Versions Compared

Old Version 23

changes.mady.by.user Alexander Zangerl

Saved on

compared with

New Version 24

changes.mady.by.user Alexander Zangerl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated for opevents 2.2.0

This is a brief overview of the major changes between opEvents releases.

opEvents 2.2.

...

0

This pre-release for the next major version major release of opEvents was published on 25 Nov 13 Dec 2016. Please contact Opmantek if you would like to test it.

  • The generic extensible parser now supports user-defined plugins, and offers new directives for resolving arbitary inputs using the DNS (forward and backward)
  • The correlation system now provides much more fine-grained control over the contents of a synthetic event, as well as optional post-match inhibit times.
  • opEvents now supports stateful synthetic events.
  • Event Emails now provide better formatting for event script actions and status history.
  • Various GUI simplifications and improvements
    • The event.host property that confused people repeatedly is now only displayed on an event's details page.
    • The Node Administration page now shows what applications a node is enabled for, and the node name now links to the edit dialog.
    •  Some of the more interactive pages now support a quick search for the most common properties.
    • It is now possible to omit the Recent Events list on the Current Events page: simply set the values of config  item opevents_gui_console_pagination to <number of current events to show> and -1 (default is 10 and 10, respectively).
  • opEvents now provides a safer, faster and more flexible interface to external processes for script policy actions.
  • opEvents now supports a "macro" capability for accessing certain configuration values from an action policy IF condition, action policy script arguments, external enrichment arguments, or email templates. See the "macro" section in opCommon.nmis, and the discussion of macro.somename on the linked documentation pages.
  • Installer improvements for greater security
    • opEvents now offers three different default periods for the GUI
      Config option opevents_gui_dashboard_default_period is for the main dashboard page, option opevents_gui_console_default_period governs the 'Recent Events' console, and all other pages are controlled by opevents_gui_default_period. The default for all three is 2 hours.
      Furthermore the default choices for the period dropdown was expanded with some longer periods.
    • The event.host property that confused people repeatedly is now only displayed on an event's details page.
    • The Node Administration page now shows what applications a node is enabled for, and the node name now links to the edit dialog.
    •  Some of the more interactive pages now support a quick search for the most common properties, and the display of any active sorting was improved.
    • It is now possible to omit the Recent Events list on the Current Events page: simply set the values of config  item opevents_gui_console_pagination to <number of current events to show> and -1 (default is 10 and 10, respectively).
    • The Raw Logs  page now shows much more detailed information about the disposal of input data; blacklisted, deduplicated and other ignored and discarded inputs are now shown with a brief explanation of the reason, and actual events are linked for easier access.
  • opEvents now ships with its own CLI tool, and using the opeventsd.pl or opeventsd.exe for operations like import, report creation etc. is now deprecated (and results in warning messages).
    The tool opevents-cli.pl also incorporates the functionality of create_remote_event (which is still shipped separately).
  • Element states are now better controllable and adjustable.
    If any nodes managed by opEvents should suffer desynchronised element states or carry orphaned/old undesirable states, this is now simple to resolve.
    In the node context GUI each element state can not be toggled or deleted outright if you are an admin user. On the command line, the tool opevents-cli.pl can list, show, create, remove and set any element state as necessary.
  • opEvents now provides a safer, faster and more flexible interface to external processes for script policy actions.
  • opEvents now supports a "macro" capability for accessing certain configuration values from an action policy IF condition, action policy script arguments, external enrichment arguments, or email templates. See the "macro" section in opCommon.nmis, and the discussion of macro.somename on the linked documentation pages.
  • The parser rules were all updated for greater robustness, and the default parser for trap logs is now the generic extensible traplog parser.
    The example generic extensible parser rules were updated to support RFC3389/ISO8601 high-precision timestamps.
  • Installer improvements for greater security
  • opEvents now maintains both event priority and NMIS-compatible 'level' properties for an event. All internal logic continues to use 'priority' exclusively.
  • opEvents now handles 'priority update' events from NMIS more user-friendly
    In the past, stateful events from NMIS which didn't convey a new state were summarily deduplicated. In this version, stateful events that carry a different priority (but the same state) are consumed and the original event is updated with the new priority, level and details. In such cases the event's "status history" (visible on the details  page) holds a record for each such changeopEvents now maintains both event priority and NMIS-compatible 'level' properties for an event. All internal logic continues to use 'priority' exclusively.
  • opEvents can now save newly imported nodes from NMIS in disabled or enabled state (see the config item opevents_import_nodes_activated)
  • Sensitive data is no longer imported from NMIS at all (e.g. SNMP communities).
  • Imports from NMIS can now be limited to the primary node information (i.e. not importing any of the node's interface IP addresses that NMIS may know).
    This is selected using the configuration item opevents_import_node_interfaces, which defaults to true.
  • Imports from NMIS can now optionally include or ignore the node, interface, SNMP and WMI state information.
    To include state updates from NMIS, add setstate=true overwrite=true to the import arguments. State updates are no longer enabled by default, except for newly added nodes.
  • The node editing  GUI now offers the extra tab "Details", which presents all currently set configuration attributes of that node for diagnostic purposes.
  • And of course various bug fixes and smaller improvements

...