Advanced log correlation

Version 2.3.1027 has been released today. This version brings a new processor module named pm_evcorr which provides event correlation functionality in addition to the already available nxlog language features (variables and statistical counters). This module was greatly inspired by the Perl based sec.pl simple event correlation tool.

In addition to the above the following fixes and enhancements are available in this relese:

  • A memory leak has been fixed in the expression evaluator when comparing an undef value against a string.
  • pm_pattern's REGEXP match now works with integer fields.
  • IETFTimestampInGMT config directive added to xm_syslog. Timestamps are now emitted in local time in IETF syslog.
  • Fixed microsecond formatting in IETF syslog (credits go to Eric Wetzel).