This is a brief overview of the major changes between opEvents releases.
This major release of opEvents was published on 13 Dec 2016.
- The generic extensible parser now supports user-defined plugins, and offers new directives for resolving arbitary inputs using the DNS (forward and backward)
- The correlation system now provides much more fine-grained control over the contents of a synthetic event, as well as optional post-match inhibit times.
- opEvents now supports stateful synthetic events.
- Event Emails now provide better formatting for event script actions and status history.
- Various GUI simplifications and improvements
- opEvents now offers three different default periods for the GUI
opevents_gui_dashboard_default_periodis for the main dashboard page, option
opevents_gui_console_default_periodgoverns the 'Recent Events' console, and all other pages are controlled by
opevents_gui_default_period. The default for all three is 2 hours.
Furthermore the default choices for the period dropdown was expanded with some longer periods.
- The event.host property that confused people repeatedly is now only displayed on an event's details page.
- The Node Administration page now shows what applications a node is enabled for, and the node name now links to the edit dialog.
- Some of the more interactive pages now support a quick search for the most common properties, and the display of any active sorting was improved.
- It is now possible to omit the Recent Events list on the Current Events page: simply set the values of config item
opevents_gui_console_paginationto <number of current events to show> and -1 (default is 10 and 10, respectively).
- The Raw Logs page now shows much more detailed information about the disposal of input data; blacklisted, deduplicated and other ignored and discarded inputs are now shown with a brief explanation of the reason, and actual events are linked for easier access.
- opEvents now offers three different default periods for the GUI
- opEvents now ships with its own CLI tool, and using the
opeventsd.exefor operations like import, report creation etc. is now deprecated (and results in warning messages).
opevents-cli.plalso incorporates the functionality of
create_remote_event(which is still shipped separately).
- Element states are now better controllable and adjustable.
If any nodes managed by opEvents should suffer desynchronised element states or carry orphaned/old undesirable states, this is now simple to resolve.
In the node context GUI each element state can not be toggled or deleted outright if you are an admin user. On the command line, the tool
opevents-cli.plcan list, show, create, remove and set any element state as necessary.
- opEvents now provides a safer, faster and more flexible interface to external processes for script policy actions.
- opEvents now supports a "macro" capability for accessing certain configuration values from an action policy IF condition, action policy script arguments, external enrichment arguments, or email templates. See the "macro" section in
opCommon.nmis, and the discussion of
macro.somenameon the linked documentation pages.
- The parser rules were all updated for greater robustness, and the default parser for trap logs is now the generic extensible
The example generic extensible parser rules were updated to support RFC3389/ISO8601 high-precision timestamps.
- Installer improvements for greater security
- opEvents now maintains both event priority and NMIS-compatible 'level' properties for an event. All internal logic continues to use 'priority' exclusively.
- opEvents now handles 'priority update' events from NMIS more user-friendly
In the past, stateful events from NMIS which didn't convey a new state were summarily deduplicated. In this version, stateful events that carry a different priority (but the same state) are consumed and the original event is updated with the new priority, level and details. In such cases the event's "status history" (visible on the details page) holds a record for each such change.
- opEvents can now save newly imported nodes from NMIS in disabled or enabled state (see the config item
- Sensitive data is no longer imported from NMIS at all (e.g. SNMP communities).
- Imports from NMIS can now be limited to the primary node information (i.e. not importing any of the node's interface IP addresses that NMIS may know).
This is selected using the configuration item
opevents_import_node_interfaces, which defaults to
- Imports from NMIS can now optionally include or ignore the node, interface, SNMP and WMI state information.
To include state updates from NMIS, add
setstate=true overwrite=trueto the import arguments. State updates are no longer enabled by default, except for newly added nodes.
- The node editing GUI now offers the extra tab "Details", which presents all currently set configuration attributes of that node for diagnostic purposes.
- And of course various bug fixes and smaller improvements
This is a maintenance release of opEvents which was published on 10 Aug 2016.
- Two new access control levels were introduced for opEvents' summary reports.
module_opevents_view_reportsgrants view-only access to summary reports, and is by default associated with privilege levels 0 to 3.
module_opevents_rw_reportsgrants access to summary report creation, and is associated with levels 0 to 2.
- Some CSV Export links were fixed.
- Event emails now contain the event's status history correctly formatted.
- A number of database access inefficiencies were resolved.
- Installer-created backups are now suitably named and timestamped for long-term retention.
- opEvents now offers a new generic and extensible parser for SNMP trap logs called
nmis_traplog_alternate(which is not selected by default).
- The parsing of incoming logs has been reworked to ensure that changes made by custom parsing rules do not get overridden later.
- The action for clicking on chart points has been simplified and now displays all events in the time period surrounding the clicked point.
- The default event action policy was improved for greater robustness with regard to regular expression matches.
- plus a number of minor bug fixes.
This maintenance release of opEvents was released on 22 Mar 2016.
- The handling of action policy processing was improved for better flexibility and consistency.
A new config option
opevents_auto_acknowledge_uphas been added, which controls automatic acknowledgement of stateful up events. It compliments the existing
opevents_auto_acknowledgeoption which controls stateful down events.
- The import of node information from NMIS has been improved for better reliability.
- Clicking on points on the dashboard charts is now more robusts and brings up the events in the respective time without further filtering.
- The example rule sets for the generic extensible parser have been extended and now include SNMP trap log processing (log type
- Some database robustness and speed improvements were made, and the built-in parsers were adjusted for greater flexibility.
- opEvents now support high-precision timestamps for event inputs, if given in RFC3389/ISO8601 format (e.g. "2016-03-21T06:01:02.345+10:00").
This version of opEvents was released on 12 Feb 2016. It introduces numerous new capabilities and fixes for various bugs and minor problems.
The major changes are new and improved timezone handling, more flexibility for event storm control and correlation and better event action policy processing.
- opEvents' timezone handling was greatly extended.
If you set the config option
omkd_display_timezoneto your desired timezone, then all times in the opEvents GUI will be displayed in that timezone and including the timezone offset.
You can use any timezone definition from the ISO8601 standard and the Olson database, plus "local" (meaning the timezone configured on the server).
If this option is not set, the times will be shown in the "local" timezone but without zone offset. If explicitely set to "local", the offset suffix is shown.
- opEvents now supports times with timezone specifications in the advanced search dialog (but only in numeric offset format at this time, e.g. "+0500").
- opEvents now records the original event date property (if any) separately from the underlying raw epoch time, and timed records for all of an event's processing stages are recorded as well.
All of these are shown on the event details page.
- Escalation policy actions are now shown more prominently in the action log display.
- The handling of special characters in policy action substitutions was improved, and the example EventActions policy file updated.
Please note that the EventActions file shipped with version 2.0.3 is insufficiently robust and should be replaced with the new version at your earliest convenience.
- The log handling was improved. Log reopening works more reliably, and opEvents daemon logs are now prefixed with the component role and process id.
- Improved robustness for the rest-style API for remote event management and the example client application.
- New mechanism for displaying a dynamic service priority text (by event tagging with
- Improved robustness and efficiency for MongoDB operations.
- opnode_admin is now able to clean up inconsistent semi-existent nodes, including events for that node.
- opEvents can now optionally ignore events for unknown nodes.
This is configured using the configuration setting
opevents_auto_create_nodes, which defaults to true if not present. If true, node records are automatically created if necessary.
If set to false, no nodes are automatically created and events for unknown nodes are completely ignored.
- The GUI authentication expiry can now be adjusted with the configuration setting
- Various opEvents GUI pages were adjusted for improved usability and better access to events' context and details.
For example, the event context for stateful events now includes links to any related/opposite event.
- opEvents now performs policy actions
scriptasynchronously and in separate processes.
This speeds up event handling substantially because the main event reader process does no longer have to wait until the programs that your action policy triggers actually do finish.
(For example, diagnostic programs like traceroute can easily take 30 seconds to complete.)
If an event has actions pending processing or completion, a notice info bar is shown on the event context page.
The new config option
opeventsd_max_processeslets you set a limit for parallel worker processes; if that limit is exceeded, further action processing is queued and performed later.
- Storm control and event correlation capabilities were improved.
Both programmable event suppression and event correlation polices now support the option to automatically acknowledge the suppressed/triggering events. Furthermore they also allow the optional delaying of event policy actions for a configurable extra
- opEvents now supports high-precision timestamps better, and displays both human-friendly and raw time stamps on the event details page.
- Stateless events sourced from NMIS' event log (or slave log) are handled more consistently and robustly, and only events with both
statefulproperties are interpreted as stateful.
This maintenance release was released on 7 Dec 2015.
- A new page for showing both Current and Recent Events was introduced.
"Current" events are defined as unacknowledged events within a configurable priority range; this is set with
opevents_gui_current_events_priorities(default is 3-10).
This Current Events page refreshes automatically. Current events are shown with their escalation status (and sorted by priority), whereas recent events are listed in the order of their creation.
- The default number of events to show in various tables is now configurable:
opevents_gui_dashboard_paginationcontrols the two dashboard pages
opevents_gui_events_paginationis for the Event List page,
opevents_gui_console_paginationhas two values that control the Current and Recent Event panels, respectively.
- The End Time selector was moved from the menu bar into the Advanced Search Menu.
- The Event List page now automatically refreshes.
- Selecting a different time period no longer disables auto-refreshing, and the default period for the GUI can now be configured with the config setting
The event context period can be configured independently with
- The Event Context page now shows the escalation status for the event in question.
- The dashboard pages now show the events sorted by time, newest first.
- The logic for automatically acknowledging events was improved.
A stateful up event now auto-acknowledges the corresponding down event and itself; in the past only the down event was acknowledged. This feature can be disabled by changing the config setting
- A new action called
acknowledge() is available for your Event Action Policy.
- Some code inefficiencies were removed, the event colors for priorities 9 and 10 were reworked for better contrast.
- This version of opEvents will work with MongoDB 2.4 but with reduced robustness,
and only if you set the new configuration variable
The installer now checks your local MongoDB's version and warns about this issue.
This maintenance version of opEvents was released on 30 Nov 2015.
- opEvents now offers free licenses which are not time limited (but limited to 20 nodes).
- Please note that for performance reasons opEvents 2.0.2 requires MongoDB version 2.6 or newer.
- opEvents now offers optional Single-Sign-On across servers.
- The generic log parser now supports JunOS logs.
- All irrevocable operations in the GUI now require confirmation.
- Acknowledging events in the GUI is now recorded with username and timestamp, and this information is shown on all relevant pages.
- You can now enrich all or certain classes of events with links to external Knowledge Base systems.
- Synthetic (aka correlated) events are now shown with links to the contributing nodes and events.
- The Events Details page now shows all timestamps in both raw and human-friendly format.
- Various GUI pages were reworked for improved performance, especially for (re)sorting by column.
- The main dashboard and Event List pages now color events contextually, by event severity. If desired, this can be disabled by changing the config setting
- For network interface events, opEvents now displays the elements with their interface descriptions appended in parenthesis (if the node was refreshed/imported from NMIS with opEvents version 2.0.2).
- Syntax errors and other mistages in Event Action policies are now detected better and logged in
log/opEvents.log, and log rotation in opEventsd was made more robust.
- The Raw Logs functionality now records deduplicated and suppressed events with more useful details, i.e. the
eventidsproperty shows "deduplicated and discarded" instead of being blank.
- opnode_admin now supports more user-friendly
act=showoperations, which let you quickly see and modify particular properties of a node; it can now also optionally delete nodes completely (=including their opEvents data). It also warns about (but still accepts) bad/less-compatible node names.
opeventsd.plactions for importing or refreshing nodes from NMIS were reworked for improved clarity and robustness, and the help text was rewritten.
- The installer no longer overwrites user-customized CSS files (i.e. you can adjust
public/omk/css/opEvents_c_custom_packed.cssto your preferences and that will persist across versions).
- ...and, as always, numerous smaller bugs and imperfections were repaired.
This new major version was released on 13 Oct 2015.
- opEvents 2.0.0 requires NMIS 8.5.10G or newer for full interoperability. Please check the Product Compatibility page for details.
- Improved license management user interface
It's now much easier to delete, restore or selectively import your licenses from your Opmantek.com account into opEvents,
and reminders about any license conditions being exceeded are presented in a more useful fashion.
- There is a totally new rest-style API for remote event management, complete with an example client and its source.
- Configurable purging of old data from the opEvents database is now supported.
- opEvents provides a new facility for summary reports (created both on demand and periodically), complete with automatic email of reports as XLSX spreadsheet and online display.
- Comments with attribution and timestamps can now be added to nodes and events.
Anybody who can view an event can also add a comment for it, but only an administrator can delete comments. (Node comments are all admin-only.)
Comments are shown with the event or node in question, and are tagged with the creation time and originating user. Any URLs in comments are presented as clickable links.
The older facility for importing and editing notes for nodes still remains.
- More user-friendly new landing and overview page at "http://<yourserver>/omk".
- Improved interactivity due to better database connection caching
opEvents now keeps its connections to MongoDB open and reuses them as much as possible, which improves interactivity especially if you use a remote MongoDB server.
- New Node Overview screen
There is a new node-centric dashboard or overview screen which shows events and event types for a node over time. Links between this node overview and the node context allow easy navigation.
- Various GUI improvements and refinements, e.g. more informational window/tab titles.
- Improved NMIS importing now also covers opHA-slave nodes, and access to interfaces'
Importing or refreshing nodes from NMIS now handles nodes on remote slave instances if opHA is active on the opEvents server. Event action rules can now access an interface's Description or ifAlias property.
- Events can now include links to other "authoritative sources", e.g. external applications like helpdesk systems or the like.
(See the documentation about
locationproperties in the list of Normalised Event Properties for details.)
- Node editing actions are now logged with timestamp and originating user in
- Improved access control, better NMIS authentication integration
opEvents now fully enforces access control based on a user's group memberships: only those nodes and events are visible, where the nodes are members of groups that this user is authorized to see.
The installer now also offers to merge NMIS and Opmantek
- Better logging and log-rotation support
opEvents now logs to
log/opEvents.logand the log format and content was revised to make the logged information more useful. Logs are reopened when the opeventsd receives a
- opEventsd now restarts automatically when any relevant configuration files change.
opEventsd now can be instructed to also restart periodically, using the new
opeventsd_max_cyclesconfiguration directive (= restart after so many
This version was released on 9 Sep 2015.
- This version interoperates fully with NMIS 8.5.10G, and requires at least this version of NMIS to be installed. Please check the Product Compatibility page for details.
- opEvents now works with MongoDB 2.4, 2.6 and 3.0.
- The Help/About screen shows more useful information, including a note about new releases. The window titles and icons have been updated.
- If installed together with opConfig or opAddress, then opEvents now provides links to node-related dashboards in those products when possible.
opEvents 1.2.4 was released on 2 Mar 2015.
- This is primarily a maintenance release, which does not introduce any new features.
- The installer was improved for greater robustness and ease of use.
- opEvents now supports sending Syslog messages to Syslog server over TCP and to arbitrary ports.
- a variety of smaller bugs were fixed as well.
opEvents 1.2.3 was released on 24 Nov 2014.
- This version includes a helper for setting up MongoDB for Opmantek use, and the installer offers to run the helper on installations and upgrades.
- opEvents now supports per-node licensing and activation: nodes can be marked disabled from within the GUI, in which case the node does not count for license limits and no events are handled for this node. By default all nodes are active.
- The node configuration infrastructure in opEvents is now fully unified and shared with opConfig.
- Renaming nodes in opEvents now also renames all past events for that node.
- opEvents now includes a full-featured command line tool for node administration,
bin/opnode_admin.pl. This tool implements all node management functions already present in the GUI, as well as some extras to make it suitable for scriptable node creating and editing.
- The ordering of rules in the event action and parsing engines was fixed (under certain circumstances rules could be tested in the wrong order in older versions).
- The default event action rules were improved to better collect diagnostic info in reaction to node- and network-related events.
- The event action tag.name(value) has been improved to not clash with internal properties.
- The event action email(recip) has been revised for better standards compliance and interoperability with IP version 6.
opeventsd.plnow handles inadvertent log replays better. It can be told (with config option
opevents_max_event_age) whether older event inputs should be processed or skipped. The handling of missing, malformatted or otherwise indigestible log files was made more robust.
- If no opEvents license is present, then
oeventsd.plstarts but doesn't consume any incoming files; it also creates a log entry about the missing license once every 15 minutes.
- opEvents now supports setting a custom PATH environment for running script/program event actions. If you set the config option
opevents_standard_path, then opEvents will set that PATH for all external programs that it runs.
- Opmantek applications can now be selectively enabled using the configuration option
- The installer for opEvents was updated to improve robustness and reliability, and opEvents now ships with the Opmantek Support Tool.
- The display of errors and exceptions in the GUI has been improved.
- various minor improvements and bug fixes in both the GUI as well as the back end.
- a small warning: the installer may warn about two "incorrect checksum detected" for two files, if you install this version on top of the Opmantek Virtual Appliance version 8.5.6G or after other Opmantek applications that were released since opEvents 1.2.3. These warnings are benign and you can safely confirm that the installer is allowed to 'overwrite' those files.
This is a maintenance release incorporating bug fixes and some new features:
- opEvents now support notes for both nodes and events.
Any notes for nodes that exist in NMIS are imported when you use Import or Refresh from NMIS (in the System->Edit Nodes menu).
Notes for events can be edited by users with privilege
Module_opEvents_rwor higher. Notes for nodes require
Both types of notes are shown on the event and node context pages and can be of arbitrary length.
- Editing of notes for events is recorded (as an action named
note) with the even, and tthe user making the change is included in the action log.
- opEvents now creates the necessary database indices automatically on the fly, and it is no longer required to run "
opeventsd.pl act=setup" for database initialization.
- All opEvents pages were improved with regard to scalability and rendering delays have dropped substantially.
- opEvents' Advanced Search now supports searching by node (also with regular expression).
- The display of the event-over-time chart on the dashboard page was improved to display the 'busiest' node at the bottom of the stacking order.
- Compatibility with Internet Explorer 11 was improved.
- Both htpassword hashing modes (DES/Crypt and Apache-custom-MD5) are now supported.
- some installer improvements and various minor bug fixes.
This is a maintenance release which primarily incorporates bug fixes.
- The help texts and tooltips in the GUI have been improved
- Role-based Access Control was added to the opEvents GUI.
- various installer improvements
This is a general release with various improvements and bug fixes.
- opEvents now ships with the new Opmantek Installer, which provides a much simpler and safer installation and upgrade process.
- Restyled GUI, added glyphs for better visibility
- A GUI for Node management was added under the System menu, which also provides access to NMIS Node Import functions.
- New helper scripts for external event queue management were added
- Authentication logs are now separate in log/auth.log and no longer mixed into opdaemon.log.
- Entering a license is now simpler and requires just one click.
- The logic and heuristic for finding associations between IP addresses, short and qualified DNS names and node names was reworked and is now much more robust.
- Node names with "." in them work consistently now.
- The Modules menu was reworked and is more useful now.
- Improved opdiffconfigs, opupdateconfig and patch_config scripts are now shipped with the release.
- The daemon init scripts now work consistently on both Debian- and Redhat-style distributions, and provice a "status" command.
- The robustness of Quick and Advanced Search functions was improved.
- The presentation of the Element Up/Down was repaired and improved.
- The interoperability between Opmantek products has been greatly improved, and all products can now be installed in a cooperative fashion on the same machine.
- The GUI now displays a prominent warning on the main dashboard page, should there be no active opevents daemon.
This is a maintenance release incorporating primarily bug fixes. The two noteworthy changes:
- A security issue with the bundled Apache installation has been corrected, which could have been abused for denial-of-service attacks if opEvents was installed with unrestricted inbound access from the Internet.
- The licensing system has been updated: to evaluate opEvents you will require a new evaluation license. Full licenses are not affected by this change.
- synthetic events are now subject to full deduplication and storm control
- the package now ships with suitable default log rotation config files
- improved robustness for log parsers and GUI behaviour
- reworked the interface between NMIS and opevents, opeventsd now offers more precise functions for initial import and subsequent refresh operatinons of NMIS node information.
the GUI now also provides access to these functions.
- improved handling of stateful events for completely unknown nodes or devices
- email contents are now completely configurable in the form of any number of user-defined templates, which includes both email subject and body.
- the GUI now provides a link to the online product documentation.
- opevents can now log events as JSON files, implemented as a policy action.
- opevents now supports flexible watchdog timers for nodes and/or specific nodes' elements, implemented as policy action.
- various GUI improvements
- opevents can now log events in NMIS syslog format, implemented as a policy action
- reworked stateful deduplication and event synthesis functionality for improved robustness
- various bug fixes, node- and ip-cache-related, interaction between whitelist and rawlogging
- insertion of events from command-line or JSON files was reparied to fix a type issue that kept such events from showing up in the GUI
- fixed an issue that could keep queued events pending for too long on a very lightly loaded system
- GUI updates to improve the display of events' context
- event emails were updated to contain more useful information
- supported policy actions now also include generic tagging of an event
- the escalation subsystem was made more resilient
overhaul of the mail sending infrastructure
fixes for external authentication methods and NMIS import issues
- opeventsd can now parse (and consume) NMIS logs in JSON format
Changes between releases 1.0.0 and 1.0.3:
- opeventsd now resurrects its worker slave on demand
- a new generic parser engine for local customisation was added
- opeventsd can now create events from the command-line or from a single JSON file
- opevents now supports any number of logfiles per log parser type
- the ip address cache now works properly and more efficiently
- opeventsd now displays all supported command-line arguments when run with -h or -?
- opevents now properly handles truncated (not rotated) logs