What’s new in Release 4.5.2
Bug Fixes
New Device Support
Bug Fixes
| Bug ID | Severity | Component | Description |
| 15260 | Major | GUI | Group By cannot be saved in Rule sub-patterns when creating / editing rules |
| 15346 | Major | GUI | VCenter Cluster level CPU and Memory Utilization events are not generated |
| 15368 | Major | App Server | Sometimes airline monitoring events have customer id 1 (Super/local) instead of correct customer id
(corresponding airline) |
| 15398 | Major | System | Upgrade issue – VMware pulling via Collectors – Old VMware SDK libraries (vim25-4.0.jar,vim-4.0.jar) in Collector causes VMware event pulling problems |
| 15399 | Major | System | Upgrade issue – missing perl-IO-Socket-SSL and perl-NetAddr-IP packages on 4.5.1 Collector causes eStreamer communication to fail from Collelctor |
| 15400 | Major | Parser | “use_dns_lookup=no” flag NOT working for SyslogNGParser and UnixParser |
| 15266,
15330 |
Normal | Parser | Excessive DNS failed login causes phoenix.log to grow |
| 15373 | Normal | Data | Windows successful logon event parsed incorrectly as logon failure events |
| 15317 | Normal | GUI | Mistakenly removes Event Receive Status for Windows Agent when user disables WMI event pull |
| 15397 | Normal | Data
Manager |
Occasional crash in phDataManager due to out-of-scope pointer usage |
| 15294 | Normal | Parser | Strange device types created in CMDB from Netflow discovery |
| 15313 | Normal | App Server | Exception causes App server task cache and database to go out of synch – this causes memory leak in Agent
Manager |
| 15343 | Normal | App Server | Creating a rule exception in Super Local will erroneously remove the corresponding entry from system watch list |
| 15120 | Minor | Data | Fortinet IPS Event Severity Parsing is incorrect |
| 15249 | Minor | Data | Some CMDB Reports containing single quote in Filter condition incorrectly displayed and do not produce correct results |
| 15253 | Minor | Data | Reporting device name is parsed wrong in LinuxInotifyParser |
| 15255 | Minor | Data | Windows Server Failed Logons report definition is incorrect because logon failure events do not have winLogonType |
| 15265 | Minor | Data | Reporting Device name is parsed incorrectly in agentless FIM events |
| 15320 | Minor | Data | AccelOps-WUA-WinLog should be parsed to syslog |
| 15344 | Minor | Data | Parsing error for sourcefire, cisco acs, junos |
| 15371 | Minor | Data | H3C syslog events have incorrect Reporting IP 0.0.7.224 |
| 15376 | Minor | Data | One system CMDB report in Ungrouped category |
| 15345 | Minor | Data | Some profile rules did not report incident attributes correctly |
| 15369 | Minor | Data | Should not show SSH credential for Cisco FirePower in Credential tab |
| 15285 | Enhancement | Data | Parse IOS-CDP-NATIVE_VLAN_MISMATCH |
| 15372 | Enhancement | Enhancement | Parse attribute from Windows System Time Change events and add a PCI report |
New Device Support
Symantec DLP – log analysis – see here
IBM OS400 (iSeries) Log Parsing via Townsend Agent – see here
Tufin SecureTrack – log analysis – see here
IBM Guardium – log analysis – see here