This section lists enhancements and resolved issues in previous releases of NetMon.

4.0.2

March 16, 2020

Features and Enhancements

New Dashboards

Dashboard

Explanation: Alarm Trend, Network Analysis, SMB, and Network Node Link Dashboards have been added. The Application Exploration Dashboard has been updated.

Benefit: Additional dashboards provide new ways to interpret network data.

DNS Stitching Close Out SessionEnable Stateless Protocol Stitching

Explanation: When Stateless Protocol Stitching is on, stitched DNS sessions are closed out on the intermediate report interval rather than running indefinitely.

Benefit: Long-running, stitched DNS sessions no longer appear as a large volume of data leaving the network.

Node Link Graph VisualizationVisualize

Explanation: A new Node Link Graph visualization has been included for analyst use. To access the Node Link Graph, click the Network visualization in the New Visualization selector in Kibana. A visual representation of a network is available in the new Network Node Link Dashboard.

Benefit: The Network visualization provides analysts with a unique way to visualize data relationships in their network traffic. Heavy customization is possible, as any of NetMon’s data fields can be used as nodes or links.

Elasticsearch and Kibana UpgradeNetMon and Kibana

Explanation: Elasticsearch and Kibana have both been upgraded to version 7.5.2.

Benefit: These upgrades mitigate security vulnerabilities and improve performance.

RPM Package UpgradesThird-Party License Acknowledgments

Explanation: PHP has been upgraded to 7.2.25. nginx has been upgraded to 1.17.7. CentOS kernel and third-party RPM packages have also been upgraded.

Benefit: These package upgrades mitigate security vulnerabilities.

Additional Application ClassificationsNetMon Supported Applications

Explanation: An additional 124 applications have been classified, and there are now 3,660 applications classified in NetMon. New additions include G Suite, Amazon AppStream, and Apple Remote Desktop, among other applications.

Benefit: Customers can now identify even more applications and more reliably differentiate known traffic from suspicious traffic.

Resolved Issues

DE798

Updated AddEth.pl to require parameters and prevent undesired behavior when no parameters were passed. Script help updated.

DE10001The reported number of failed messages sent between the Deep Packet Inspection Threads and the Rule Engine Threads is now accurate, correcting “Dropped” stats on the Flow Rate chart.
DE10061Changes to the Engine Configuration now result in a short service restart, instead of restarting all NetMon processes.
DE10101Fixed crash on startup for cases where the Management interface does not have an IP address.
DE10118Updated the “Analyze Charts in Diagnostics” section of the NetMon User Guide.
US4219PHP “allow_url_fopen” was enabled by default. Disabled to address vulnerability concerns.

4.0.1

January 6, 2020

Features and Enhancements

Dark Mode

Switch Between Light and Dark Modes

Explanation: Users can now choose between the traditional, light NetMon theme and a new, dark background theme.

Benefit: NetMon is more pleasing to use in low-light environments.

New VisualizationsVisualize

Explanation: New visualizations—including dynamic controls, area graphs, gauges, heat maps, and tag clouds—are available for inclusion in dashboards.

Benefit: Additional visualizations provide new ways to interpret network data.

Dashboard Live UpdatingAutomatically Refresh the Page

Explanation: Dashboard views now support live updating without user intervention.

Benefit: The latest “last X minutes/hours” data is always displayed for users without additional user actions. Traditional snapshot dashboard views are still available.

Quick Access to Recently Used DashboardsDashboard

Explanation: User-accessed dashboards are now available with one click in the main user interface.

Benefit: The user workflow is streamlined.

Quick Access to Built-In and User-Defined DashboardsLoad a Saved Dashboard

Explanation: A dynamically populated list of all dashboards loaded in NetMon is available on the Analyze menu.

Benefit: The user workflow is streamlined.

User Interface RefinementsWeb Management Interface

Explanation: The entire NetMon Web Management interface has been refreshed.

Benefit: Many improvements to visual elements and workflow result in an improved user experience.

Streamlined Dashboard Import and ExportImport Custom Dashboards

Explanation: The dashboard import and export processes have been simplified.

Benefit: It is easier to share dashboards and visualizations.

Support for CIDR Notation in QueriesN/A

Explanation: CIDR notation is now supported in dashboard queries and query alerts.

Benefit: It is easier to query for ranges of IP addresses.

Manual Configuration ModeChange the Management or Recovery Network Interface

Explanation: Users can persistently override network configuration settings.

Benefit: Network interfaces can be appropriately configured for different environments.

RPM Package UpgradesThird-Party License Acknowledgments

Explanation: PHP has been upgraded to 7.2.24. CentOS kernel and third-party rpm packages have also been upgraded.

Benefit: These package upgrades mitigate known security vulnerabilities.

Resolved Issues

DE15

The loopback IP address no longer incorrectly appears on the About page, and instead is populated with the management IP address.

DE16The upgrade index is now correctly created when an administrator user logs in for the first time during system startup.
DE17DPA rule selections are now correctly applied to replayed PCAPs.
US310

Removed nm-dispatch from the product, fixing an issue with the dispatch queue failing.

The nm-dispatch process has been replaced with new processes (nm-es-indexer and nm-es-percolator) using new queuing.

3.9.3

May 29, 2019

Features and Enhancements

Additional Application Classifications

NetMon Supported Applications

Explanation: An additional 77 applications have been classified, and there are now 3,551 applications classified in NetMon. New additions include Google Video, Apple News, and Hadoop, among other applications.

Benefit: Customers can now identify even more applications and more reliably differentiate known good traffic from suspicious traffic.

Resolved Issues

NM-1538

PHP has been upgraded to version 7.1.28.

3.9.2

March 14, 2019

Features and Enhancements

Analysis Engine Improvements

N/A

Explanation: NetMon’s Analysis Engine now extracts additional metadata fields.

Benefit: Users have more information to help analyze and interpret application flows.

Deep Packet Analytics Rule Enhancement

NetMon Deep Packet Analytics

Explanation: NetMon now sends additional metadata to LogRhythm Enterprise when the Flow_DetectClearTextPasswords Deep Packet Analytics (DPA) rule detects a cleartext password in use.

Benefit: Users can now see deeper information on alarms triggered by this DPA rule in LogRhythm Enterprise without having to take additional manual steps to retrieve it.

Additional Application Classifications

NetMon Supported Applications

Explanation: An additional 95 applications have been classified, and there are now 3,474 applications classified in NetMon. New additions include Azure Right Management Service, Cisco WebEx, and Oracle OEM Management, among other applications.

Benefit: Customers can now identify even more applications and more reliably differentiate known good traffic from suspicious traffic.

Resolved Issues

NM-1030

Better logic for Flow_ProtoMismatchPort DPA rule to avoid false positives.

NM-1205

Health stats were not being registered correctly under heavy load.

NM-1282

Better handling of error messages for application blacklist PUT.

NM-1423DPA rule enhancement sending additional info to SIEM when cleartext password is detected.
NM-1439Better error handling on Configuration > Network page.
NM-1444Better error handling in PHP when navigating to the Filter page.
NM-1448Fixed error when PUT to /api/network/hostname does not include “hostname” key but instead another key.
NM-1464Fixed corner cases in network selection configuration.
NM-1480Fixed issue when static IP was used in script to add interface to a system to be recognized by NetMon, static IP was lost when restarting NetMon.
NM-1499PHP has been upgraded to version 5.6.40.

3.9.1

December 20, 2018

Features and Enhancements

GRE Support

Change Network Parameters

Explanation: NetMon now integrates support for Generic Routing Encapsulation (GRE). GRE enables network traffic to be delivered to a remote NetMon for analysis without requiring a dedicated TAP or SPAN port.

Benefit: GRE support enables NetMon to monitor network traffic in a new, versatile way, including traffic from VPNs.

NetMon Hostname in Metadata

Application Metadata Fields


Explanation: A new metadata field, NetmonHostname, is populated with the assigned hostname.

Benefit: The hostname of the NetMon instance that generated metadata is now tracked.

SmartFlow Enhancements

Application Families and Tags

Explanation: SmartFlow has been extended to include Application Family, Application Tags, and NetMon Hostname metadata fields.

Benefit: True Application Identification now includes application category data. These details are available when integrated with a LogRhythm SIEM.

Alternate Recovery IP AddressDetermine the IP Address and Launch NetMon

Explanation: NetMon automatically detects the subnet it is part of. If it is on the 192.168.x.x subnet, the recovery IP is set to the 172.16.x.x subnet instead. 

Benefit: The recovery IP address does not conflict with other IP addresses on a network.

Packet Capture ImprovementsAnalyze Captured Sessions

Explanation: Metadata associated with deleted captured sessions is now cleaned up more efficiently. The Capture Dashboard has been updated to more accurately reflect the status of captured sessions.

Benefit: Memory and processor use is more efficient when packet capture is enabled.

Disk Cleanup ImprovementsN/A

Explanation: NetMon now implements a new method to automatically manage its disk usage. Disk cleanup starts when drives are 89% full. Old data is deleted until the disk is 87% full.

Benefit: Disk cleanup is more efficient.

Resolved Issues

NM-1255

NetMon now includes OpenJDK 1.8.0.181 to address critical and high-risk vulnerabilities in earlier versions, including CVE-2016-3458, CVE-2016-3485, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, and CVE-2016-3610.

NM-1319

The security certificate included with NetMon has been updated with an extended expiration date.

NM-1323

Resolved an issue where some users inspecting a saved rule saw an error message when clicking the Search icon on the Rules tab.

NM-1352Resolved an issue where disk cleanup failed.
NM-1357Resolved an issue where memory grew unbounded on systems with large disks and packet capture enabled.
NM-1374NetMon’s Web user interface now works properly in Microsoft Internet Explorer 11.
NM-1407NetMon’s installer has been updated to improve compatibility with a wider range of hardware.

3.8.2

September 25, 2018

Features and Enhancements

Deep Packet Analytics API

Web API

Explanation: A new Deep Packet Analytics (DPA) API provides programmatic access to advanced analysis features.

Benefit: The DPA API enables new automated actions and integrations.

Deep Packet Analytics User Interface Update

Manage Deep Packet Analytics Rules

Explanation: The DPA user interface has been updated with improved usability and workflow. Rules are now separated by their origin (system or custom). The DPA rule editor has also been updated.

Benefit: It is easier to create and modify DPA rules.

UEFI Boot Support

N/A

Explanation: NetMon can now boot from UEFI.

Benefit: NetMon has broader hardware support.

Resolved Issues

NM-1255

Updated the version of Java included with NetMon.

NM-1288

Fixed installation issues on newer hardware.

NM-1298

Corrected the permissions needed to access IP filtering and application blacklisting configuration interfaces.

3.8.1

July 17, 2018

Features and Enhancements

IP Filtering

Filter IPs and Applications

Explanation: Users can now control which traffic NetMon processes based on IP address. Filters can be easily added or switched on/off from either the Web Management interface or the NetMon API.

Benefit: With more granular control over processed traffic, users can filter out sensitive endpoints, include only suspicious IP addresses, distribute traffic across multiple NetMon appliances and instances, and more.

Application Blacklisting

Add Applications to Blacklist

Explanation: NetMon now has the ability to exclude specific applications from processing, metadata creation, capture, and alarms.

Benefit: By adding applications to a blacklist, users can easily focus resources on the most relevant data.

Application Families and Tags

Application Families and Tags

Explanation: Two new metadata fields, ApplicationFamily and ApplicationTags, classify NetMon application traffic into categories such as Web, SCADA, Instant Messaging, and many more. The new Application Exploration Dashboard makes it easy to visualize and search application families and tags.

Benefit: Searching flows by family or tag greatly accelerates threat-hunting by making it easy to target groups of related applications or specific types of traffic with simplified search queries.

Open Metadata Query API

LogRhythm NetMon API

Explanation: A new API route (GET /api/search) enables NetMon to retrieve any metadata.

Benefit: Users can extract metadata to another application or into a report, or use a SmartResponse to obtain all metadata from a session.

Stateless Protocol Stitching for DNS

Change Engine Parameters

Explanation: This Configuration > Engine setting consolidates stateless sessions (DNS over UDP) into a single session.

Benefit: Enabling this protocol reduces metadata generation and improves performance.

Support Dashboards

Filter IPs and Applications

Explanation: NetMon 3.8.1 includes two new dashboards—Traffic Profile and Traffic Endpoints—that help identify and remedy performance issues.

Benefit: These dashboards help pinpoint the causes of slow performance, and can be used with IP filtering and application blacklisting (Configuration > Filter) to prevent specific IP addresses or applications from flooding a NetMon.

PCAP Replay Forwarding Switch

Change Syslog Parameters

Explanation: A toggle switch on the Configuration > Syslog page allows NetMon users to hide replayed PCAPs from LogRhythm Enterprise.

Benefit: Analysts can examine traffic in NetMon without triggering downstream alerts.

Improved Performance

N/A

Explanation: A new queue architecture reduces memory consumption and improves stability. The disk packet writer captures packets to disk at a more consistent rate.

Benefit: NetMon utilizes system resources more effectively and has improved performance and increased stability.

Additional Application ClassificationsNetMon Supported Applications

Explanation: An additional 45 applications have been classified—there are now 3,379 total applications classified in NetMon. New additions include Microsoft PowerShell Remoting, Turbo VPN, and iFIX, among other applications.

Benefit: Customers can now identify even more applications and more reliably differentiate known good traffic from suspicious traffic.

Resolved Issues

NM-802

Inconsistent information in the installation guide has been updated.

NM-806

Modbus traffic is now correctly categorized.

NM-939

A vulnerability with Nginx versions (CVE-2017-7529) has been resolving by updating the included version of Nginx.

NM-1006

Permissions on the MonitorDispatch directory have been updated.

NM-1037

NetMon now correctly handles passwords containing certain special characters.

NM-1057

The user interface now correctly reflects PCAP download status.

NM-1060

Certain included libraries have been updated.

NM-1067

The documented description of Basic DPI mode has been updated.

NM-1091

Resolved an issue where, in some cases, replayed traffic was not available for download and file reconstruction.

NM-1111

Configurations have been updated to better handle PCAP cleanup.

NM-1123

Resolved an issue where packets were sometimes duplicated during PCAP replay.

NM-1125

Resolved an issue where the Configuration > Network > Interfaces panel failed to load.

3.7.1

March 27, 2018

Features and Enhancements

PCAP Replay Upgrade

PCAP Replay

Explanation: NetMon 3.7.1 introduces improved PCAP Replay features, including two new metadata fields, a new Replayed Traffic Dashboard, a more efficient underlying architecture, a new API route to retrieve replayed PCAP session IDs, and improved workflow around analyzing replayed traffic.

Benefit: Replayed PCAP files can now be isolated from live traffic and inspected independently. The new metadata fields enable powerful analysis and aggregation of replayed traffic. Individual links from uploaded PCAPs to the Analyze Dashboard are pre-filtered to show specific replayed traffic.

Data Forwarding

Change Syslog Parameters

Explanation: The Configuration > Syslog page now provides the option for licensed NetMon users to restrict whether network traffic metadata is forwarded over SmartFlow (Syslog) to LogRhythm Enterprise.

Benefit: Traffic generated from NetMon can now be reduced when alerts and diagnostics are sufficient for a given customer environment.

Updated Web Management Interface

Web Management Interface

Explanation: Among other UI refinements and improvements, the shutdown, reboot, and restart services are now restricted to administrator-only.

Benefit: Users without administrator permissions will not be able to shut down, reboot, or restart NetMon, adding a level of security to prevent unwanted or potentially intrusive system behaviors.

VMware Support
Configure NetMon on a VMware vSphere Virtual Machine

Explanation: NetMon 3.7.1 is the first version of NetMon officially supported on VMware. For more information, see the VMware Installation and Configuration Guide, available on the LogRhythm Community.

Benefit: Users can install NetMon on virtual machines powered by VMware vSphere using LogRhythm-recommended configuration specifications.

Additional Application Classifications
NetMon Supported Applications

Explanation: NetMon now classifies 69 additional applications—there are now 3,334 total applications classified in NetMon. New additions include mobile games and social networks, among other applications.

Benefit: Customers can now identify even more applications and more reliably differentiate known good traffic from suspicious traffic.

Resolved Issues

NM-784

Traffic from the Redis cloud system monitoring protocol is no longer misidentified as POP3.

NM-803

The list of supported applications available in the NetMon Help has been updated to remove deprecated protocols.

NM-804

A parsing error that mapped some NetMon Syslog data into the wrong Syslog fields in LogRhythm Enterprise has been fixed.

NM-805

The license upgrade process has been improved so that licenses without an expiration date can be successfully installed without overwriting existing licenses.

NM-807

The NetMon Installation and Configuration Guide has been updated to clarify that SAN storage and DM-multipath are not supported to extend storage volumes.

NM-809

A bug that prevented the dispatch process from accepting certain sessions has been resolved.

3.6.2

January 30, 2018

Features and Enhancements

Operating System Upgrade

Install NetMon Software

Explanation: NetMon’s base operating system installer has been upgraded CentOS 7.4.

Benefit: CentOS 7.4 provides improved security and reliability, and also ensures that NetMon 3.6.2 and future versions will run on additional hardware.

Resolved Issues

N/A

NetMon has been updated with security patches to mitigate the “Spectre” variant 1 (CVE-2017-5753) and “Meltdown” (CVE-2017-5754) vulnerabilities. Note that Spectre variant 2 (CVE-2017-5715) has not been patched in version 3.6.2.

N/A

The included version of PHP has been updated to version 5.6.33.

3.6.1

December 20, 2017

Features and Enhancements

Updated DPI Engine

Change Engine Parameters

Explanation: The Deep Packet Inspection (DPI) engine has been updated.

Benefit: The updated DPI engine improves stability, is more resilient to different traffic profiles, and is better at classifying protocols. System performance is significantly improved, and hardware is utilized more efficiently.

Role-Based Authentication

Add NetMon Users

Explanation: Users can now be assigned either Administrator or Analyst roles. Functionality is restricted for analyst users. Multiple users can have administrator roles.

Benefit: NetMon’s role-based authentication functionality can assign users greater control over levels of access. Users with the Analyst role are restricted and cannot change key configuration items. Additionally, multiple named users can now have the Admin role, resulting in greater control over administrator privileges and more resilient and flexible system management.

User API

Manage NetMon Users

Explanation: Administrator users can now update user information, create users, delete users, and reset user passwords through the API.

Benefit: The capabilities of the NetMon RESTful API have been expanded to include user management. This enables centralized, flexible user administration, user synchronization across multiple NetMon instances, integration with an enterprise’s Identity and Access Management (IAM) platforms, and improved coordination with SIEM user profiles.

Updated Web Management InterfaceWeb Management Interface

Explanation: The Web Management interface has been updated and refined, including a new top navigation bar and multiple fixes.

Benefit: The NetMon user interface now looks and behaves as the SIEM Web Console does, providing a cohesive, seamless user experience between both products. The user interface has been expanded to provide improved workflows for managing user- and role-related capabilities.

Resolved Issues

NM-789

PHP has been upgraded to version 5.6.32. Earlier versions of NetMon included PHP 5.6.30, which was vulnerable to CVE-2017-11142 (a CPU resource consumption DoS vulnerability). This update mitigates vulnerabilities affecting versions of PHP prior to 5.6.32 (CVE-2017-16642, CVE-2017-12933, CVE-2017-11628, CVE-2017-11145, CVE-2017-11144, CVE-2017-11143, CVE-2017-11142, CVE-2017-7890).

NM-792

Extra blank lines are no longer added to the passwords file upon user creation, preventing unchecked growth of the passwords file and potential exhaustion of memory resources.

NM-793

Resolved an issue where API keys could be overwritten in cases where a username contains another user’s username.

NM-794Deleted users can no longer access NetMon—deleted user tokens are immediately revoked and system access is no longer possible. This fixes an issue where it was possible for a deleted user to access the NetMon web interface if the deleted user had not yet cleared his or her browser cache.
N/APrevious versions of NetMon would sometimes serve stale pages in the Web interface. This version of NetMon corrects this behavior by properly indicating when pages should and should not be cached. Prior versions of NetMon reported issues where clearing the cache was a necessary workaround—this improvement addresses those cases.
N/APages are automatically refreshed after upgrade. In prior versions of NetMon, some successful upgrades would appear to hang until the user manually refreshed the browser page. This fix eliminates the need for a manual browser refresh by properly and automatically refreshing the page after an upgrade completes.

3.5.1

September 1, 2017

Features and Enhancements

Additional Application Classifications

NetMon Supported Applications

Explanation: Additional application classifications were added—there are now 3,257 classified in NetMon. New additions include assorted gaming sites (such as clash_of_clans), additional CDN sites (such as lightstreamer), industrial control protocols (such as OPCUA and Profinet), and improved cloud protocols for Azure services and Microsoft Office Online.

Benefit: Users can more clearly identify traffic and differentiate between normal “time-wasters” and suspicious or malicious traffic.

Additional Admin API Methods

Web API

Explanation: New REST-based endpoints were added for upgrading and licensing a NetMon, managing time, downloading DPA rules, and rebooting and shutting down the server.

Benefit: These methods extend the REST-based Admin API tier for management of multiple NetMons and integration with LogRhythm’s SIEM and other management tools.

Improved DPA Documentation

Deep Packet Analytics Rule Examples

Explanation: The Deep Packet Analytics (DPA) rule documentation has been reorganized and improved.

Benefit: Analysts can find method calls and examples much faster.

Additional DPA Methods

NetMon Deep Packet Analytics

Explanation: New DPA methods have been added to improve logging support and make it easier to find an application in the path.

Benefit: New methods simplify rule development and make it easier to efficiently isolate classes of traffic (for example, “find all ssl”) regardless of the final classification (for example, “/tcp/ssl/https/pandora”).

Additional DPA Packet-Level Methods

Packet-Level Functions

Explanation: New packet-level methods have been created to easily extract specific bytes of data from a packet as an integer or a string of raw HEX data.

Benefit: Packet-level analysis is much easier and more in line with capabilities of IDS systems like Bro and Snort. Rules can be written to match byte-level signatures.

Stop Scrolling in Log Viewer

Pause Log Collection

Explanation: On the Logs page, it is now possible to stop the automatic scrolling of system diagnostic and audit logs.

Benefit: It is now much easier to read through logs for specific events without the risk of the message scrolling off the page.

Resolved Issues

NM-778

Non-admin users can no longer see the Configuration > Upgrade page or start an upgrade.

NM-780

Session length now supports Int64 in all places. This prevents data rollover for long sessions.

NM-785

Download of DPA rules works again, generating non-corrupt .lrl files. (Note: This was a bug in 3.4.2 only).

NM-786

Java ES library has been updated to prevent lockup of the Dispatch service.

N/A

Kibana Startup log is now properly managed for size.

N/A

Capitalization in the UI has been fixed for consistency (Manage Users, Upgrade, Replay).

N/A

A potential JavaScript injection vulnerability has been closed.

N/A

Deprecated function warning in logs has been resolved.

3.4.2

June 20, 2017

Features and Enhancements

New Metadata Field Named JSONSize

View Metadata Indexing Statistics

Explanation: The JSONSize metadata field is available on all flows.

Benefit: This field helps isolate data problems that cause failures in Elasticsearch.

DPA Rule Editor Window Improved

Manage Deep Packet Analytics Rules

Explanation: The DPA Rule Editor window is now easier to use.

Benefit: Writing DPA rules is easier and less prone to accidental loss of content.

Updates to Network Interfaces

Update Network Parameters

Explanation: More interface name patterns are recognized.

Benefit: Non-hardware-based network interfaces (for example, virtual systems) are now recognized and supported on the Network Configuration page.

Installer Supports Alternate Partition Names

Install NetMon Software

Explanation: NetMon can now be installed on a system that does not have an sda partition.

Benefit: Installation on some VM systems with non-standard partition naming (for example, vda instead of sda) now works correctly.

Auto-Capitalization

Discover, Visualize

Explanation: Auto-capitalization has been improved and added to the Discover and Visualize filters under the Analyze menu.

Benefit: Users no longer need to capitalize metadata names in any filter field.

Resolved Issues

NM-753

The Authentication Required popup no longer displays on the login page.

NM-759

A DPA rule uploaded as an .lrl can now be re-uploaded after the rule is deleted.

NM-764

Hexadecimal DNS flags correctly convert to 16-bit values in NetMon.

NM-766

A possible memory corruption issue on system startup has been resolved.

NM-769

A possible race condition causing system failure has been resolved.

NM-775

The Download Diagnostics .zip file now opens properly on Windows systems.

NM-776

The Flow_PrivateKeyExtensions rule now works correctly for mapi protocol.

NM-758

The .iso install script is no longer hardcoded to be installed on the sda drive.

N/A

CVE-2017-1000364 and CVE-2017-1000366 (Stack Clash exploits) are patched.

3.4.1

May 22, 2017

Features and Enhancements

Validate an Upgrade

Upgrade NetMon

Explanation: The official hash of the upgrade file now prompts you to verify the upgrade before uploading and installing the updated version of NetMon.

Benefit: Visually comparing the hash of the .lrp file with LogRhythm’s published hash value provides a human interaction guarantee that the upgrade file is legitimate and officially from LogRhythm.

Set Up a Secure Syslog

Update Syslog Parameters

Explanation: Through the Configuration > Syslog user interface, you can now configure a secure TCP Syslog connection.

Benefit: Network data is highly valuable. By securing the connection between the NetMon and the SIEM, this data can be transported securely for further analysis and correlation.

Improved Interface Configuration

Update Network Parameters

Explanation: The Configuration > Network user interface now includes an interface selector with the ability to see all recognized interfaces, including data received and IP addresses.

Benefit: Setting up a NetMon is now easier than ever. Instead of guessing which cryptically named port (for instance, enp0s02) is your incoming tap data, you can see which port is receiving data and select it. You also do not have to guess which interfaces are part of a bond. You can simply select the interfaces you want to capture.

New Help Tab

Help

Explanation: From the Help tab of the top navigation bar, you can now access the NetMon online Help and Community forum, as well as download diagnostics files.

Benefit: LogRhythm’s Community is a great resource for NetMon information and support, and the embedded link makes it easier than ever to connect. The Diagnostics .zip file contains rich information that is useful for understanding NetMon’s configuration and performance.

Resolved Issues

NM-614

If a PCAP download request times out, the message is no longer “retrying download” when the download does not actually retry.

NM-757

The Login dialog is no longer available when the rest of the services have not yet started.

NM-760

The validation message for changing a hostname now mentions that lowercase is required for a valid hostname.

NM-761

API download routes now properly report HTTP status on error conditions.

NM-763

Improvements to Elasticsearch tuning and data truncation have been made to prevent crashes under specific large loads.

NM-765

The download library now properly streams for very large files.

NM-770

A fix has been implemented for a vulnerability exposed via Metasploit.

NM-771

Backup .ifcfg.old files are now ignored and not considered valid interfaces.

3.3.2

March 8, 2017

Features and Enhancements

Additional Classifications

NetMon Supported Applications

Explanation: NetMon now classifies 3,061 unique applications. Shutterstock, SolarWinds, Microsoft Docs Online, and many ICS/SCADA protocols were added in this release.

Benefit: Customers can now identify even more Layer 7+ applications and more reliably differentiate known good traffic from suspicious traffic.

New API Methods

LogRhythm NetMon API

Explanation: Additional API methods have been exposed for managing Query Rules, downloading DPA rules, examining service status, downloading logs, and changing the hostname of the system.

Benefit: Customers can continue integrating with NetMon and automating management functions.

API Security Improvements

Web API

Explanation: All API methods have been updated with increased client and server-side validation, stronger authentication, improved auditing, and other related security changes.

Benefit: Customers can trust that the API layer is not a security vulnerability.

Additional Audit Records

View Log Data

Explanation: Additional Audit messages are now created for upgrade success and failure, several API routes, downloading DPA rules, and user logouts.

Benefit: Customers can trust that NetMon fully tracks user actions and provides a clear and consistent audit trail.

Change Hostname

Change Hostname

Explanation: You can now change the hostname of the NetMon instance through either the Configuration > Network user interface or an API method.

Benefit: Customers can now easily manage multiple NetMon devices and bring NetMon devices into compliance with Linux host naming standards.

Change Syslog Port

Change Syslog Parameters

Explanation: Through the Configuration > Syslog user interface, you can now change the Syslog sender port from 514 to 601 or to any port larger than 1000.

Benefit: Customers can now adjust NetMon output to target Syslog receivers listening on non-standard (514) ports. This is a precursor to support full TLS-encrypted Syslog output.

Resolved Issues

NM-519

Windows Management (WSMan) is now an identified application.

NM-741

A banner indicating that only some data is forwarded has been re-implemented on the Syslog page in NetMon Freemium mode.

NM-745

The various “Delta” fields have been corrected for long-running flows.

NM-746

The FieldCountIndexed field has been renamed to RepeatedFieldCountIndexed.

NM-747

Double JSON error reports on certain API methods have been fixed.

NM-748

All previously installed versions now appear in the /systemInfo command.

NM-750

The Flow_DetectPrivateKey rule has been updated and corrected for current DPI fields.

NM-751

A non-meaningful “fatal” error has been removed from logs when DPA rules are enabled/disabled.

NM-755

PHP has been upgraded to 5.6.30, addressing several CVEs.

N/A

Email validation now functions properly. For example, RoB@MyCompany.com is no longer considered an invalid email address.

N/A

Various improvements have been made to an API that gathers version information and upgrade history.

N/A

On install, NetMon now presets the number of processing threads based on the underlying architecture.

3.3.1

December 20, 2016

Features and Enhancements

New API Methods

LogRhythm NetMon API

Explanation: Public API calls have been added for restarting services and changing capture settings.

Benefit: Customers can start automating management of NetMons and improving integration with other systems, such as the SIEM’s Web Console.

Initial Passwords Changed

Configure NetMon

Explanation: On initial installation, all default passwords are now set to changeme.

Benefit: This simplifies deployment and encourages customers to follow good security practices by changing NetMon’s default password.

Sharing Usage Statistics

Update Client Security Settings

Explanation: LogRhythm now collects basic license level, version information, and anonymous usage statistics. No actual customer data is sent to LogRhythm. Customers using an enterprise license can opt out.

Benefit: LogRhythm’s development efforts and upgrade schedule will be based on actual usage patterns.

Audit Log Improvements

View Log Data

Explanation: Additional audit log messages are stored and include the user who triggered the message.

Benefit: Administrators evaluating NetMon usage now have richer data about system access.

Resolved Issues

NM-712

The DPA audit log now notes the user who made changes.

NM-730

The configuration and feature associated with “SIEM Logging” in the Syslog Configuration has been removed.

NM-740

Saved Query Rules can now be edited.

N/A

The warning color for downloading PCAPs or files has changed from bright red to yellow, and the icon has been fixed.

N/A

A non-harmful, “fatal” warning that appeared in /var/log/messages has been removed.

3.2.3

November 4, 2016

Features and Enhancements

Additional Classifications

NetMon Supported Applications

Explanation: Forty-five new application classifications have been added, including Oracle Real Application Clusters (RAC), Elasticsearch, Citrix PVS, Zoom video conferencing, and Pokémon GO.

Benefit: New application classifications enrich the ability to identify normal operational traffic for enterprise systems, reducing the “noise” in searching for threats.

Continued UI Improvements

Web Management Interface

Explanation: Additional changes have been made to the styling of the user interface.

Benefit: These changes bring NetMon even more in line with the SIEM Web Console, providing a seamless visual experience for analysts. Additional small changes help streamline the user experience, reducing the effort needed to learn and use NetMon features.

Resolved Issues

NM-700, NM-714

Previously unknown/unidentified UDP traffic in PCAPs is now correctly identified as the Oracle RAC protocol.

NM-729

Data with fields longer than 32,766 bytes are now automatically truncated (HTTP cookie only).

NM-733

Error messages now notify users if an .lrp configuration upgrade is unsuccessful.

NM-734

NetMon now runs properly on certain VMware and hardware systems that use non-sequential core numbering.

NM-737

Settings have been changed to prevent syslogd and journald from impeding Syslog messages.

NM-739

A patch was applied to address the critical “Dirty Cow” Linux kernel vulnerability (CVE-2016-5195).

3.2.2

September 30, 2016

Features and Enhancements

Improved Styling

Web Management Interface

Explanation: The look and feel of NetMon has been updated to more closely match the LogRhythm Web Console.

Benefit: Users familiar with LogRhythm will have an easier time transitioning to the NetMon interface.

Main Menu Bar Changes

Navigation

Explanation: Among other changes, Rules and Alarms have been given a more prominent place in the top navigation menu.

Benefit: More prominent access to Deep Packet Analytics rules and Query Alerts leads to increased usage of automated analytics.

Alarms Dashboard

Manage Alarms in NetMon

Explanation: A new dashboard has been created specifically to show alarms.

Benefit: The Alarms Dashboard makes it easier to evaluate alarms generated by DPA rules and saved searches, and also to determine investigation priorities, reducing time to detection and time to response.

Changes in Configuration

Manage Deep Packet Analytics Rules

Explanation: Several configuration pages—particularly the DPA rules page—have been modified for a more streamlined experience.

Benefit: Analysts and administrators will be able to more quickly find necessary configuration elements and make changes, such as uploading new rules.

Server Management

Restart Services, Reboot, or Shut Down NetMon

Explanation: Server management functions have been grouped in a new menu icon.

Benefit: Analysts will have an easier time finding server maintenance functions such as restart, reboot, and shutdown.

Deep Packet Inspection Update

NetMon Supported Applications

Explanation: The DPI engine has been updated and can now classify 2,952 applications.

Benefit: About 200 new applications are classified, including Uber, Slack, LogMeIn, and more cloud hosts.

HTTPS Version

Access Metadata

Explanation: The HTTPS protocol version is now stored as metadata in the ProtocolVersion field.

Benefit: You can easily detect less secure connections that use deprecated encryption by viewing or detecting the version in use.

DPA Rule Checking

NetMon Deep Packet Analytics

Explanation: DPA rules are now checked at runtime for access to invalid or missing metadata fields.

Benefit: Developers of DPA rules now know if they’ve tried to access invalid metadata fields.

In-Place CentOS Upgrade

Important Upgrade Notices

Explanation: Customers on NetMon versions 2.8.1–3.1.2 have an upgrade path to 3.2.2.

Benefit: Customers who are still using a NetMon version based on CentOS 6 have an in-place (LRP-based) upgrade path to NetMon 3.2.2 and CentOS 7.2, which provides improved security, reliability, and sustainability.

Resolved Issues

NM-659

Searches run from the Alarms page now properly appear in NetMon’s Search History log.

NM-720

The License page now refreshes and displays the upgraded product license correctly after upgrading or installing a new license.

NM-723

Cassandra heap size has been increased to prevent it from running out of memory in conditions of high flow rate.

NM-724

Resolved autofill overlap issues in the Google Chrome browser.

NM-725

Applied a patch to address CentOS vulnerability CVE-2016-5696.

NM-726

A default PHP file that uses the “phpInfo()” command was deleted to fortify NetMon against a PHPInfo disclosure vulnerability.

NM-728

Changed Ingress/Egress Dashboard text to clarify that direction is determined not only by source IP and destination IP locations, but also by the number of srcBytes and dstBytes.

N/A

Implemented a fix for PCAP replay of HTTPS sessions, which were not ending cleanly.

3.2.1

July 27, 2016

Features and Enhancements

Operating System Upgrade

Automated Installation with the LogRhythm .iso

Explanation: NetMon’s base operating system has been upgraded from CentOS 6.5 to CentOS 7.2.

Benefit: CentOS 7.2 provides improved security, reliability, and sustainability. It addresses numerous vulnerabilities and keeps NetMon on a current version of CentOS.

Hardened OS

N/A

Explanation: NetMon’s base operating system has been hardened to prevent malicious access.

Benefit: Many OS-level features have been removed or restricted, and account access has been limited to help prevent malicious activities.

Improved Freemium Experience

NetMon Editions

Explanation: Capture has been increased to 1 Gb per second, and alarms and diagnostic messages can be sent via syslog.

Benefit: Increases the usability of Freemium for a wider variety of customers and use cases, including short term incident response.

User Experience Improvements

Work with Filters

Explanation: Filters and titles on configuration pages make it easier to find key configuration values.

Benefit: NetMon admin time is minimized through a simplified context in user experience.

User Password Management

Change Your Password and User Data

Explanation: Passwords can be changed by individual users and any password can be change by the admin user.

Benefit: Provides more efficient account management for multiple NetMon users.

DPA Scanning of FTP and SMTP Session Bodies

Deep Packet Analytics System Rules

Explanation: DPA rules can now scan the first 500 KB of an FTP transfer or SMTP email body.

Benefit: Allows for deeper analytics of these protocols, including scenarios like scanning for key words, PII, PHI, or corporate intellectual property.

Additional System Rule Content

Top Level Domain Rule and Dashboard

Suspicious Behaviors

Explanation: A DPA rule creates metadata to identify domain names, and the resulting data can be visualized in a new dashboard.

Benefit: NetMon users can quickly determine the end points for web traffic, noting anomalous top level domains.

Traffic Direction Rule and Dashboard

Suspicious Behaviors

Explanation: A DPA rule creates metadata to identify traffic direction, and the resulting data can be visualized in a new dashboard.

Benefit: NetMon users can quickly evaluate a network to determine ingress, egress, and lateral traffic patterns to help identify anomalous activity.

Canadian SIN DPA Rule

Data Rules

Explanation: New rule detects PII exposure of Canadian Social Insurance Numbers.

Benefit: The new DPA rule can detect accidental or malicious exposure of PII through unencrypted channels.

Identify Bank Routing Numbers

Data Rules

Explanation: New rule detects exposure of bank routing numbers.

Benefit: The new DPA rule can detect accidental or malicious exposure of bank routing numbers through unencrypted channels.

Improved CCN Detection

Data Rules

Explanation: Existing DPA rule algorithm improved for detecting credit card numbers.

Benefit: The improved DPA rule accidental or malicious exposure of credit card numbers through unencrypted channels.

Resolved Issues

NM-674

NetMon was incorrectly classifying certain logs as “Thunder.”

NM-697

In deployments having a large number of small flows, NetMon was crashing when trying to insert data into Elasticsearch.

NM-699

NetMon was displaying ports for ICMP traffic when no ports should have been displayed.

NM-704

The version of PHP used by NetMon has been upgraded to 5.6.22.

3.1.2

May 12, 2016

Features and Enhancements

User Interface Update

Web Management Interface

Explanation: The UI has been refreshed and updated, aligning it with the look and feel of the SIEM Web Console.

Benefit: There is less visual contrast between different parts of the LogRhythm solution.

Configurable Security Options

Update Client Security Settings

Explanation: NetMon has a new Client Security page, providing configurable options for:

  • a login authorization banner in the UI and for shell access
  • a session timeout period
  • a configurable minimum password length

Benefit: Compliance with enterprise security policies.

New Diagnostic Messages

Diagnostic Messages

Explanation: New diagnostic messages are enabled for:

  • Changing passwords
  • Adding, deleting or changing a user
  • Restarting services
  • Shutting down NetMon
  • Rebooting NetMon
  • Changing the license
  • Upgrading NetMon
  • Any configuration change
  • File reconstruction or PCAP download via UI or API call
  • Add, edit, enable, disable, upload or delete DPA rule
  • Disk space limit reached

Benefit: Enhances security, troubleshooting and system reliability, including central monitoring and audit control through SIEM integration.

Dashboard Validation

N/A

Explanation: On startup, all official LogRhythm dashboards are validated—missing Dashboards are added, and outdated or corrupt Dashboards are replaced.

Benefit: Provides improved stability for customers.

New Ports Dashboard

Dashboard

Explanation: The Destination Port Dashboard is now available, with visualizations to show all traffic by port, application, destination IP, and source IP.

Benefit: New use case dashboard for hunting for unusual traffic and rogue services.

DPI Update: Nagios

NetMon Supported Applications

Explanation: Nagios is now classified properly.

Benefit: Improved ability to ignore or set policies for Nagios identified traffic.

Indexing Improvements

View Metadata Indexing Statistics

Explanation: The algorithm used for inserting metadata into Elasticsearch has been further optimized for improved performance.

Benefit: Eliminates a performance bottleneck when capturing metadata and processing short, frequent flows.

Resolved Issues

NM-694

Classification Only mode is now a switch on the Engine configuration page.

NM-696

The VlanID field is now capitalized properly.

3.1.1

April 4, 2016

Features and Enhancements

5 Gbps Sustained License

NetMon Licensing

Explanation: The NM5400 platform now supports data capture up to 5 Gbps sustained.

Benefit: With additional license purchases, customers can analyze more network traffic in a single NetMon installation.

UI Update

Web Management Interface

Explanation: NetMon’s UI is updated with a refreshed look and increased functionality.

Benefit: Dashboards are now richer, faster and more responsive. New data aggregations and visualizations are possible, dashboards are easier to create, and analysts will have more power to quickly find and analyze troublesome network traffic.

New Metadata Fields

View Metadata Indexing Statistics

Explanation: TLS version and cipher suite ID are now captured as metadata.

Benefit: As SSL continues to be replaced by TLS, capturing the TLS version and encryption cypher suite helps quickly identify security vulnerabilities and outdated systems.

Explanation: VLAN segment is now captured as metadata.

Benefit: The VLAN segment ID helps differentiate traffic on networks that leverage the 802.1q protocol to separate network segments.

Improved HTTP Processing with Deep Packet Analytics

NetMon Deep Packet Analytics

Explanation: DPA rules can now analyze HTTPRequest and HTTPResponse separately.

Benefit: DPA rules can now perform much more efficiently with simple logic looking at the request versus response of HTTP-based protocols. This allows for faster and richer analysis of suspicious web based traffic.

Integration of Diagnostic Events with the LogRhythm SIEM

Integrate NetMon with LogRhythm Enterprise

Explanation: NetMon audit and diagnostic messages are now stored locally in a designated audit file. In addition, these messages are sent to the SIEM via syslog.

Benefit: Separating audit and diagnostic events from other logs makes it easier to report on NetMon usage and troubleshoot the system’s health. Incorporating these logs into the SIEM provides additional rich reporting and alarming similar to other SIEM components.

Resolved Issues

NM-684

NetMon is running vulnerable OpenSSL version 1.0.1.e.

NM-688

NetMon is shipping with vulnerable glibc version 2.12.

NM-693

Infinite loop when processing SIP/FaceTime traffic.

2.8.2

January 27, 2016

Features and Enhancements

Thread Affinity

Analyze Charts in Diagnostics

Explanation: NetMon will calculate the optimal setting for Processing Threads to maximize performance based on the number of CPU cores in your NetMon system.

Benefit: Ensures you are getting the best possible performance out of your NetMon system.

Basic DPI Mode

Update Engine Parameters

Explanation: In Basic DPI mode, the packet processing path is expedited due to the reduced number of data structures that are used in the packet processing pipeline. In this mode, 95% of the protocols classified and attributes extracted remain unchanged.

Benefit: Improves processing efficiency and greatly reduces the potential for dropped packets.

REST API Updates

Web API

Explanation: NetMon’s REST API has been updated with routes to enable reconstruction and download of file attachments from captured sessions through the API.

Benefit: Provides programmatic access to the latest features available in NetMon.

New Deep Packet Analytics Rules

Deep Packet Analytics System Rules

Explanation: NetMon 2.8.2 includes several new and updated system rules for Deep Packet Analytics.

Benefit: Provides customers with new advanced ways to inspect and act on traffic in their network.

2.8.1

December 30, 2015

Features and Enhancements

Packet Capture with netmap

Packet Capture (PCAP) and File Attachments in NetMon

Explanation: To improve capture and throughput performance, netmap is now available as a packet capture library in NetMon.

Benefit: Switching to a netmap capable interface can improve performance if you are seeing dropped packets on your existing input interface.

File Reconstruction

Download File Attachments from Captured Sessions

Explanation: File attachments from a captured SMTP session can be reconstructed into their original format for further investigation.

Benefit: File reconstruction can assist with forensic analysis or legal matters. For example, you may need to review all files sent by and to a specific user.

NetMon Freemium

NetMon Editions

Explanation: NetMon Freemium is now a general availability release. Customers and prospects alike can now find and download NetMon Freemium.

Benefit: NetMon Freemium enables more users to evaluate NetMon for a POC or on a small-footprint system. It provides the same functionality as a full NetMon license, minus SIEM integration and with lower limits on processing, storage, and data retention.

2.7.3

November 13, 2015

Features and Enhancements

DPA Rule Editor

Edit Custom Deep Packet Analytics Rules

Add Custom Deep Packet Analytics Rules

When creating or editing Deep Packet Analytics Rules, the user can now select from three different editors to emulate in the rule editor—Ace, VIM, and EMACS.

DPA Rule Error Messages

Troubleshoot Deep Packet Analytics

If a Deep Packet Analytics Rule is disabled for a syntax or runtime error, the error in the rule editor now includes the actual error message.

Upgrade History

View Metadata Indexing Statistics

Users can now view a history of the 10 most recent upgrades to NetMon.

2.7.2

September 29, 2015

Features and Enhancements

PCAP Replay

PCAP Replay

Using PCAP Replay on the Tools page, an analyst can upload a PCAP file and run it through the system again. The PCAP is processed through the full pipeline, including Deep Packet Analytics rules.

Search Audit

View Log Data

All searches are now captured in a dedicated log file. The log file is visible on the Logs page and contains information about the user performing a search, the IP of the host performing the search, the time of the search, and the search terms.

Aggregated DPA Statistics

Dashboard

A new dashboard page has been created to show the overall impact of Deep Packet Analytics rules. This page shows the overall impact on CPU and system memory for all rules that are actively running.

DPA Feedback

NetMon Deep Packet Analytics

If a Deep Packet Analytics Rule is disabled due to errors, the system will provide feedback about the location and nature of the error message.

TopX by Bandwidth

View Top Application Statistics (Application Charts)

The TopX by Bandwidth charts now display the total bandwidth used per application in addition to the relative percentage. This improvement helps the analyst better gauge the impact of certain applications on corporate resources.

Vulnerability Remediation

N/A

Several changes were made to address system vulnerabilities, including:

  • Disabling auto-complete for user names and password fields
  • Hardening against “click hijacking” using iframes
  • Disabling ICMP services
  • Adding secure flag and HttpOnly flag to cookies used by the interface
  • Removing additional passwords from long term storage when “scrub passwords” is enabled

Metadata Rationalization

View Metadata Indexing Statistics

Many duplicate metadata fields were removed from the 10 most common classifications. This reduces the memory and storage overhead of processing the most common traffic types.

Logging

Logging

The NetMon software version is now included in any crash report.

Additional System Rule Content

Protocol Mismatches

Detect Protocol Mismatch

Several rules detect non-standard traffic running over standard ports, or standard traffic running on non-standard ports. These rules are designed to help identify command and control traffic or data exfiltration traffic on a network.

Data Exfiltration

Data Rules

Several rules look specifically for protected data such as social security numbers, credit card numbers, and private key files. These rules quickly identify areas of vulnerability (for example, clear text passwords) or areas of potential data loss.

Suspicious Behaviors

Suspicious Behaviors

The last category of rules detect abnormal network behavior including phishing attempts and long running HTTP sessions.

2.7.1

August 27, 2015

Features and Enhancements

Network DPA Rules

NetMon Deep Packet Analytics

Added support for Deep Packet Analytics to allow users to write rules that will interact with network traffic as it is being processed.

Compose DPA Rules

Add a Custom DPA Rule to NetMon

Added the ability to compose new Deep Packet Analytics Rules in addition to loading existing rules. 

Restart NetMon

Restart NetMon Services

Added the option to restart NetMon's core services.

Reboot NetMon

Reboot NetMon

The "Restart" button on the Configuration page is now "Reboot."

System Diagnostics Charts

System Diagnostics Charts

Added two new charts to System Diagnostics page: Total Number of Fields added to Elastic Search per Session and Total memory size of JSON sent to Elastic Search.

2.6.2

April 29, 2015

Features and Enhancements

Analyze Page Controls

Analyze Captured Sessions

Changed the "Close" button to "Submit" in panel editors (Time Picker, Layout Controls, and so on) on the Analyze page.

Installed Packages

Third-Party License Acknowledgments

Added the list of packages that are installed with the NetMon system.

Data Rate Diagnostics

Analyze Charts in Diagnostics

Changed the "License Limited" label to "License Overage Dropped" in the Data Rate diagnostics chart.

Query Cleanup

N/A

Removed regular expression query examples because NetMon does not return the results as expected.

2.6.1

February 24, 2015

Features and Enhancements

No Max PCAP Files Option

Change Engine Parameters

The Max PCAP Files option has been removed from the Engine configuration. NetMon will delete older PCAP files as needed when disk space reaches the 85% threshold.

Updated Licensing Data Rates

NetMon Editions

Updated available options for licensed data capture rates.

Download Captured Sessions

Analyze Captured Sessions

Updated the steps for downloading one or more captured sessions.

Added Query Information

Manage Alarms in NetMon

Added information about using regular expressions in queries.

Diagnostics Chart

Analyze Charts in Diagnostics

The Diagnostics chart "Data Sent to Storage Overseer" has been changed to "Sessions Sent to Dispatch."

Descriptions and Examples

Web API

Added description of command line arguments when using curl commands with the REST API, and added examples for downloading PCAPs on a local or remote host.

2.5.2

November 18, 2014

Features and Enhancements

Log Updates

View Log Data

Removed the Storage Overseer log, and added logs for Metrics, Maintenance, Dispatch, and License Server.

Additional Licensing Information

NetMon Licensing

Added information about evaluation licensing, license expiration, and licensing for varying data capture rates.

Download Current Log

Download Log Data

The "Download Full Log" button is now "Download Current Log."

End User License Agreement

Licensing Overview

Added details about accepting the End User License Agreement when licensing NetMon.

2.5.1

October 13, 2014

Features and Enhancements

Freemium Licensing Support

NetMon Licensing

Added Freemium edition and support for licensed capture rates.

Default Syslog Port

Update Syslog Parameters

Syslog port set to 514 by default and cannot be changed.

Data Rate Chart

Interface Diagnostics Charts

Data Rate chart under Diagnostics > Interface illustrates throttled packets according to licensed capture rate.