01. 02. 2022 Benjamin Gröber Downloads / Release Notes, NetEye, Unified Monitoring

NetEye 4.22 Release Notes

Welcome to version 4.22 of our NetEye v4 Unified Monitoring Solution.

NetEye welcomes the new year and its new release with what is probably the most famous church tower in South Tyrol: the half-submerged steeple of the Resia Lake.

The Lake Reschen, “Reschensee” in German and “Lago di Resia” in Italian, is located at the end of the Vinschgau Valley, in the west part of South Tyrol, and offers to its visitors a striking landmark: a steeple emerging from the lake. Up until 1950, two smaller lakes were present in the area, unified after the construction of a dam in a process that flooded the original villages but miraculously preserved the steeple. During wintertime, the lake freezes, providing us with the following amazing landscape.

Monitoring – Detection

Geomap

The interactive maps of Geomap provide a quick, comprehensive overview over for set of geographically close monitoring objects. The goal of this release is to provide more information with a quick glance by making important information stand out.

Now it’s easier to distinguish when the state of a host has been acknowledged, thanks to the new colored markers which adopt the same shades as in the monitoring module. At the same time, the cards representing hosts in the sidebar have been updated accordingly.

When hosts are grouped in the map, it is important to understand the cause of the status of the contained hosts. For this reason, the group marker reports now the number of hosts in the worst state over the total number of hosts belonging to the group. With one click, the right sidebar shows the hosts sorted by worst state and also colored accordingly.

Clicking on a host in the right sidebar will now immediately open the host’s details or services detail page. Whichever detail page is opened is decided by which calculation type is chosen for the host status.

To reduce the informational noise in the sidebar for each use case, the details shown for each host can now be customized from the field configurator tab of a map. Fields to show can be chosen from an alphabetically sorted list of available fields. Predefined fields can also be removed to eliminate all unnecessary distractions.

Finally, when the content of the fields in the sidebar are self-explanatory, their labels become more of a distraction. To address this, a new option will allow hiding the labels, such that only the values will be displayed.

To know more about Geomap and how to configure it, please refer to the dedicated userguide section.

Tornado – New UI preview

With the new UI preview of Tornado it is possible to actively work with the processing tree. Also in this iteration, we follow the Carbon Design System guidelines.

The draft in tornado ensures that working on the processing tree and changing rules does not have an immediate impact on the current “productive” configuration of tornado. It is a mechanism to allow testing any changes in an isolated environment without the fear of breaking a pipeline or loosing events due to misconfiguration or work in progress.

A new draft can be created by switching the dedicated toggle in the toolbar. Should there already exist a draft, it is possible to take it over, even if it was not created by yourself. When created, a copy of the current productive configuration is loaded as the draft.

When in edit mode, new nodes can be added both from the global add button and from the context menu inside each node. The context menu also allows the deletion of a particular node.

Currently, basic properties of Filters and rulesets can be changed to your desire, as well as the new Filter editor allowing you to work on their where condition.

Once satisfied with the draft, it can be deployed as the new production configuration, or discarded it in the contrary case, using the two dedicated buttons in the toolbar, next to the edit mode toggle. In both cases, you will need to confirm the choice before proceeding with these possibly destructive actions.

SIEM – Log Management

Filebeat – inputs configuration via plug-in directory

Modifying existing configuration files of a service can lead to inconveniences during updates and upgrades of NetEye. This was the case when adding custom Input configurations to the Filebeat configuration file. However, it is now possible to add personalized input configurations of the NetEye Filebeat instance via a dedicated “plug-in” directory.

All custom configurations stored in this “plug-in” directory will be loaded by Filebeat at startup, and in addition, they will not be affected in any way by updates or upgrades. For more information, please refer to the Input configuration section of the user guide.

Real time log signature – blockchain verification from external machines

To guarantee the accountability of logs signed by NetEye, it is important that possible tampering can be verified independently by third parties. From this release on, this can be done by allowing the verification of the integrity of all blockchains directly from an external machine outside the NetEye ecosystem.

This step can also be automated for each blockchain and tenant, and consecutively be reintegrated in the monitoring part of NetEye, and trigger notifications about any encountered issues with a blockchain.

The user guide contains a step-by-step guide for setting up an independent CentOS 7 machine following security best practices, to schedule the periodic integrity checks and report back to NetEye. All Elasticsearch users required for these checks are generated automatically after the update, each granting the absolute minimum required permissions for each tenant.

Module Updates

ITOA upgrade to version 8.2.5

We updated ITOA from version 7.5.x to version 8.2.x. Please have a look at the official documentation for the full list of improvements.

InfluxDB update to version 1.8.10

We updated InfluxDB to the latest patch level, from 1.8.5 to 1.8.10. For details, you can refer to the official release notes.

Beta repository available

A new neteye-beta repository (“Beta Software”) has been introduced: through this repository NetEye users can test the most recent updates and provide early feedback.
Packages included in neteye-beta have not yet reached the level of stability required by NetEye Modules, therefore this software is not suggested for use on production environments.

References

Should you be interested to discover more about NetEye feel free to explore our Online User Guide.

Benjamin Gröber

Benjamin Gröber

R&D Software Architect at Wuerth Phoenix
Hi, my name is Benjamin, and I'm Software Architect in the Research & Development Team of the "IT System & Service Management Solutions" Business Unit of Würth Phoenix. I discovered my passion for Computers and Technology when I was 7 and got my first PC. Just using computers and playing games was never enough for me, so just a few months later, started learning Visual Basic and entered the world of Software Development. Since then, my passion is keeping up with the short-lived, fast-paced, ever-evolving IT world and exploring new technologies, eventually trying to put them to good use. I'm a strong advocate for writing maintainable software, and lately I'm investing most of my free time in the exploration of the emerging Rust programming language.

Author

Benjamin Gröber

Hi, my name is Benjamin, and I'm Software Architect in the Research & Development Team of the "IT System & Service Management Solutions" Business Unit of Würth Phoenix. I discovered my passion for Computers and Technology when I was 7 and got my first PC. Just using computers and playing games was never enough for me, so just a few months later, started learning Visual Basic and entered the world of Software Development. Since then, my passion is keeping up with the short-lived, fast-paced, ever-evolving IT world and exploring new technologies, eventually trying to put them to good use. I'm a strong advocate for writing maintainable software, and lately I'm investing most of my free time in the exploration of the emerging Rust programming language.

Leave a Reply

Your email address will not be published.

Archive