4.0.5 NetMon Release Notes
Upgrade Considerations
For upgrade considerations for this NetMon release, see Upgrade NetMon.
New Features
No new features were added in this release.
Improvements
Description | Feature | Release Notes |
---|---|---|
RPM Package Upgrades | Third-Party License Acknowledgments | Explanation: PHP has been upgraded to 8.1.5. CentOS kernel and thirdparty RPM packages have also been upgraded. Benefit: These package upgrades mitigate security vulnerabilities. |
Deprecated Features
No features were deprecated in this release.
Resolved Issues
See below for resolved security issues in this release.
Resolved Issues - Security
Security-related issues resolved with this release are available for customers to view on the Community.
Known Issues
The following issues have each been found and reported by multiple users.
After installing your NetMon appliance or NetMon software, do not update the CentOS operating system using yum or any other method. An update could leave your NetMon system in an unusable state.
If you are using a NetMon appliance, you should not access the operating system for any reason.
Bug # | Description | Release Notes |
---|---|---|
DE223 | Dashboards occasionally display "no results" (from Kibana) on first load. | Expected Results: Results from Elasticsearch are always displayed in Kibana. Workaround: To display the results, click the Refresh button on the dashboard. |
DE242 | Downloaded PCAPs display a "Date Modified" of Dec. 31, 1979. | Expected Results: Downloaded PCAP files have a date timestamp appropriate to the download time. Workaround: There is no workaround. |
DE255 | Deleting a DPA rule after uploading it prevents you from immediately uploading it again. | Expected Results: Deleting a DPA rule after uploading it does not prevent you from immediately uploading it again. Workaround: Navigate away from the DPA Rules page, and then return to the page to upload the rule successfully. |
DE264 | Engine Queue Usage chart is inaccurate—a queue appears full when it is 50% full. | Expected Results: A full queue is shown as 100% when full. Workaround: There is no workaround. |
DE359 | An upgrade hash message appears when a new license is uploaded. | Expected Results: A hash is not calculated and displayed for uploaded license files. Workaround: Ignore the hash calculated for uploaded license files. |
DE387 | An IP filter whitelist should drop packets that do not specify an IP address. | Expected Results: When using an IP filter whitelist, a packet with no IP address should be dropped. For example, a raw ethernet packet should be dropped when an IP filter whitelist is being used. Workaround: There is no workaround. |
DE388 | LICENSE_CHANGE and SESSION_EXPIRED diagnostics are not sent via syslog. | Expected Results: These diagnostic messages should be sent to a connected SIEM. Workaround: There is no workaround. |
DE394 | Changing secure Syslog settings from Configuration -> Syslog requires file upload, even when files are already uploaded. | Expected Results: Users should not have to reupload files. Workaround: Re-upload the files for new requests. |
DE432 | Uploading a DPA rule that has the same name as an existing rule without adding a "Flow_" or "Packet_" prefix silently overwrites the existing rule | Expected Results: Users should be notified when a rule with the same name already exists in NetMon, and users should be given the chance to rename the rule being uploaded. Workaround: Prefix rule names with "Flow_" or "Packet_." |
DE809 | A ProbeReader crash occurs if a service restart is requested while one is already underway. | Expected Results: Additional restart requests should not be accepted while a restart is underway. Workaround: After restarting services, wait 5–10 minutes before issuing another API request. |
DE814 | When attempting to download a replayed file that is not yet available on disk, a misleading error message on the File Reconstruction Dashboard says "could not connect, download service is busy." Typically, this occurs when a NetMon is receiving little or no traffic and data is not being flushed to disk. | Expected Results: An appropriate error message gives users an accurate account of why the file reconstruction failed. Workaround: There is no workaround. |
DE822 | Downloading a PCAP for a long-running session (days) consistently times out. | Expected Results: PCAP files for long-running sessions download without timing out. Workaround: There is no workaround. |
DE841 | The DPA API gives an unhelpful error message if the application/json header is missing. | Expected Results: NetMon REST API provides a descriptive and helpful error message when errors occur. Workaround: Use the "application/json" header with the api/dpaRules/custom API. |
DE885 | When the system setting "Forward Replayed Traffic" is not selected, replayed PCAPs that generate query alarms incorrectly send the alarms via syslog to the SIEM. | Expected Results: When the system setting "Forward Replayed Traffic" is not selected, replayed PCAPs that generate query alarms do not send the alarms via syslog to the SIEM. Workaround: There is no workaround. |
DE891 | DNS query_type metadata is incorrectly extracted. For example, if the query_type is 41, NetMon displays a value of 0. | Expected Results: The query_type metadata is correctly extracted and displayed for DNS sessions. Workaround: There is no workaround. |
DE902 | When the free space on the root partition is less than the size of the upgrade file, the upload fails with an Internal Server Error (500), but there is no indication that there is not enough disk space to perform the upgrade. | Expected Results: If there is not enough disk space to perform an upgrade, users should be notified with a specific error. Workaround: If a 500 Internal Server Error occurs when trying to upgrade NetMon, check the root disk space on NetMon. Users can retrieve additional disk space by deleting log files and removing Cassandra stats data files. |
DE9977 | The diagnostic charts are displayed in local browser time but are incorrectly labeled in UTC. | Expected Results: The diagnostic charts are not labeled in UTC. Workaround: There is no workaround |
DE10070 | In Firefox 72.0.1 (64-bit), users could be redirected to a new dashboard in edit mode after upgrade. | Expected Results: Upgrades should redirect Firefox users to the Analyze Dashboard. Workaround: Navigate away from the New Dashboard page. |
DE10127 | A grayed-out check box prevents changing the network settings from Static to DHCP. | Expected Results: Switching between Static and DHCP should work in either direction. Workaround: Use the AddEth.pl script to configure NetMon for DHCP. |
DE10136 | Enabling Authorization Warning from Configuration -> Client Security results in unexpected UI button behavior. | Expected Results: UI buttons should correctly gray out or remain clickable. Workaround: Refresh the page. |
DE10360 | Attempting to unzip a downloaded PCAP file with Archive Utility on OS X Catalina 10.15.3 results in an "inappropriate file type or format" error. | Expected Results: Users should be able to open downloaded PCAPs. Workaround: Unzipping can still be done in the terminal using “unzip .” |
DE10364 | Deep Packet Analytics error messages could point to the wrong location for certain errors. | Expected Results: DPA errors report the correct line number with the offending error. Workaround: There is no workaround. |
DE10511 | The Network Node Link dashboard does not show in dark mode. | Expected Results: If dark mode is selected, all visualizations should be shown in dark mode. Workaround: There is no workaround for this issue. |
DE10512 | The ixgbe driver provided by CentOS can cause 10 G interfaces to drop all traffic after an undetermined amount of time. Currently, the issue is known to occur on Dell R640 (NM3500) and Dell R740 (NM5500) machines. | Expected Results: Traffic should not drop. Workaround: If you experience this issue, attempt the following workarounds: If the NetMon capture interface is connected to a 1 Gbps data source, move the capture interface cable to one of the onboard 1 G ports and update the capture interface selection in the UI appropriately. If the NetMon capture interface is connected to a 10 Gbps data source, remove the capture interface from the bond and select it as the lone capture interface for the system. If the problem persists after these workarounds, contact LogRhythm Support. |
DE10957 | NetMon fails to download PCAP files and SMTP attachments when there is little to no TAP traffic being processed. | Expected Results: PCAPs and SMTP attachments are successfully downloaded. Workaround: Provide NetMon with some TAP traffic while downloading PCAPs and SMTP attachments. |