broken in order to help everyone get the most out of Graylog v2.1. There are a variety of ways to provide feedback, all of which can be found on our community resources page:
- Report bugs and other issues in our GitHub graylog-server repo.
- Help with documentation in our GitHub documentation repo.
- Start a discussion in our Google Group mailing list.
- Or join the chatter on our #graylog Freenode IRC channel.
- New feature ideas are welcome in our product idea portal.
We’re super excited about releasing 2.1, and we value your feedback. So please go try out the Beta and let us know what you think!
