• No results found

TIBCO LogLogic Log Management Intelligence (LMI) Release Notes

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "TIBCO LogLogic Log Management Intelligence (LMI) Release Notes"

Copied!
18
0
0

Loading.... (view fulltext now)

Download now ( 18 Page )

Full text

(1)

TIBCO LogLogic®

Log Management Intelligence (LMI)

Release Notes

(2)

TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.

USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.

This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.

TIBCO, Two-Second Advantage, and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.

All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.

THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.

THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,

INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.

THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.

(3)

|

1

Release Notes

Check the TIBCO Product Support web site at https://support.tibco.com for product information that was not available at release time. Entry to this site requires a username and password. If you do not have a username, you can request one. You must have a valid maintenance or support contract to use this site.

Topics

• Release 5.6.0, page 2

• What’s New in Release 5.6.0, page 3

• Changes in Functionality, page 5

• Supported Platforms, Browsers, and Settings, page 6

• Known Issues, page 9

• Fixed Issues, page 11

(4)

Release 5.6.0

TIBCO LogLogic® Appliance Release 5.6.0 is a feature update to previous releases.

You can upgrade from Release 5.5.0 with HF3 and 5.5.1 with HF1 to Release 5.6.0 using instructions in the LogLogic Configuration and Upgrade Guide, which is available for download from the TIBCO support website or the TIBCO Software Product Download Site.

If you are running a release prior to 5.3, you must first upgrade to Release 5.3, 5.3.1, 5.4, 5.4.1, or 5.4.2; run the Post Upgrade Script, and then upgrade to Release 5.6.0. If you do not run the Post Upgrade Script, you will lose some of the reports data.

After upgrading from 5.5.0 or 5.5.1 you must run the Post Upgrade Script rundbm which is under /loglogic/bin/directory. .

Table 1 LMI Upgrade Matrix

LMI 5.4.0 5.4.1 5.4.2 5.5.0 5.5.1 5.6.0 5.4    5.4.1    5.4.2   5.5.0   5.5.1 

Table 2 LMI – LSP Compatibility Matrix

(5)

What’s New in Release 5.6.0

|

3

What’s New in Release 5.6.0

TIBCO LogLogic Release 5.6.0 contains the following improvements and updates since the previous feature release:

IPv6 Support

TIBCO LogLogic Log Management Intelligence now supports collection, storage, search, and forwarding functionality for native IPv6 networks as well as hybrid environments consisting of IPv4 and IPv6 devices.

In the configuration CLI there is only partial support for both IPv4 and IPv6 on the same interface. For this release it is recommended to use separate appliances. In HA configuration, the node identifier of each machine is derived from the last byte of the machine’s IP address (the address specified to be used for HA replication during HA setup). Care must be taken that the last byte differs for both members of a cluster.

When configuring SAN in HA, the identity of each node is still internally assumed to be an IPv4 address. Care must be taken that the last 4 bytes of each node’s IP address differ (note that this is implied by the previous rule).

IPv6 addresses not supported for:

• Network Policy Alert rules • Compliance Manager 2.1.0

• Management Station does not support IPv6 addresses for remote appliances • Replay because of dependency on Management Station

• CheckPoint devices

• Parsing of address strings within log messages • Centerra Archival

(6)

Increased Device Count

TIBCO LogLogic Log Management Intelligence is now certified to work with up to 100,000 devices.

This increased support includes device groups as well as individual devices on an appliance.

• Minimum Hardware Requirements for 100K Devices on EVA — CPU – Intel Compatible (2 GHz minimum)

— Memory – 12 GB minimum — Cores - 8

— Network Adapter – 1 minimum; up to 6 — Disk – 500 GB; 20 GB for the evaluation version — VM Controller – LSI Logic RAID

— VM Hard Drive – SCSI type

• Appliance models recommended for 100K Devices support: — ST4025

— LX4025 — MX4025 — ST2025 SAN

Table 3 IPv6 Support Matrix

Log Source

address LMI Supported LMI version

IPv4 IPv4 v5.5.0 and below

IPv6 IPv6 v5.6.0

(7)

Changes in Functionality

|

5

Changes in Functionality

The following platforms and browsers are no longer supported: • H3 Appliances

(8)

Supported Platforms, Browsers, and Settings

This TIBCO LogLogic release supports specific LogLogic Appliance models, and can be used with supported web browsers on systems using the recommended display settings.

Table 4 Supported Platforms for H4 Appliance Models

LX Appliances ST Appliances MX Appliances

LX825 ST1025 MX3025

LX1025 ST2025 SAN MX4025

LX4025 ST4025

Table 5 Supported Browsers

Browser Version

Google Chrome 23.x, 31.x, 41.x Microsoft Internet Explorer 10.x, 11.x

Mozilla Firefox 3.6.x, 16.x, 25.x, 26.x, 36.x Table 6 Display Settings

Monitor Recommended settings Minimum

settings

Display Resolution 1280 x 1024 pixels or higher 1024 x 768 pixels

(9)

LogLogic Documentation

|

7

LogLogic Documentation

This release includes the following documentation, available on the TIBCO Product Documentation website — https://docs.tibco.com

LogLogic Hardware Installation Guide—Describes how to get started with the LogLogic Appliance, and includes details about the Appliance hardware. • LogLogic Configuration and Upgrade Guide—Describes how to configure and

upgrade a LogLogic Appliance software.

LogLogic Administration Guide—Describes how to administer the LogLogic solution including managing users, managing log data storage, and managing new log sources (devices).

LogLogic Management Appliance Guide—Describes how to manage multiple distributed Appliances using the LogLogic Management Appliance.

LogLogic User Guide—Describes how to use the LogLogic solution, including managing reports, managing alerts, and performing searches.

LogLogic Enterprise Virtual Appliance Quick Start Guide—Describes how to install the LogLogic Enterprise Virtual Appliance (EVA) in the VMware environment.

LogLogic Log Source Configuration Guides—Describe how to support log data from various log sources. There is a separate manual for each supported log source. These documents include documentation on LogLogic Collectors as well as documentation on how to configure log sources to work with the LogLogic solution.

LogLogic Collector Guides—Describe how to implement support for using a LogLogic Collector for specific log sources such as IBM i5/OS and ISS SiteProtector.

LogLogic Log Source Report Mapping Guide—This guide provides a set of tables listing Log Source Reports by Device Type, sorted by UI Categories: Access Control, Database Activity, Enterprise Content Management, HP NonStop Audit, IBM i5/OS Activity, Mail Activity, Network Activity, Operational, Policy Reports, Storage Systems Activity, and Threat Management.

LogLogic Web Services API Implementation Guide—Describes how to implement the LogLogic Web Services APIs to manage reports, manage alerts, perform searches, and administrate the system.

(10)

XML Import Guide—Describes how to manually import, export, and edit XML files into and from the Appliance when not using the Appliance UI.

(11)

Known Issues

|

9

Known Issues

The following issues are known to exist in the current release:

• Setting up encrypted forwarding via LLTCP or TCP syslog causes the root account key of the source appliance to become authorized by the destination appliance. Resulting in the password-less ssh access by root from source appliance to destination, in addition to allowing log forwarding. (LLLM-1817) • EVA product comes out of the box with a default SSH signature. This

signature should be changed to maintain proper security measures once installation is complete. (LLLM-1816)

• Distributed regex searches are cancelled by LMI if they execute for more than 5 minutes on Management Stations. Contact Support for the workaround. (LLLM-1790)

• Greek characters within usernames cause LDAP authentication to fail. (LLLM-1660)

• Can not collect the logs forwarded by UC when domain have 256 characters. (LLLM-1713)

• Three failures are reported from the OEL65 init scripts. These messages do not indicate any malfunction. The services which do not start are either already started or unnecessary. (LLLM-2376)

• Unable to export 100k devices using the export feature. (LLLM-2699) Work around: Export less than 60K devices at a time.

• Depending on the type of model, importing large numbers of devices can take some time (hours). (LLLM-2548)

• An error is displayed when the “User Last Activity” PCI report is run. (LLLM-2783)

Work around: Edit the report, run it and resave it.

• GUI cannot redirect to login page after restore if eth0 is configured with default IP 10.0.0.11 and IPv6 is configured on any other NIC. (LLLM-2853) Work around: Unset the default eth0 configuration or configure eth0 with real network information.

(12)

• SNMP of upgraded appliance does not work on IPv6. Works for fresh install. (LLLM-2881)

Work around: To make SNMP work on IPv6, the snmpd.conf file (located in /loglogic/update) needs to be appended with the lines given below for LX and ST appliances.

For LX:

agentAddress udp:161,udp6:161 rocommunity6 public default For ST:

agentAddress udp:161,udp6:161 rocommunity6 public default

If the community string for IPv6 used is not public then that string needs to be replaced in these lines.

For example, for IPv4 if the existing community string is LOGLOGIC then the corresponding entry in the snmpd.conf will be:

rocommunity LOGLOGIC

Replace the string:rocommunity6 public default with

(13)

Fixed Issues

|

11

Fixed Issues

The following issues were fixed in this release:

• Aborted connection error message is no longer seen when the rtstatus binary does not properly close a shared mysql connection handle. (LLLM-2855) • OVA certificate had expired. (LLLM-2846)

• A failure to rotate the mysql error log file caused mysql to fail. (LLLM-2834) • Bluecoat configuration to a LogLogic appliance with SSL authentication for

HTTPS continuous upload did not work. (LLLM-2768)

• Multiple OpenJDK and Bash shellshock vulnerabilities reported. (LLLM-2766) • Login failed for accounts with many groups. (LLLM-2723)

• Unable to collect Microsoft SQL server logs and Oracle Server logs on LX appliance. (LLLM-2603)

• Alert history and alert email notification contained truncated log message originating from an SNMP trap. (LLLM-2596)

• Multiple index search warnings prevented conversion from html to pdf. (LLLM-2580)

• Errors generated in logs when using Management Station through WSAPI. (LLLM-2577)

• Errors generated in logs after configuring SCP backup to SCP server. (LLLM-2576)

• Device count was wrong in data retention. (LLLM-2575)

• The engine_archive did not archive enough to maintain archive threshold. (LLLM-2546)

• Update of a data retention rule was not applied. (LLLM-2448)

• User not able to export Custom reports from any 5.4.x version of LMI appliance and import it another appliance or version. (LLLM-2099) • Index Search should search IPv6 addresses for every text representation.

(LLLM-1963)

• User Authentication Reports timed out or took longer than expected. This only occurred when filters were selected against columns which had no indexes. (LLLM-1791)

(14)

• 256-bit ciphers were not supported. (LLLM-1597)

• The RSA key exchange in SSL did not support Forward Secrecy. (LLLM-1595) • The mysql version was outdated. (LLLM-1581)

• Security vulnerabilities from 5.4 security scan. (LLLM-912)

• The version of stunnel (and OpenSSL) utilized by the engine_uldpcollector (when secure ULDP was enabled) process was outdated and vulnerable. (LLLM-890)

• Multiple patch vulnerabilities resulting from LMI 5.4 security scan. (LLLM-781)

• OpenSSH vulnerability with GSSAPI ELSA-2011-2029. (LLLM-775) • Ability to self-modify user name in web UI. (LLLM-758)

• CGI Generic Cross-Site Request Forgery Detection (potential vulnerability). (LLLM-613)

• Non absolute directory entries in PATH. (LLLM-439)

• Performing drill down of reports on Compliance Manager took longer than expected. (LLLM-1428)

• LMI version 5.4 and above did not support TLS 1.2 after IE 9.x. (LLLM-742) • CiscoVPN3000 logs containing empty username with double quotes caused

LX parser to crash with a segmentation fault resulting in reboot and engines disabled on start. (LLLM-2792)

Hotfixes Incorporated

The following hotfixes were merged into this release: LMI 5.4.2 Hotfixes

5.4.2-HF3

• Results were retrieved only from devices that were sending logs to

Management Station and not from devices sending logs to Managed Station when WSAPI for v5.4 or higher was used. (LLCE-566)

• Old filedata indices were not being removed due to bad a SQL statement. (LLCE-656)

(15)

Fixed Issues

|

13

• Message Signature “Validate” screen showed a message match, however using the Message Signature tags in an Index Search did not find

corresponding messages or showed inconsistent results. (LLCE-673) • ReportService->getReport method->Filters did not work. (LLCE-675) • Phantom searches were found with Distributed RegEx. (LLCE-682) • The engine_backup failed when it could not find files or directories.

(LLCE-683)

• Regex filter based alert failed for incoming SNMP messages. (LLCE-707) • Update installation instructions in hotfixe readme. (LLCE-710)

• The unreadable codes of French characters were seen when a saved Message Signature was edited. (LLCE-715)

• The number of the matching messages in the “Validation” tab of the “Message signature Pattern Editor” was not the same as the search results in “Index Search”. (LLCE-723)

• UTF8 regex alerting with non UTF8 characters inside RAW data. (LLCE-730) 5.4.2-HF4

• All Message Routing failed or stoppedwhen one destination was unavailable. (LLCE-717)

• Log Source Data Trend “File Transfer Logs - last 24 hours” pane did not reporting the correct number of messages indexed. (LLCE-719)

• Messages that containesd French characters did not match with the Regex even though the Regex was created according to the message. (LLCE-724) • Advanced Option for Log Source Status name filter did not filter log source

names correctly. (LLCE-728)

• Scheduled index report from MS and RA did not include logs. (LLCE-731) • Index-Remove process created a lock on index files on NAS and caused it to

hang the remove and relocate processes during failover. (LLCE-735) • Index search report from LogLogic appliance to CM2.1, log message was

truncated after 238 characters. (LLCE-740)

(16)

• TCP Syslog forwarding rule did not use keep-alive. (LLCE-768)

• Distributed RegEx search did not work if the RegEx pattern had backslash in it. (LLCE-809)

5.4.2-HF-LLCE-812

• Engine engine_archive did not archive enough to maintain the archive threshold. (LLLM-2546)

5.4.2-HF-LLCE-992-993

• Ghost glibc vulnerability. (LLLM-2775)

• NTP daemon contained multiple vulnerabilities. (LLLM-2710) LMI 5.5.0 Hotfixes

5.5.0-HF1

• HA synchronization transfered more data than needed. (LLCE-750) • Engine_LX_parser repeatedly crashed. (LLCE-769)

• LMI5.5.0 User creation with the firstname. (LLCE-771)

• Index Search did not match IPv6 addresses properly. (LLCE-776)

• Regex filter based alert failed for incoming SNMP messages. (LLCE-782) • Message Signature “Validate” screen showed message match, however using

the Message Signature tags in an Index Search did not find or show inconsistency results. (LLCE-787)

• Index-Remove process write.locks on index files on NAS and hangs the remove and relocate processes. (LLCE-789)

• Results were retrieved only from devices that were sending logs to

Management Station and not from devices sending logs to Managed Station when WSAPI for v5.4 or higher was used. (LLCE-790)

• Engine_backup failed when it could not find files or directories. (LLCE-793) 5.5.0-HF2

• User Access Reports were blank for more than 12 hours even when there was data. (LLCE-807)

(17)

Fixed Issues

|

15

5.5.0-HF-LLCE-883

• GNU bash shell was vulnerable to multiple security vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187). (LLLM-2259)

5.5.0-HF-LLCE-902

• Tomcat Web UI and OpenSSL HTTPS and WSS were vulnerable to POODLE security vulnerability (CVE-2014-3566). (LLCE-902)

5.5.0-HF3

• Engine_LX_parser repeatedly crashed following upgrade to 5.5. from 5.4.0, (LLCE-795)

5.5.0-HF-LLCE-972-988

(18)

Connecting with TIBCO Resources

How to Join TIBCOmmunity

TIBCOmmunity is an online destination for TIBCO customers, partners, and resident experts. It is a place to share and access the collective experience of the TIBCO community. TIBCOmmunity offers forums, blogs, and access to a variety of resources. To register, go to http://www.tibcommunity.com.

How to Access TIBCO Documentation

You can access TIBCO documentation here:

https://docs.tibco.com

How to Contact TIBCO Support

For comments or problems with this manual or the software it addresses, contact TIBCO Support as follows:

• For an overview of TIBCO Support, and information about getting started with TIBCO Support, visit this site:

http://www.tibco.com/services/support

• If you already have a valid maintenance or support contract, visit this site:

https://support.tibco.com

References

Download now ( PDF - 18 Page - 133.25 KB )

Related documents

Guided bone regeneration at zirconia and titanium dental implants: a pilot histological investigation

CONCLUSIONS: The findings of the present pilot study suggest that zirconia and titanium implants grafted with DBBM granules and covered with a collagen membrane do not

Conduction Mapping for Quality Control of Laser Powder Bed Fusion Additive Manufacturing

A process was developed to identify potential defects in previous layers of Selective Laser Melting (SLM) Powder Bed Fusion (PBF) 3D printed metal parts using a mid-IR thermal camera

Persecution of Homosexuals in the McCarthy Hearings: A History of Homosexuality in Postwar America and McCarthyism

The testimony of the State Department employee was brought to public hearings in hope that he turned out to be a communist, showing that even in a case potentially dealing

Portland Lodge 7 The Coppice Littleport CB6 1HP

The kitchen, the dining room, the hall and even the downstairs bedroom all have French doors that open onto a large patio terrace and then the rest of the garden is laid to lawn..

What Nelson Mandela Taught the World About Leadership

de Klerk, South Africa’s last leader under the apartheid regime, Mandela found a negotiation partner who shared his vision of a peaceful transition and showed the courage to

CBRE. U.S. Tech-Twenty Office Markets

Silicon Valley San Francisco San Francisco Peninsula Austin Seattle Raleigh-Durham Salt Lake City Denver Boston Baltimore New York Washington DC San Diego Pittsburgh

Stellar Phoenix Photo Recovery 5.0 User Guide

Resume recovery feature of Stellar Phoenix Photo Recovery allows you to recover photos, audio and video files using saved scan information file or image file.. You can use the

Sympathy for the Orcs: Evil in Urban Fantasy

8 Attebery, like Irwin, distinguishes between the fantastic and fantasy: the fantastic as a mode of storytelling incorporates the whole of myth, fairy tale, magic realism,