Release Date: May 31, 2020
Welcome to version 4.12 of our NetEye v4 Unified Monitoring Solution.
Summer is coming and NetEye changes look accordingly: you’ll be greeted by a relaxing image of one of the most characteristic perspectives of South Tyrol, the lago di Carezza/Karersee with the Latemar reflecting in its crystal clear waters.
The complete changelog, which includes all fixed issues, can be generated on demand by following the instructions in the updated NetEye documentation.
To begin the upgrade, please follow the instructions in your current NetEye version at User Guide > Upgrading and Updating.
New Features
SLM Report
While analyzing an SLM Availability Report, from now on, the events which have directly impacted the availability are shown with precision in the monitoring “Event Overview” by clicking on the availability percentage.
Ntopng Subscription
From this release on, the new NetEye ntopng subscription is available. ntopng is a powerful tool to monitor network traffic usage in your network and supports now Cybersecurity scripts for alerting. Additionally, you will be able to receive flows (NetFlow, sFlow, JFlow, IPFIX), from network devices or other nProbe instances (e.g. nboxes) already present in your network to get all monitoring data centralized in NetEye for future correlations.
Tornado Configuration from GUI
In this version, the Tornado GUI will allow you to change the Tornado configuration right from the Graphical User Interface. Users with the new “Edit” permission will be able to edit the Nodes of the Processing Tree, and Rules of RuleSets. To do this we introduced configuration “Drafts” which are created based on the current Tornado configuration, and are bound to the user that created them.
The Draft concept allows the Tornado Configuration to be edited without affecting the current “live” configuration of Tornado, until they are either discarded or deployed as new “live” configuration, which happens as “hot” deployment, without the need to restart Tornado.
It shall not end here, we will continue to improve the Tornado GUI with each NetEye release to bring you the best possible User Experience.
Upgrade procedure – Automation
To achieve a smooth and successful NetEye release upgrade, the evaluation of the mandatory pre-requisites is fundamental.
With the new NetEye version 4.12, we provided the first building blocks of an automated upgrade procedure. To help the user during the NetEye upgrade, health checks, cluster statuses, and latest installed bug fixes are automatically controlled before configuring the yum repositories of the new release. Detailed information is provided in the specific upgrade documentation from 4.11 to 4.12 in the User Guide > Upgrading and Updating.
Improvements
SLM – Multi-Tenancy
The SLM module now offers the ability to support multi-tenancy by restricting the SLM configuration view based on user role. To achieve this, we have implemented the role level restriction in SLM module, so a user can only access the SLM Customers/Contracts (both availability and resource) and configure a monitoring object in the availability contract, based on the role assigned to the user. The only exception is a user with the Administrative Access, who can access everything.
Icingaweb2 – Authentication Roles
With the new NetEye version 4.12, it is possible to filter and re-order alphabetically all the roles visible in the Configuration > Authentication > Roles section of NetEye.
Icingaweb2 Module Analytics – Check Command
The check command name is now passed as a parameter in the Performance Graph link; with this new data, it becomes easier for a user to create and display a custom dashboard based on the command name.
Geo Map – UX improvement
From this release it will be easier to associate each displayed host with its properties.
Each row in the detailed information table now represents a host with all its properties shown next to it.
Tornado – Operator Improvements
Tornado now supports the following new operators, which make Tornados Rules and Filters more powerful.
- NOT
- ne (notEquals)
- containsIgnoreCase
- equalsIgnoreCase
The NOT operator can be used to negate the result of another operator, allowing you to elegantly match events by stating a condition that must match and negating it.
The ne operator allows to match an event where a field is not equal to a single value. This is a convenience function for the combination of the the NOT and the equals operators.
Instead, in scenarios where you expect any text content to be present in an event, but you can not know if the text will be in uppercase or lowercase, the new operators equalsIgnoreCase and containsIgnoreCase will permit you to match text regardless of the letter case.
Preview Software – Installation
The installation of the preview software has been restructured and simplified. In fact, both Lampo and Tornado can now be installed as groups of packages as it is normally done for the NetEye feature modules.
Additional information can be found under User Guide > Initial Configuration > Install Additional Modules.
We added a preview of the feature that allows the users to filter the monitored objects or to avoid to see the soft state in the Problems View. The filter rule can be set by a specific user role. The installation of this preview must be done accordingly to the consulting or to the support teams.
NATS server – Multi-Tenancy and NATS Leaf
In this release we introduced the support for a secure, TLS-based, multi-tenancy.
It is thus possible to create self-contained, isolated communications from multiple clients to a single server, that will then process independently all data streams.
Each satellite can forward data to a centralized server thanks to a NATS leaf node, configured to add authentication, and a security layer to the data to prevent any third-party interception.
Telegraf – Upgrade
We upgraded Telegraf to version 1.14.1, which supports secured NATS connections.
Some configuration options are changed or deprecated:
- The
http_listenerinput plugin has been renamed toinfluxdb_listenerand
use of the original name is deprecated. - The
uptime_formatfield in the system input has been deprecated, use theuptimefield instead. - The cluster health related fields in the elasticsearch input have been split
out from theelasticsearch_indicesmeasurement into the newelasticsearch_cluster_health_indicesmeasurement. - The
prometheusinput andprometheus_clientoutput have a new mapping to
and from Telegraf metrics, which can be enabled by settingmetric_version = 2.
The original mapping is deprecated. - In the
sqlserverinput, thesqlserver_azurestatsmeasurement has been
renamed tosqlserver_azure_db_resource_stats. - The
dateprocessor now uses the UTC timezone when creating its tag.
Elastic – X-Pack Security
With this release, NetEye users can now use the full feature set of Elastic Platinum Subscription. Now also Canvas, Beat central management, and other platinum features are fully available.
The migration to the new Elastic X-Pack Security permissions will completely remove any Search Guard configuration. Search Guard configurations, however, will be backed up to avoid any potential migration problem.
To upgrade a NetEye 4.11 SIEM and Log Manager installation to NetEye 4.12, a full Elasticsearch cluster restart is required and therefore downtime may occur. Please refer to the User Guide > Upgrading and Updating for further information and for the complete Upgrade procedure.
Icinagweb2 Module Kibana – Improvements
After the introduction of Elastic X-Pack Security, we updated the Single Sign-On feature of the icingaweb2-module-kibana in order to make it compatible with the new Elastic authentication and authorization methods. The users’ Kibana Roles are configurable in a centralized manner, by mapping them to one or more Roles in the NetEye User Management.
Performance Tuning Guide
User Guide now includes Elastic Stack performance tuning tips to improve the performance and the responsiveness of your NetEye 4 SIEM.
Additional information can be found under User Guide > Log Manager and SIEM > Log Analytics (Elastic Stack) Performance Tuning.
We also added some tips in the User Guide > NetEye – Core libraries and customizations > Resource Tuning section which will help to manage the performance of the Icingaweb2 Graphical User Interface in high load environments to improve.
Module Updates
CentOS update to version 7.8.2003
We updated the NetEye base OS packages from CentOS minor version 7.7.1908 to 7.8.2003, which are now available for all NetEye 4 Versions.
Icinga2 update to version 2.11.3
In the NetEye 4.12 release, Icinga2 has been upgraded to version 2.11.3. In this new version, Zones created within the Icinga Director are not supported anymore and need to be migrated to a file-based configuration. Please refer to the official Icinga documentation for directions on how to save your configuration into files.
Elastic Stack upgrade to version 7.6.2
Elastic Stack from 7.5.1 to 7.6.2, which brings many interesting features like:
- SIEM Detections feature
- Kibana Lens
- Performance optimizations
Refer to the Elasticsearch Release Note for more information on the new improvements
VsphereDB Module upgrade to version 1.1.0
Icingaweb2 Module vSphereDB from 1.0.3 to 1.1.0
- From now on the vSphereDB daemon will be restarted automatically once a day to mitigate issues with excessive database growth.
Thomas Forrer
Author
