30. 11. 2019 Thomas Forrer NetEye, Release Notes

NetEye 4.9 Release Notes

Welcome to version 4.9 of our NetEye v4 Unified Monitoring Solution. The new and updated features in this version focus mainly on the new Shutdown Manager and enhancement of existing integrations.

Product: NetEye
Release Number: 4.9
Release Date: November 30, 2019
Release Type: Minor
Previous Release: 4.8

Upgrade Requirements: A NetEye 4.8 installation

These release notes for NetEye 4.9 describe new features and improvements compared to version 4.8. The complete change log, which includes all fixed issues, can be generated on demand by following the instructions in the updated NetEye documentation (see the section “Starting your Upgrade” below).

New Features

The Cube Module

We integrated Icinga’s Cube module, which is a new type of dashboard that allows you to explore subsets of hosts or services by dividing them up via their configured custom properties. You can then change the selection and ordering of those properties to “rotate” the cube in order to inspect and drill down to specific subsets of hosts and services. Cube is available from the Reporting section, and there is a new user guide section dedicated to it at User Guide > Cube.

Open Sourcing of Tornado on GitHub

As you may have already noticed, “Tornado” – the spiritual successor of the NetEye EventHandler – is now publicly available on GitHub. Tornado is a rule-based event processing engine written in Rust. The goal of Tornado in NetEye is to provide extendable, scalable, and enterprise-ready event-based monitoring. It collects events from various datasources, which one by one pass through a tree of rules and filters, and which then in turn can conditionally trigger actions to react to events. Anyone who is interested in contributing to the Tornado project is welcome to do so via issues and pull requests in GitHub.

Tornado Event Testing

From this release on you will be able to send arbitrary Events from the GUI to Tornado, which allows you to verify the behavior of your current configuration, and explore the exact flow of an Event through the Processing Tree in the Tornado Engine. To guarantee a safe environment, which forgives mistakes when testing Rules and Events, it is possible to selectively enable or disable the execution of Actions associated with matched Rules.

Elastic Stack NetFlow Support

We have integrated Elastic Stack’s Filebeat module into NetEye as part of our SIEM feature module. NetFlow Filebeat simplifies the collection, normalization, and visualization of network flow data. As part of this feature, we updated the Elastic Stack to version 7.4.0 in order to access the new NetFlow Filebeat module which has substituted the existing Logstash Netflow module. You can get more information and a pointer to Elastic’s documentation at User Guide > Log Manager > NetFlow in Elastic.

Elastic Stack “Elasticsearch Only” Node

Large NetEye installations, especially those running the Log or SIEM feature module, will often have multi-node clusters where some nodes are only running Elasticsearch as data nodes for indexing purposes. Managing these Elastic Stack clusters manually can be time consuming. We’ve thus automated this process by creating command line scripts so you can safely add, update and upgrade nodes dynamically, greatly simplifying matters. And future maintenance of these scripts is guaranteed. See User Guide > Log Manager > Elastic Stack Clusters.

The Shutdown Manager Module

Large data centers have to be prepared for emergencies. In the event of a fire or severe power loss, shutting down servers in an orderly manner can prevent data loss and speed up recovery time.
The Shutdown Manager lets you define one or more shutdown scenarios, each triggered by a condition based on monitoring results. For maximum efficiency, large portions of your infrastructure can be shut down in parallel, by creating groups of hosts and declaring which group will go first, second, etc. Hosts within the same Group will be turned off concurrently, while subsequent groups will only be shut down after the whole previous Group has been shut down completely.

Improvements

Elastic Stack License

We have automated license management for the SIEM feature module to streamline installation with the Elastic Stack Features OEM agreement. As an Elastic OEM partner, Wuerth Phoenix provides the Elastic licence with the NetEye SIEM feature Module. We’ve updated the license information page at User Guide > Licenses > Elastic Stack License.

Service Level Management – Event Adjustments and Export

We’ve added the ability to insert event adjustments for all states for both hosts and services, and then take those adjustments into account during report generation. Two new permissions (slm/admin and slm/report-adjustment-override) allow an SLM administrator to configure for each contract whether event adjustments will be taken into account when generating reports, and allow other non-admin users to override that setting (with the “Consider Event Adjustments” checkbox) when desired directly on the report form.

We also made general improvements to CSV and JSON for reports, and in particular we significantly improved performance when exporting reporting data in JSON and CSV formats.

Grafana User Integration

NetEye now supports Grafana user management by completely integrating it into NetEye via its existing roles mechanism. NetEye administrators can create new roles that map to Grafana roles (admin, editor or viewer) at the level of organizations and teams. NetEye users must then be assigned these roles in NetEye’s own module permissions (one NetEye role for each Grafana organization).

When upgrading from NetEye 4.8 to 4.9, the process of changing to this new permissions scheme is not done automatically. Instead, you can choose the best moment to migrate before an eventual upgrade to NetEye 4.10, when it will become required. Before migrating, you will need to prepare by creating roles in NetEye, and assigning organizations and users. You can then mark the checkbox in the Analytics module’s configuration tab to start the migration process. The new scheme will be applied for each user individually when that user logs in the first time after migration is completed, and there is no way to go back once it has completed. For more details on the migration procedure, see User Guide > ITOA > How to migrate Grafana user configuration.

Lampo

We focused on Lampo to make it significantly faster on installation which have more than 500.000 monitoring objects. The search engine Lampo should now provide search results instantly.

Lampo can now search through comments added to Icinga monitored objects. If for instance you use the comment field to store reference numbers and links from a ticketing system, Lampo can quickly find the right object for you just by searching for that reference number.

NetEye ISO Tools

To speed up troubleshooting and configuration, we’ve provided the following tools out-of-the-box in our NetEye ISO: dos2unix, telnet, ncat, nmap and lsof. In addition, we have included in our ISO the ability to configure a basic Python 3 environment via the virtual environment mechanism. The required Python 3 packages for the venv are now included in the ISO by default.

Module Updates

We updated Icinga Director from 1.6.2 to 1.7.1, which includes new features and fixes to the user interface such as multiselect, import/sync, configuration baskets, the REST API, the CLI with new background services/daemon, and Icinga configuration.

We updated Icinga Business Process from 2.1.0 to 2.2.0, which includes new features and fixes such as drag-and-drop for nodes, referencing subtrees in one business process by another, improved breadcrumbs and info URLs, and two new permissions. The Business Processes module has also now been moved to IPL, the new Icinga PHP Library.

We updated InfluxDB from 1.6.3 to 1.7.9. In addition to a large number of bugfixes, Influx has enabled use of the new Flux query language by default.

We updated Elastic Stack from 7.3.1 to 7.4.0, which improves data backup (snapshots) and adds new aggregations and ML capabilities among a large number of other improvements and bugfixes.

The following dependencies have also been updated:

Icinga Incubator from 0.2.0 to 0.5.0
Icinga IPL from 0.2.1 to 0.3.0
Icinga Reactbundle from 0.5.1 to 0.7.0

Starting your Upgrade

To begin the upgrade, please follow the instructions in your current NetEye version at User Guide > Upgrading and Updating.

Thomas Forrer

Thomas Forrer

Team Leader Research & Development at Würth Phoenix
Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Author

Thomas Forrer

Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive