What’s new in Release 4.2.1
This release adds features and functionality in several areas.
Systems Features
Fundamental system upgrade
Run on Microsoft HyperV
Regex based search
Statistical anomaly detection
Ability to drop events
Enhanced PDF export
Remote connectivity to collector devices
CMDB device discovery filter
Delta discovery
Query/Rule usability enhancements
Support OpenLDAP for user discovery and external authentication
Support secure LDAP protocols: LDAPS and LDAP Start TLS CMDB Report extensions
Performance and Availability Monitoring
Customizable high performance summary dashboards
Generalized Selenium based Web Synthetic Transaction Monitoring (STM)
End-to-end Email Synthetic Transaction Monitoring (STM)
Custom SSH based command output monitoring
Log Management and Security Incident Event Monitoring (SIEM)
Watch list
Agent less file change and file integrity monitoring
Log integrity validation
Compliance reporting
Device Support
Miscellaneous Key Enhancements
Quick interface utilization drill down via Netflow
Manually define trunk ports
Add CMR Support for Cisco VoIP
Limit excessive generated incidents
Cisco ASA/IOS Remote Access VPN Monitoring
Most Expensive Query report
VM Snapshot monitoring Excluded Disks
General GUI related fixes and enhancements
Platform related fixes and enhancements
Performance Monitoring / STM related fixes and enhancements
Rule / Query / Report Engine related fixes and enhancements
Parsing related fixes and enhancements
Discovery related fixes and enhancements Open Issues
Systems Features
Fundamental system upgrade
This release upgrades the AccelOps platform to CentOS 6.4, Glassfish 3.2, Postgres 9.1 and JDK 1.7. This significantly enhances the stability and robustness of the base operating system and key sub-systems. In addition, the Apache web server is also upgraded to 2.2.25 to fix many vulnerabilities.
Run on Microsoft HyperV
In addition to VMware ESX, Redhat KVM and Amazon EC2, AccelOps supervisor, worker and collectors will now also run on Microsoft HyperV virtualization platform.
Installing AccelOps Supervisor, worker and collector on Microsoft HyperV is covered here.
Regex based search
Prior to Release 4.2.1, AccelOps allows the ability to search raw messages by AND/OR combination of keywords and via the CONTAINS and NOT CONTAINS operator. This release adds the ability to search via regular expressions (REGEXP operator). Regular expressions can return precise search results than keyword based searches. Regular expressions can be used in searches, queries and rules for any string valued attribute such as Event Type, Raw Message etc.
Regex based search for real time search is covered here.
Regex based search for historical search is covered here.
Regex based search for rules is covered here.
Statistical anomaly detection
This release enables users to baseline any performance metric or flow data collected by AccelOps and create an alert when the current value of the metrics deviates significantly from its statistical baseline. Baselines are created on an hourly basis for each distinct hour of the day and separately for work and non-work days – a total of 48 buckets. This fine-grained approach allows for accurate behavioral analysis. The baselines are learned automatically and updated continuously in an attempt to learn the new normal. The following baselines are available out of the box
Network Traffic Analysis
Network traffic – by sender, by receiver, by connection – total flows, sent bytes, received bytes, sent packets, received packets
Firewall TCP/UDP port traffic – by inbound, by outbound – permitted traffic and denied traffic – total flows Firewall total denied flows
VPN usage – by user – time spent and total traffic volume
Host resource usage – CPU, Memory, Virtual Memory, Disk I/O
Application resource usage – CPU, Memory
Network interface usage – by interface – utilization, sent bytes, received bytes, sent errors, received errors SAN usage – LUN I/O
NAS usage – Volume usage, Protocol latency
DNS requests – by sender – requests, unique resolution requests
ICMP requests – by sender – requests, unique destinations
Web requests – count, errors, distinct clients
Reporting eps
Login – successful count, failed count
Server process count
Login – successful count, failed count
Reported Event types
Reported Errors
User seen – distinct count
Statistical anomaly detection is covered here.
Ability to drop events
Certain devices and applications generate a significant of logs. Often logs are very verbose and certain log types are of little value and waste valuable storage. This release provides the ability for user to drop the events immediately after they are accepted by AccelOps. These logs do not count towards licensed eps and do not trigger rules.
Ability to drop events is covered here
Enhanced PDF export
The charting technology in PDF reports is significantly enhanced – the exported charts now look similar to what the users see in GUI.
Remote connectivity to collector devices
After detecting a problem, often there is a need to open a session to a monitored device either via Telnet/SSH, VNC, HTTP(S), Microsoft RDP directly from AccelOps GUI. This release release enables AccelOps users to launch terminal sessions to monitored devices for the following two cases
device is in the same data center as Supervisor/Worker
device is in a remote date center behind a firewall and monitored by a Collector. This case uses a reverse SSH tunnels between Collector and Super
The topic of opening remote connections to collector devices is covered here.
CMDB device discovery filter
This release enables users to control the CMDB device discovery process by including or excluding certain device types. For virtualization discovery, powered off VMs and VM templates can also be excluded. This facilitates a “clean” CMDB consisting of only the devices of importance to the user.
Setting up CMDB device discovery filters is discussed here.
The following reports in CMDB > Reports > System Audit can be used to report on devices added or deleted to CMDB via discovery
CMDB: Device Addition and Deletion History
CMDB: Device Modification History
Delta discovery
Because of the depth at which AccelOps discovers a device, a full discovery of a range of devices can take some time. Often there is a need to quickly detect only the new devices in the network. This is an important PCI compliance requirement – for security purposes, it is critical to know if there are any new devices plugged in to the network. This release enables users to quickly discover devices and applications that are not already in AccelOps CMDB.
Setting up delta discovery is discussed here.
The following reports in CMDB > Reports > System Audit can be used to report on devices added or deleted to CMDB via discovery
CMDB: Device Addition and Deletion History
CMDB: Device Modification History
Query/Rule usability enhancements
This release improves the Query/Rule usability by creating the following shortcut operations.
Ability to turn a query to a rule (see here) and vice versa (see here)
Ability to convert a historical search to a real time search and vice versa (see here) Ability to smart copy a query from one tab to another (see here)
Ability to create display and filter templates and use them later in a query or rule (see here)
Support OpenLDAP for user discovery and external authentication
This release extends user discovery and external authentication capabilities from Microsoft Active Directory to also include OpenLDAP servers.
Setting up OpenLDAP based discoveries and external user authentication is covered here.
Support secure LDAP protocols: LDAPS and LDAP Start TLS
This release extends secure LDAP protocols: LDAPS and LDAPStartTLS for user discovery and external authentication. This topic is covered here.
CMDB Report extensions
Currently users can create CMDB reports for exporting CMDB information. Currently this includes a report of devices in CMDB, their installed and running applications, hardware inventory etc. This release extends this capability to include users, rules and reports. Specifically users can now run reports on
Discovered users
AccelOps administrative users and their roles
Active Rules with exceptions if any
Scheduled Reports
Active Performance Monitors
For details see here
The following inbuilt reports in CMDB Report section can be used to quickly get relevant information.
Discovered Users
Externally Authenticated AccelOps Users
Locally Authenticated AccelOps Users
Manually Defined Users
Active Rules
Inactive Rules
Rules with Exceptions
Scheduled Reports
Active Performance Monitors
Performance and Availability Monitoring
Customizable high performance summary dashboards
Summary dashboards, a unique AccelOps feature, provide a real-time bird’s cross-domain metrics and health of a device or a group of devices or applications. There are 3 types of dashboards:
single level e.g. All Network dashboard, Hardware summary
two-level dashboards e.g. database performance dashboard, ESX-VM dashboard
three level dashboards e.g. Business Service dashboard (Business Service -> Devices -> Applications), VM Cluster dashboard (Cluster -> ESXs -> VMs)
In this release, all of these dashboards are enhanced for scalability and extensibility:
the dashboards are now configurable users can create their own dashboards
users can add their own performance metrics whether they are collected by default or created by customers as custom monitors paginated dashboard views eliminate the limitation of 300 devices/applications per dashboard – searching and sorting happens across the entire set of devices, not just on the page the user is on
most performance metric computations (like maximum or average interface utilization over all interfaces of a device) are now shifted from the GUI to the Super/Worker cloud – this dramatically reduces GUI network bandwidth and improves GUI rendering speed.
The ability to customize a summary dashboard is covered here.
Generalized Selenium based Web Synthetic Transaction Monitoring (STM)
The ability to monitor websites by running complex multi-level synthetic monitoring tests is an important criterion. This release allows AccelOps customers to record any web transaction from a web browser via Selenium plugin, and then play it back within AccelOps framework for continuous monitoring. Alerts can be triggered when the script fails to run or has an unacceptably large delay.
For setting up a Selenium based Web STM, see here.
End-to-end Email Synthetic Transaction Monitoring (STM)
For properly testing the health of email system, it is important to be able to test the entire path of an email: sender -> SMTP gateway -> receiving SMTP gateway -> receiving mailbox. This release provides AccelOps users a framework to run end-to-end e-mail synthetic tests, e.g. AccelOps will send an email and make sure that the same email is received within an acceptable time limit. Alerts can be triggered when an email fails to arrive or has an unacceptably large delay.
For setting up an end-to-end email STM, see here.
Custom SSH based command output monitoring
Often customers have scripts that monitor certain aspects of a system or an application and there is a need to get those script outputs into AccelOps for reporting and alerting. This release provides customers a framework for running these scripts remotely, bringing back the command output via SSH, parsing the output and creating events for further analysis in AccelOps.
For setting up command output monitoring, see here.
Log Management and Security Incident Event Monitoring (SIEM)
Watch list
This release enables users to create and manage watch lists. Watch lists are (often dynamic) containers that can hold objects of interest, e.g. Network Scanners, Frequent Locked out users, Externally excessive denied ports, High I/O Virtual machines etc. Watch lists can be dynamically populated when a rule triggers. An entry can leave the watch list if it does not trigger in a defined period of time or the entry could be permanent. A watch list can also be populated statically. A watch list can be further used in a rule condition in a nested manner to trigger rules of significant more significance. Watch lists provide a easy way to keep track of important policy violators in a monitoring system without always running reports.
For setting up command output monitoring, see here.
Agent less file change and file integrity monitoring
Unauthorized and untested configuration changes often lead to critical failure conditions. AccelOps already provides a way to keep track of network device configuration changes. This capability is further extended in this release to address the following situations – in an agent less fashion.
File integrity via checksum for specific files or directories on a server – trigger an alert when there is a change in any file in any directory.
The files need to be accessible via SSH or Telnet.
Monitor the content of a file on devices and make sure that it is identical to a target “blessed” file. Alert when the monitored file differs from the target file and show exactly what has changed.
Setting up agent-less file change/integrity monitoring is discussed here.
Log integrity validation
This release enables AccelOps customers to demonstrate to security auditors that the collected logs have not been tampered with, while at rest within AccelOps monitoring system. To achieve this, logs are cryptographically signed immediately upon arrival at the AccelOps point of entry. Using the AccelOps GUI, the cryptographic checksum can be validated to prove to the auditors that logs have not been tampered with. In case the logs have indeed been tampered with, AccelOps can identify the time period of the affected logs.
Log integrity validation is discussed here.
Compliance reporting
AccelOps already provides compliance reports for the following standards: PCI, HIPAA, COBIT, GLBA, FISMA, NERC, GPG13. This release extends this set by providing compliance reports for the following standards
SANS Critical Controls ISO
Device Support
Checkpoint Provider-1 – collect firewall logs from CLM and audit logs from MDM – see here for details
MySQL database – discovery, performance monitoring and audit log collection and analysis – see here for details
IBM DB2 Audit Log – audit log parsing and analysis – see Configuring Security Gateways for details
Cisco AVC – log analysis via Netflow
McAfee Foundstone Vulnerability Scanner – full log parsing and analysis – see Web Server Configuration for details HyperV log parsing via Honeycomb agent
Windows log parsing and file integrity monitoring via Honeycomb agent
Windows log parsing via Correlog agent
Dell Blade center
EMC Data Domain
Citrix NetScaler performance monitoring
Link interface errors (1.3.6.1.2.1.10.7.2)
EMC Isilon
Alcatel AAA Radius syslog
Miscellaneous Key Enhancements
Quick interface utilization drill down via Netflow
This release enables users to quickly analyze a network interface usage issue by combining SNMP and Netflow. SNMP provides interface utilization metrics and Netflow provides the traffic on that interface. AccelOps makes this connection seamless assuming that the router/switch is monitored by SNMP and also sending Netflow to AccelOps.
To achieve this drill down
Go to CMDB, select the router and click ‘Interface Stats’. The displayed data is from SNMP.
Note that for any interface, there is a drill down for Inbound or Outbound traffic. Select the desired direction and the interface usage for the chosen direction is displayed. This information is gathered from Netflow.
Manually define trunk ports
User identity and location is a key feature in AccelOps. To accomplish this, AccelOps automatically discovers switch trunk ports to ensure that only the access ports and not trunk ports show up in Identity and Location reports. An exception is of course VoIP ports which have PCs connected to them. This release enables to manually label certain discovered interfaces as trunk ports. Future discoveries will take this input into consideration and not create Identity and location entries for those user defined trunk ports.
To label a discovered interface as a trunk port, go to CMDB; choose a device; ‘Edit’ interfaces; check the Trunk Port checkbox and click Save. You need to do a discovery again to get new identity and location information.
Add CMR Support for Cisco VoIP
Cisco VoIP Call information is in two files
CDR records – this contains primarily the Call originator and Call destination information CMR records – this contains call quality information – MOS scores
Prior to this release, AccelOps only handled CDR records. This release is able to “join” CDR and CMR records to append the call quality information to the call originator/destination information in a single event.
Limit excessive generated incidents
Cisco ASA/IOS Remote Access VPN Monitoring
Most Expensive Query report
As part of database performance monitoring, AccelOps can now monitor the most expensive queries. Currently it works for Oracle and MS SQL Server.
Two rules are provided that trigger when a query takes more than 5 minutes to complete. The query has to complete for the rule to trigger.
VM Snapshot monitoring
VM Snapshots consume lots of space. This release allows you monitor the space taken up by snapshots
Excluded Disks
Often there are certain disk volumes that are either read only or always close to full and never grow. Because of these disks, these servers always as CRITICAL in dashboards. This release enables users to exclude these disks from monitoring – details are here.
Fixed Issues
General GUI related fixes and enhancements
Bug 7580: While trying to validate a custom parser (cloned), user gets “Backend error code: 139” and cannot continue working on parser Bug 7589: Remove 300 device limitation in custom dashboard
Bug 7648: Devices do not update after moving Organizations
Bug 7713: Chart is not displayed in report if generate the report with “Display as” columns.
Bug 7780: CSV exported report does not need extra commas
Bug 7958: Dashboard displays error when Request XML is over 20MB
Bug 8119: Clear Reason for system cleared has incorrect “active for more than 7 days”
Bug 8166: When creating a Ticket the “Assigned To” drop down contains ALL LDAP users, not just AO users
Bug 8170: Add search box on floating dialog boxes showing Performance Monitor errors
Bug 8180: Customer ID of All Report Notification report shows Super always
Bug 8683: Dashboard for Oracle does not display instance status
Bug 8713: Need to allow to import downloaded malware domain csv file manually
Bug 8719: Display IPS Generator ID and IPS Signature ID in wrong format
Bug 8725: “Last Update” of malware domain/blocked IP is not updated
Bug 8736: Ability to set values for ports, applications, device types at global level in CMDB that apply to all orgs
Bug 8762: If you schedule a report and set a custom value in Maximum graphs or Maximum rows and save it then go back into scheduled reports, it goes back to default values. It appears graphs/rows are saved with the custom values because scheduled reports work correctly.
Bug 8768: After changing the Font – some words do not fit correctly
Bug 8826: Customer added a second email address in Admin -> General Settings -> Analytics. Scheduled Report emails are not being sent to the second address
Bug 8946: Org Users should not be able to see Systems Errors from other Orgs Bug 8962: Allow for bulk delete of report results.
Bug 8963: Perf Incidents are not displayed properly from Dashboard (Exec. Summary)
Bug 8989: Disk utilization drill-down dialog stop working once browser loose focus
Bug 9072: When editing credentials of various protocols, they all display the ‘description’ field. SNMP v3 protocol does not display this field. This led users to incorrectly use the context field to to put description which caused failures.
Bug 9073: When looking at a widget – in this case “Top Incidents by Severity, Count”, and you drill down into an incident, you are brought to the incident page with a list of the incidents – BUT – after sorting the widget, and drill down on the same incident, you are show an incorrect incident
Bug 9096: Parse out additional fields in Symantec AV events
Bug 9116: Remove SMS notification configuration from user guide
Bug 9182: Clear incident notification email contains incorrect host name which belongs to another org with the same IP
Bug 9311: Too many tasks causes GUI to be slow
Bug 9332: The report output limitation is incorrect in the pop up report run dialog
Bug 9374: Maintenance Calendar does not save Devices folders
Bug 9391: Notification policy does not work when set only the days of the week and the start date, toggle the days of the week
Bug 9539: Need to forbid “Test Rule” button for rules from organizations
Bug 9628: Daylight saving time (DST) causes report editing to not properly re-save time
Bug 9675: For Juniper SRX devices that have virtual interfaces with a 192.0.0.0 subnet mask, user cannot edit and modify any CMDB fields for this device
Bug 9734: Read-Only Admin Role allows credential to IP association edits with double click
Bug 9839: Provide ability to export IP Range to Credential associations. Currently, the Export button on Admin->Setup->Credentials only exports the credentials but not the IP to Credential associations
Bug 9892: When export CMDB report run for 1 Org, you get data for ALL Orgs
Bug 9953: Deleting Clear Conditions in Rule do not work
Bug 10023: In Dashboard > widgets > combo view, y -axis has no scale value
Bug 10046: Last updated method overwrites the health page. Discover first using WMI then VM_SDK and you get just the VM stats Bug 10161: When SVN has too many configuration/installed software revisions on single device, UI got timed out by 120 seconds.
Finally, UI shows error and cannot see device configuration
Bug 10186: Email notification contains another organizations Interface description
Bug 10202: AO-SP: Rule Sync Errors dialog show other organization’s error
Bug 10215: AO-SP: For Rule Synch errors, an Org user should be able see ONLY his own changes causing synch errors. Super/global should be able to see all Organization errors
Bug 10263: LDAP discovery does not add users when there is an exception caused by the address field is too large to fit into our 256 character column field on ph_contact
Bug 10288: For Report Bundles, report end times are off by 1 minute
Bug 10292: For Report Bundles, absolute schedule time not saved when custom email notification is chosen
Bug 10344: Prevent user from entering more characters then allowed in text fields in UI. When creating a device maintenance schedule, entering too many characters in the description field resulted in “transaction marked for rollback” message
Bug 10673: Custom group does not show up in role management UI Access tree. This issue is affecting to many places such as Dashboard, CMDB, query condition builder
Bug 10829: When selecting multiple devices in CMDB for setting up maintenance schedule the devices do not have name in dialog box. This is GUI issue only.
Platform related fixes and enhancements
Bug 7600: Provide a CMDB Report for Active Rules for an Organization
Bug 7680: External authentication does not work with OpenLDAP
Bug 7953: Events dropped based on Elastic EPS being too slow in changing values
Bug 8142: Event Packager port unnecessarily open on the super and workers
Bug 8213: Back end modules should check certificates during SSL communication
Bug 8278: Script for creating bluecoat ftp directory does not change owner.group to ftpuser.ftpuser
Bug 8279: Every time AO device is rebooted bluecoat ftp directory owner.group are reset to admin.admin preventing files from being ftp’ed to AO
Bug 8650: Need to consolidate NSCD package to nscd-2.5-24 with its updated configuration Bug 8676: Proxy configuration does not work
Bug 8718: Add CMDB Report for Users in AccelOps
Bug 8869: Provide capability in CMDB reports to extract intersection (AND) of 2 criteria – when the criteria partially overlap
Bug 8983: Need to auto-compact JMS request queue
Bug 9065: Empty username and password in the base URL definition causes upgrade failed
Bug 9184: Support CS MARS type drop rules
Bug 9283: Documentation for Amazon AWS need to say Access key and Secret access key instead of User ID and Password
Bug 9341: Global EPS license is ignored when Elastic EPS allocates EPS based on previous configuration
Bug 9630: Create a report for all users with system roles in AccelOps
Bug 9669: Limit the amount of times that AppServer retries a transaction
Bug 9928: Create a report for Monitor Change Performance errors
Bug 9937: Do not overwrite phoenix_config.txt upon upgrade
Bug 10009: Create a report to show all processes and open ports
Bug 10143: Customer certificate overwritten in ssl.conf with 3.7.6 upgrade
Bug 10223: Cache files created by incident notification are never removed
Bug 10525: Provide an option to not show the Domain drop-down list from logon page for external authentication Bug 10567: Fix customer found Apache security vulnerabilities
Performance Monitoring / STM related fixes and enhancements
Bug 7787: Add Virtual Memory Utilization Attributes support
Bug 8254: False high Exch Metrics
Bug 8700: Monitor VM snapshots
Bug 8837: AO is losing checkpoint firewall events every time phCheckpoint crashes
Bug 8919: The average processing time for Glassfish servlets and processors are wrong
Bug 8981: Windows log pulling time interval not implemented correctly
Bug 9137: Add load balancing metrics for Cisco ACE load balancer
Bug 9458: Need instance availability monitoring via Amazon AWS SDK
Bug 9508: Add performance monitoring for Citrix NetScaler
Bug 9627: “PH_DB_DATA_ERROR: cannot decrypt password for principal” exception thrown when running perfMonitor rest API on
Super in SP mode when there are devices monitored by a collector
Bug 10028: Performance monitor job status does not update (shows yellow star)
Bug 10222: Enhance custom performance monitor to include string index (currently only integer index)
Bug 10249: Cisco ASA CPU, memory utilization not populated correctly
Bug 10471: NX-OS devices PH_DEV_MON_INTF_UTIL not calculated correctly sometimes
Bug 10512: Apache metrics are not being pulled
Bug 10527: Fail to collect UDP echo IP SLA stats
Bug 10608: Monitoring Windows network interface statistics via WMI sometimes crashes when server has more than 1 network interface
Bug 10618: Hardware Monitoring for Cisco IOS and NX-OS devices stops after 3.7.6 upgrade
Bug 10650: Important process with long parameters (like java) are not being detected as down when they are indeed down
Bug 10827: Enhance Linux disk utilization by accounting for reserved space
Bug 10921: Generate per-host LUN usage metrics for EMC VNX/Clarion
Rule / Query / Report Engine related fixes and enhancements
Bug 7509: Prohibit user from choosing past dates in scheduled reports
Bug 8376: Reports saved as csv have blank “Event Name” column
Bug 8811: Query returns nothing for user defined port/protocol group
Bug 9405: Analytics can only query top level CMDB Application Groups
Bug 10183: When running a long report, App server needs to retry if Query Master does not respond
Bug 10345: Report Scheduler not sending reports at the correct time
Bug 10348: Daylight Savings Time (DST) causes report editing to not properly re-save time
Bug 10349: Quartz worker thread pool are too small to handle large set of scheduled reports
Bug 10487: Enhance CONTAIN operator to match anywhere in string – not just in the beginning Bug 10767: Eliminate Rule synch errors caused by Rule exception
Parsing related fixes and enhancements
Bug 7625: Suppress certain events from being parsed
Bug 7639: Windows Parser does not completely parse when key pair fields are in Spanish
Bug 8216: Parse out additional fields in ASA-722051 event
Bug 8355: Allow event forwarding based on event severity
Bug 8702: Event Type Win-Security- 4656 does not parse object type and object name
Bug 8758: Symantec AnitVirus logs – virus file name not being parsed
Bug 8874: Fix Microsoft UAG parser
Bug 8889: Fix Forescout CounterACT parser
Bug 8895: Allow parsing of “:” in certain Cisoc IOS messages
Bug 8999: Windows WMI OS Parser does not properly parse all fields on SQL Server Events
Bug 9024: Windows Parser needs to strip the @Domain.xxx at the end of “account name” in the key-value-pair
Bug 9026: from Admin->Device Support->Event Type, if you click on the amplifier icon on the search box and uncheck ‘Device Type’, it ignores the search columns settings which always includes Device Type as part of search. Actually it ignores whatever is unchecked, it always displays the default
Bug 9451: WatchGuard Firewall Parser Missing Events
Bug 9587: Email subject is sometimes not parsed by Cisco IronPort Mail parser
Bug 9641: Save event name from Cisco IPS Alerts
Bug 9709: Add support for Alcatel AAA Radius syslog
Bug 9843: NetApp snnp traps not parsed
Bug 9861: Change Parser to not create User= “-” for event type IIS-Web-Client_Access_Denied
Bug 9862: F5 BIG-IP LTM new version has syslog not parsed by our current parser
Bug 9955: Cisco switch events for dynamic ARP inspection (SW_DAI-4-DHCP_SNOOPING_DENY) are not being fully parsed
Bug 10090: Cisco ASA Parser enhancement – add the type of Remote Access connection that is used when a DAP is applied
Bug 10091: Parse WLAN AP Host Name attribute for Cisco WLAN disassociation SNMP traps
Bug 10092: Enhance Cisco Call Manager CDR parser to get the CM Login User ID of the caller
Bug 10119: Logon Fail events misclassified as Login Success events
Bug 10286: AccelOps is not parsing Severity and Source / Destination addresses, Event Type, Event Name, etc. from Snort Sensor IDS logs, because of the <br0> between the [Priority 1]: and {TCP}
Bug 10324: Parse addition fields for Symantec Endpoint Protection (SEP) logs
Bug 10381: Fix JunOS log parsing errors
Bug 10408: Parse logs generated by Correlog windows agent
Bug 10418: Parse user name from Windows MSSQL Event 18453 Bug 10458: Convert TOS values to DSCP values in Netflow
Bug 10511: Parse out Account Name and Object Name for Win 4670 events
Discovery related fixes and enhancements
Bug 6574: Provide an option for removing VM monitoring
Bug 6955: Support secure LDAP protocol
Bug 7888: Checkpoint running SPLAT OS being incorrectly discovered as Generic Linux
Bug 8681: Redhat 10GB Interface discovered as 10MB
Bug 8769: Support MySQL – discovery, performance monitoring and log collection
Bug 8984: Compress Discovery result before sending to App server
Bug 9042: MS SQL Server JDBC discovery fails but AO still pulls some perf metrics but not all This is unique to MS SQL Server 2012.
Bug 9058: LDAP discovery using “daysToPasswordExpiry” is completely wrong
Bug 9070: Add SNMP support for Dell Blade Center / Chassis Mgmt Controller
Bug 9134: Support EMC Data Domain
Bug 9290: Add region to AWS EC2 discovery
Bug 9420: Checkpoint discovery does not have Installed Software/Running Process on GAIA/Security Platform
Bug 9474: VM discovery does not work with symbol character for password
Bug 9584: Make the ‘show ip route’ command optional in discovery of Border routers with millions of routes
Bug 9790: VMSDK discovery failure does not show complete failure reason
Bug 9827: Option to include or exclude VM Guest hosts during ESXi / VMSDK discovery
Bug 10025: Add device support for standalone Cisco WLAN AP (not controllers) running IOS
Bug 10171: Cisco IPS module in ASA has wrongly discovered IPS SW version
Bug 10437: Cannot discover Cisco device by SSH with high privilege user
Bug 10524: Discovering powered off VMs may cause incorrect merge if the VMs have a shared IP address
Bug 10530: Linux interface speed incorrect
Bug 10677: Interface alias not discovered when an interface has more than one addresses
Open Issues
Bug 7537: Can not create new incident category in VA mode. AO-SP works correctly. Workaround is to manually add the incident category to a rule in the database.
Bug 7191: Device Maintenance window cannot be larger than 1 day
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!