03. 06. 2020 Thomas Forrer Downloads / Release Notes, NetEye

NetEye 4.12 Release Notes

Release Date: May 31, 2020

Welcome to version 4.12 of our NetEye v4 Unified Monitoring Solution.

Summer is coming and NetEye changes look accordingly: you’ll be greeted by a relaxing image of one of the most characteristic perspectives of South Tyrol, the lago di Carezza/Karersee with the Latemar reflecting in its crystal clear waters.

The complete changelog, which includes all fixed issues, can be generated on demand by following the instructions in the updated NetEye documentation.

To begin the upgrade, please follow the instructions in your current NetEye version at User Guide > Upgrading and Updating.

New Features

SLM Report

While analyzing an SLM Availability Report, from now on, the events which have directly impacted the availability are shown with precision in the monitoring “Event Overview” by clicking on the availability percentage.

Ntopng Subscription

From this release on, the new NetEye ntopng subscription is available. ntopng is a powerful tool to monitor network traffic usage in your network and supports now Cybersecurity scripts for alerting. Additionally, you will be able to receive flows (NetFlow, sFlow, JFlow, IPFIX), from network devices or other nProbe instances (e.g. nboxes) already present in your network to get all monitoring data centralized in NetEye for future correlations.

Tornado Configuration from GUI

In this version, the Tornado GUI will allow you to change the Tornado configuration right from the Graphical User Interface. Users with the new “Edit” permission will be able to edit the Nodes of the Processing Tree, and Rules of RuleSets. To do this we introduced configuration “Drafts” which are created based on the current Tornado configuration, and are bound to the user that created them.

The Draft concept allows the Tornado Configuration to be edited without affecting the current “live” configuration of Tornado, until they are either discarded or deployed as new “live” configuration, which happens as “hot” deployment, without the need to restart Tornado.

It shall not end here, we will continue to improve the Tornado GUI with each NetEye release to bring you the best possible User Experience.

Upgrade procedure – Automation

To achieve a smooth and successful NetEye release upgrade, the evaluation of the mandatory pre-requisites is fundamental.

With the new NetEye version 4.12, we provided the first building blocks of an automated upgrade procedure. To help the user during the NetEye upgrade, health checks, cluster statuses, and latest installed bug fixes are automatically controlled before configuring the yum repositories of the new release. Detailed information is provided in the specific upgrade documentation from 4.11 to 4.12 in the User Guide > Upgrading and Updating.

Improvements

SLM – Multi-Tenancy

The SLM module now offers the ability to support multi-tenancy by restricting the SLM configuration view based on user role. To achieve this, we have implemented the role level restriction in SLM module, so a user can only access the SLM Customers/Contracts (both availability and resource) and configure a monitoring object in the availability contract, based on the role assigned to the user. The only exception is a user with the Administrative Access, who can access everything.

Icingaweb2 – Authentication Roles

With the new NetEye version 4.12, it is possible to filter and re-order alphabetically all the roles visible in the Configuration > Authentication > Roles section of NetEye.

Icingaweb2 Module Analytics – Check Command

The check command name is now passed as a parameter in the Performance Graph link; with this new data, it becomes easier for a user to create and display a custom dashboard based on the command name.

Geo Map – UX improvement

From this release it will be easier to associate each displayed host with its properties.
Each row in the detailed information table now represents a host with all its properties shown next to it.

Tornado – Operator Improvements

Tornado now supports the following new operators, which make Tornados Rules and Filters more powerful.

  • NOT
  • ne (notEquals)
  • containsIgnoreCase
  • equalsIgnoreCase

The NOT operator can be used to negate the result of another operator, allowing you to elegantly match events by stating a condition that must match and negating it.
The ne operator allows to match an event where a field is not equal to a single value. This is a convenience function for the combination of the the NOT and the equals operators.
Instead, in scenarios where you expect any text content to be present in an event, but you can not know if the text will be in uppercase or lowercase, the new operators equalsIgnoreCase and containsIgnoreCase will permit you to match text regardless of the letter case.

Preview Software – Installation

The installation of the preview software has been restructured and simplified. In fact, both Lampo and Tornado can now be installed as groups of packages as it is normally done for the NetEye feature modules.
Additional information can be found under User Guide > Initial Configuration > Install Additional Modules.

We added a preview of the feature that allows the users to filter the monitored objects or to avoid to see the soft state in the Problems View. The filter rule can be set by a specific user role. The installation of this preview must be done accordingly to the consulting or to the support teams.

NATS server – Multi-Tenancy and NATS Leaf

In this release we introduced the support for a secure, TLS-based, multi-tenancy.
It is thus possible to create self-contained, isolated communications from multiple clients to a single server, that will then process independently all data streams.
Each satellite can forward data to a centralized server thanks to a NATS leaf node, configured to add authentication, and a security layer to the data to prevent any third-party interception.

Telegraf – Upgrade

We upgraded Telegraf to version 1.14.1, which supports secured NATS connections.
Some configuration options are changed or deprecated:

  • The http_listener input plugin has been renamed to influxdb_listener and
    use of the original name is deprecated.
  • The uptime_format field in the system input has been deprecated, use the
    uptime field instead.
  • The cluster health related fields in the elasticsearch input have been split
    out from the elasticsearch_indices measurement into the new
    elasticsearch_cluster_health_indices measurement.
  • The prometheus input and prometheus_client output have a new mapping to
    and from Telegraf metrics, which can be enabled by setting metric_version = 2.
    The original mapping is deprecated.
  • In the sqlserver input, the sqlserver_azurestats measurement has been
    renamed to sqlserver_azure_db_resource_stats.
  • The date processor now uses the UTC timezone when creating its tag.

Elastic – X-Pack Security

With this release, NetEye users can now use the full feature set of Elastic Platinum Subscription. Now also Canvas, Beat central management, and other platinum features are fully available.

The migration to the new Elastic X-Pack Security permissions will completely remove any Search Guard configuration. Search Guard configurations, however, will be backed up to avoid any potential migration problem.

To upgrade a NetEye 4.11 SIEM and Log Manager installation to NetEye 4.12, a full Elasticsearch cluster restart is required and therefore downtime may occur. Please refer to the User Guide > Upgrading and Updating for further information and for the complete Upgrade procedure.

Icinagweb2 Module Kibana – Improvements

After the introduction of Elastic X-Pack Security, we updated the Single Sign-On feature of the icingaweb2-module-kibana in order to make it compatible with the new Elastic authentication and authorization methods. The users’ Kibana Roles are configurable in a centralized manner, by mapping them to one or more Roles in the NetEye User Management.

Performance Tuning Guide

User Guide now includes Elastic Stack performance tuning tips to improve the performance and the responsiveness of your NetEye 4 SIEM.
Additional information can be found under User Guide > Log Manager and SIEM > Log Analytics (Elastic Stack) Performance Tuning.

We also added some tips in the User Guide > NetEye – Core libraries and customizations > Resource Tuning section which will help to manage the performance of the Icingaweb2 Graphical User Interface in high load environments to improve.

Module Updates

CentOS update to version 7.8.2003

We updated the NetEye base OS packages from CentOS minor version 7.7.1908 to 7.8.2003, which are now available for all NetEye 4 Versions.

Icinga2 update to version 2.11.3

In the NetEye 4.12 release, Icinga2 has been upgraded to version 2.11.3. In this new version, Zones created within the Icinga Director are not supported anymore and need to be migrated to a file-based configuration. Please refer to the official Icinga documentation for directions on how to save your configuration into files.

Elastic Stack upgrade to version 7.6.2

Elastic Stack from 7.5.1 to 7.6.2, which brings many interesting features like:

  • SIEM Detections feature
  • Kibana Lens
  • Performance optimizations

Refer to the Elasticsearch Release Note for more information on the new improvements

VsphereDB Module upgrade to version 1.1.0

Icingaweb2 Module vSphereDB from 1.0.3 to 1.1.0

  • From now on the vSphereDB daemon will be restarted automatically once a day to mitigate issues with excessive database growth.
Thomas Forrer

Thomas Forrer

Team Leader Research & Development at Würth Phoenix
Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Author

Thomas Forrer

Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive