Today we are officially releasing Graylog v3.3.3.

This release includes an important LDAP fix along with a new Office 365 input and an output framework that both introduce greater efficiencies to your daily log management efforts and strengthen your audit and compliance capabilities.

Please read on for detailed descriptions of each feature.

DOWNLOAD LINKS

Please report bugs and any other issues in our GitHub issue tracker. Thank you!

UPDATE: FIXING CERTIFICATE VALIDATION FOR LDAP SERVERS USED FOR AUTHENTICATION

In Graylog v3.3.3, certificates of LDAP servers connected using a secure connection (SSL or TLS) are validated against the local default keystore. Prior to v3.3.3, Graylog did not validate the certificates of LDAP servers this way even if the “Allow self-signed certificates” option was unchecked. Depending on your local LDAP settings and the validity of the certificates used (if any), this update may introduce a breaking change that will interfere with the functionality of Graylog. To avoid this, please ensure that all certificates used are valid, their common name matches the host part of your configured LDAP server and your local keystore contains all CA/intermediate certs required for validation.

NEW: INPUT FOR OFFICE 365 (ENTERPRISE)

In Graylog 3.3.3, we have added a new input for Office 365 Log Events. You simply enter your unique Input Name, Client ID, Tenant ID, Client Secret into your Office 365 input Wizard to allow for pooling of all of your Office 365 audit data (Azure Active Directory, Sharepoint, Exchange, General, DLP).

The Office 365 Input eliminates the need for third-party integration. This input provides visibility not available from other centralized log management vendors for a more detailed view into employee activities in the cloud.

NEW: ENTERPRISE OUTPUT FRAMEWORK

While Graylog makes it easy to collect all of your log data, sometimes you want to forward some of that data to other places. The Enterprise Output Framework adds a unique flexibility to Graylog that makes this fast and easy.

The new Enterprise Outputs introduced in Graylog v3.3.3 include a second on-disk journal to ensure reliable processing and delivery of your outbound data. Graylog lets you select the right protocol (raw/plaintext TCP, TCP Syslog, or STDOUT) and apply pipeline rules to process the data before sending it out. For example, if you want to only send security messages, you can apply a pipeline that will send these log messages only and drop the rest. Pipeline rules can also be used to format the messages based on the destination requirements. The Enterprise Output Framework also allows for integration to third party tools such as SOAR, User Analytics, or other logging solutions.

NOTE: As of v3.3.3, Enterprise Outputs require a processing pipeline to be selected upon creation. Pipeline selection is intended to be optional. If you do not want to apply pipeline rules to your output data, you can simply create an empty pipeline to use.

GRAYLOG ENTERPRISE 3.3.3

ADDED

  • Add office365 input plugin
  • Add reliable output framework and TCP and TCP Syslog outputs

GRAYLOG 3.3.3

ADDED

SECURITY

  • Noted above. [BREAKING]: Enable hostname validation for SSL/TLS-backed LDAP connections. Graylog2/graylog2-server#8625 In Graylog v3.3.3, certificates of LDAP servers connected using a secure connection (SSL or TLS) are validated against the local default keystore. Prior to v3.3.3, Graylog did not validate the certificates of LDAP servers this way even if the “Allow self-signed certificates” option was unchecked. Depending on your local LDAP settings and the validity of the certificates used (if any), this update may introduce a breaking change that will interfere with the functionality of Graylog. To avoid this, please ensure that all certificates used are valid, their common name matches the host part of your configured LDAP server and your local keystore contains all CA/intermediate certs required for validation.
    See also: CVE-2020-15813

CHANGED

Fixed

CHANGELOGS

https://docs.graylog.org/en/3.3/pages/changelog.html

https://docs.graylog.org/en/3.3/pages/enterprise/changelog.html

Let us know what you’d like to have included in our GitHub issue tracker.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.