What’s new in TeskaLabs LogMan.io v25.47

Release date: 16.02.2026

LogMan.io v25.47 introduces a complete redesign of the Observability interface, featuring intuitive point-and-click customization for Dashboards, Homepage, and Discover screens. This release also delivers significant performance improvements with an optimized row lookup algorithm and faster event replay capabilities.

You can find the full changelog on TeskaLabs GitHub.

Redesign of Observability

Dashboards, Homepage, and the Discover screen have undergone a complete redesign. They now enable easy customization through intuitive point-and-click interactions, eliminating the need to write declarations in Library. Users can now quickly and conveniently adapt the interface to their needs directly within the application.

Optimized Row Lookup Algorithm

The row lookup algorithm has been significantly optimized, improving its time complexity from O(n) to O(1), where n represents the number of historical records. This enhancement dramatically reduces lookup times, especially when dealing with large datasets, resulting in faster query responses and improved overall system performance.

Additionally, Sigma rules now include validation for empty IP addresses, properly handling cases where a "-" sign is present.

Optimized Replay

Replay of events has been optimized to be faster and more efficient, allowing users to quickly review and analyze historical data without delays.

  • in NFR
  • 5 min read

TeskaLabs LogMan.io NFR Virtual machine

TeskaLabs LogMan.io is a SIEM (Security Information and Event Management) and advanced log management cyber security tool.

The NFR (Not-For-Resale) release of TeskaLabs LogMan.io is distributed as a virtual machine. The NFR VM is intended for evaluation, demonstrations, proof-of-concept deployments, and training purposes.

The following guide covers how to start and operate the TeskaLabs LogMan.io NFR Virtual Machine.

Installation

1. Download the NFR VM image

The VM image is encrypted, after the download, you have to decrypt it using following command. The password will be provided on request by support@teskalabs.com or your assigned TeskaLabs representative.

$ openssl enc -aes-256-cbc -d -pbkdf2 -in lmionfr2602-...enc -out lmionfr2602-....ova

Checksums:

$ shasum -a 256 lmionfr2602-virtualbox.ova
a5a0e2328ecbd10319beb4eb8481209b61ed49e1704ada7530260d0a0d1ffdb2  lmionfr2602-virtualbox.ova

$ shasum -a 256 lmionfr2602-vmware.ova
078683ab8559403ea6e26db6fbb21abf6c042f91c7decc0573d0f16f97e29f6b  lmionfr2602-vmware.ova

2. Import the NFR VM image into your virtualization platform

Minimum specifications:

Resource Requirement
CPU 2 cores
RAM 48 GB
Disk 300 GB (thin provisioning)
OS Linux Ubuntu Server 22.04 LTS

Tip

You may add more resources to improve performance, but do not allocate less than the values above.

3. Adjust the network configuration

Configure networking according to your needs. We recommend bridge mode so that the NFR VM is accessible from your local network and you can easily set up log shipping into TeskaLabs LogMan.io.

4. Start the NFR VM

After booting, the detected primary IP address will be printed on the VM's terminal. Note this IP address — you will need it in the next step (referred to as x.x.x.x).

Screenshot of TeskaLabs LogMan.io NFR Virtual machine console

5. Update your system hosts file

Add the following line to your system hosts file, replacing x.x.x.x with the IP address from the previous step:

x.x.x.x lmionfr2602.logman.int

Hosts file location by OS:

  • WindowsC:\Windows\System32\drivers\etc\hosts
  • Linux / macOS/etc/hosts

6. Log in to TeskaLabs LogMan.io

Open a web browser and navigate to: https://lmionfr2602.logman.int

You will see a privacy warning about the TLS certificate — this is expected, as the VM uses a self-signed certificate. Accept the warning and proceed to the web application.

Tip

We highly recommend using a recent version of Google Chrome.

The username is nfruser, password is NFRuser123:) and the default tenant is nfr. We advise you to change the password of the nfruser as soon as possible.

Initial setup

There is an integrated log collector running within the NFR VM, connected to nfr tenant. This integrated collector is listening on ports 514, 1514, 6514, both TCP and UDP for a syslog logs. You can also ship logs over TLS to these ports, there is an autodetection and internal Certificate Authority running within the NFR VM.

Product documentation

For a comprehensive documentation of how to use TeskaLabs LogMan.io, continue to TeskaLabs LogMan.io Documentation

Advanced usage

Accessing Operating system

The user name is tladmin and the password is tladmin. You can login from the VM console.

The SSH is enabled/disabled.

Network configuration

The network is configured using Netplan on the OS level. The configuration is stored at /etc/netplan/ directory. The DHCP client is enabled on the primary virtual network interface by default.

Data lifecycle

NFR VM is configured for a very short log retency. It can be prolonged in the product settings.

Version of the TeskaLabs LogMan.io NFR VM: 26.02

What’s new in TeskaLabs LogMan.io v25.30

Release date: 02.10.2025

TeskaLabs LogMan.io v25.30 brings a range of new features, improvements, and important changes to the platform. This release focuses on enhanced management, automation, and user experience, while introducing several breaking changes that require attention during the upgrade.

You can find the full changelog on TeskaLabs GitHub.

Parser Builder

The new Parser Builder in LogMan.io v25.30 allows users to create and manage custom parsers directly from the Web UI. Analysts can now define parsing rules and test them in real-time on mocked data. This feature streamlines the process of adapting LogMan.io to new log sources and formats.

The Parser Builder screen contains an editor with syntax highlighting, real-time validation of parsing rules similar to the commonly used IDEs, and a testing environment where users can input sample log data to see how the parser processes it. Moreover, it is possible to see the output after each parsing process step, making it easier to debug and refine parsing logic.

Parser Builder Parser Builder

Automation of Correlations, Detections and Baselines

In LogMan.io v25.30, Correlations, Detections, and Baselines can be managed through the Detections screen. This service provides a user-friendly interface for monitoring and deploying Correlations, Detections, and Baselines. Managing advanced SIEM functionality is now possible without touching a single YAML file.

Detections Management Detections Management

Event Deduplication

Thanks to the deduplication functionality in LogMan.io v25.30, we can collect the logs redundantly on multiple collectors if the log source supports it. This feature helps to improve the efficiency of security operations by eliminating duplicate logs (e.g. from Cisco ASA or Fortinet firewalls) before they are processed and stored.

API Key Management

SeaCat Auth now supports API key management, enabling users to create, revoke, and manage API keys for secure access to LogMan.io services. This enhancement improves security and facilitates integration with other systems.

API Key Management API Key Management

What’s New in TeskaLabs LogMan.io v25.28

Release date: 13.08.2025

In LogMan.io v25.28, you'll find brand new alert management and color-coded layers in the Library. We are continuously extending integration possibilities, and there's also a gift for admins: All data retention can be managed from the WebUI, either selectively through Event Lane declarations or through Profiles that manage multiple or all datasets at once.

Application logging for software developers

Application logging is your first line of defense in cybersecurity monitoring and incident response. When implemented correctly, logs become powerful allies for security teams, enabling rapid threat detection, forensic analysis, and compliance reporting. However, poorly structured logs can become noise that obscures critical security events and hampers investigation efforts.

This guide explores key principles for implementing logging that seamlessly integrates with modern log management platforms while providing maximum value for cybersecurity operations.

What’s New in TeskaLabs LogMan.io v25.15

Release date: 13.05.2025

In this release, you’ll find updates that enhance how you manage lookups, assign risk scores, and replay archived data. Here’s a quick overview of what’s new in version v25.15 and why it matters for your security operations.

Smarter Lookups with Feed Integration

Lookups just got a serious upgrade. We've introduced a completely redesigned UI and a new lmio-feeds microservice that pulls data from threat intelligence feeds and stores it in lookups.

What’s new in the Lookup UI?

  • Import and export lookup entries with ease
  • Create feeds directly from the interface
  • Sort and filter lookup items for faster access
  • Support for special characters in lookup entries

Even better, lookups now support both tenant-specific and global scopes, meaning common indicators like IPs or domains can be shared across environments. You can also assign risk scores to individual items and perform automated tests—like checking for pending Windows tasks—to enrich your threat intelligence.