TA-unix/docs/ReleaseNotes.md

Technical Add-on for Unix and Linux

Version 10.0.0.1 (2025-02-19)

Fix report CPU_TYPE in hardware.sh for RPIs

Changes:

• For CPU_TYPE in hardware.sh, report something if /proc/cpuinfo does not contain processor model information

Version 10.0.0.0 (2025-02-05)

Merge in Splunk Add-On for Unix and Linux version 10.0.0

Version 9.2.0.13 (2025-02-03)

Fix alignment and fix packages for Arch Linux

Changes:

• Align columns with "column -t"
• Add Arch Linux support in packages.sh

Version 9.2.0.12 (2025-01-25)

Add Version to update.sh for Darwin

Changes:

• Add version to update.sh for Darwin

Version 9.2.0.11 (2025-01-25)

Fix Darwin Scripts and Document Sudo

Changes:

• Use sudo in service.sh for Darwin to find user services if not running as root
• Fix parsing the output of softwareupdate command on Darwin in update.sh
• Better document usage of sudo in docs/Sudo.md

Version 9.2.0.10 (2025-01-25)

Fix OpenBSD Support and Other Bugs

Changes:

• Fix OpenBSD cpu.sh output to match others
• Fix OpenBSD df.sh output (no need for %% here)
• Do not use sudo or doas when running as root
• Use #!/usr/bin/env bash to support OpenBSD in run_nix_ta_commands
• Fix rsyslog example to trim whitespace in run_nix_ta_commands
• Add /usr/local/sbin:/usr/local/bin to PATH in run_nix_ta_commands
• Fix getting hour and minute for OpenBSD in run_nix_ta_commands "08" shows up to printf as octal
• Support difference in OpenBSD logger command: Requires modifying /etc/syslog.conf and setting facility in /etc/nix_ta.conf

Version 9.2.0.9 (2025-01-25)

Support OpenBSD

Changes:

• Add OpenBSD support to the scripts
• Fix sysctl usage for FreeBSD in a couple places

Version 9.2.0.8 (2025-01-23)

Fix df.sh and df_metric.sh

Changes:

• Fix Linux when df outputs a "-"
• Exclude efivars partitions for Linux
• Fix the output on Darwin to match Linux output

Version 9.2.0.7 (2025-01-20)

Fix run_nix_ta_commands script

Changes:

• Make run_nix_ta_commands (in extra) use /etc/nix_ta.conf for its settings instead of hard-coding them in the script

Version 9.2.0.6 (2025-01-17)

Fix docker script and props

Changes:

• Fix output for docker script (handle lines that didn't have values)
• Fix props.conf LINE_BREAKER for docker

Version 9.2.0.5 (2025-01-11)

Add script for docker events/metrics and support running TA outside of Splunk

Changes:

• Add docker.sh and docker_metric.sh for collecting docker events/metrics
• Add helper script to extra/ to run the TA commands on systems without a Splunk forwarder. The commands can be sent to a syslog server. This script is useful for systems with small or read-only filesystems that cannot support a Universal Forwarder.
• Add syslog_inputs_nix_ta app to extra/ for ingesting the data from syslog

Version 9.2.0.4 (2025-01-11)

Make distro_name work everywhere

Changes:

• For MacOS, print MacOS for distro_name
• For others, print $KERNEL for distro_name

Version 9.2.0.3 (2025-01-11)

Fix bug in 9.2.0.2

Changes:

• Add code I forgot for machine_arch for Linux
• Add Makefile to make making releases easier

Version 9.2.0.2 (2025-01-11)

Improvements for version.sh

Changes:

• Include kernel_release, kernel_version, and distro_name
• For Linux and MacOS, use actual OS versions/releases instead of kernel version/release

Version 9.2.0.1 (2025-01-09)

Initial fork of the Splunk Add-on for Unix and Linux

Changes:

• Use ip command to determine IP address ('hostname -I' does not work on all Linux systems)
• Filter out multiple listing of the same btrfs volume
• Use mktemp for temp files (for times when the TA may be run outside of Splunk)
• If running rlog.sh outside of Splunk, use $HOME to store seek file
• Debian also uses apt
• Arch Linux uses pacman
• Add use of sudo -n for 'apt update' and 'pacman -Syy'
• vmstat uses "K paged out"
• Replace the use of 'sar' with netstat and vm_stat for MacOS