Cybersecurity
DevOps Cloud
IT Operations Cloud
Logger 6.0 (build version L7285)
Analyze/Search:
LOG-12859
DESCRIPTION: You could not select the Fieldset until after you had run a search in the current user session.
FIX: With the new Search UI, the Fieldset menu is available before you run a search.
LOG-12765
DESCRIPTION: If you set the Case Sensitive search option to No and appended an additional field-based search term by using the AND operator, the search did not return any results.
FIX: Case insensitive searches now return results as expected, even when using the AND operator.
LOG-12746
DESCRIPTION: An error would result you drilled down from a chart on a Search or Dashboard page that was created by a query where the count was renamed by the chart operator (... | chart count as NEvents by name) and the renamed count was then used to sort the chart results (... | sort -NEvents). This happened because the query resulting from the drill-down still kept the sort term using the renamed count.
FIX: Any sort term used after the chart operator is now removed after the chart drill-down.
LOG-12685
DESCRIPTION: Archive search was slow due to the slowness of retrieving metadata.
FIX: Metadata retrieval is improved with this release. Hence, the slow search for archive data is also improved.
LOG-12581
DESCRIPTION: Saved Search files had to be manually deleted one by one.
FIX: When you try to schedule a Saved Search, there is now a "Delete Files After" field. After the time specified in that field expires, Logger deletes the Saved Search files.
LOG-12577
DESCRIPTION: When the user searched with a chartable query, such as "rare deviceEventClassId | sort - _count | where _count >88", and drilled down from the resulting chart by clicking a bar (or other clickable chart element), the resulting (non-chartable) query generated by the drill down was invalid. This happened because the "_count" field cannot be used in searches without any chart result.
FIX: The drill down has been improved to remove any query terms using _count after chartable operators so that the resulting query is valid. Note: When the _count is renamed and then the renamed count is used to limit the chart results (... | chart count as "Num of Events" by name | rename name as Name | where "Num of Events" > 30), the resulting query after the drill-down will be still invalid even after this fix.
LOG-12542
DESCRIPTION: The Go button on the Search page could disappear if you canceled a search and then clicked the histogram.
FIX: The Go button remains available when you cancel a search and then click the histogram.
LOG-12343
DESCRIPTION: Logger Web service searches that included | regex "," or other special characters could cause an exception when the events in the search results contains special characters such as ì<>î. This is happened because the Logger Web service cannot handle the special characters in the transported events without proper encoding.
FIX: Added instructions for how to turn on base64 encoding on the Logger side and use base64 decoding on the client side to the Logger Best Practices Guide.
LOG-12222
DESCRIPTION: If you drilled down from a chart generated by a query that used both the chart and the rename operators, then the new search created by drilling down would fail.
FIX: Drilling down in a chart now works when the rename operator is used.
LOG-12044
DESCRIPTION: If you used the eval operator after the chart operator in a query, the new column added by the eval was not properly displayed in the chart. For example, if the query was | chart sum(baseEventCount) as SUM by categoryBehavior | eval NEWSUM = SUM 1000, then the chart would only show SUM, and it would be the wrong color.
FIX: The colors in a chart created using the eval operator now reflect the colors shown in its legend.
LOG-11904
DESCRIPTION: When you opened Search page from the navigation menu, it automatically started running the previously executed search. You had to cancel the search if you did not want it to run.
FIX: The search page no longer starts running the previously executed search when you open it.
LOG-11839
DESCRIPTION: When you logged into Logger, the Field set drop-down on the Search page was not displayed until you had run at least one search.
FIX: Now the Field set drop-down is available next to the Time Range drop-down so that the Field set can be selected before any search.
LOG-10695
DESCRIPTION: When a Logger user received an exported file's URL from another Logger user and tried to download the file, the user could download the CSV file successfully, but the file was empty. Since the file was not generated by the user, the download failed without any error message to the user.
FIX: Logger now displays an error message that states the user does not have the permissions to download the CSV file instead of letting the user download a 0- byte file.
LOG-10224
DESCRIPTION: Using the hostname for Peer Authorization can cause an error when performing a peered search.
FIX: Using the hostname for Peer Authorization now works as expected.
LOG-7758
DESCRIPTION: If you use the eval operator after the chart operator, the chart results do not match the results in the table. No bar is shown for the column added by the eval.
FIX: Logger now displays chart results properly when the eval operator is used after the chart operator
Configuration:
LOG-12854
DESCRIPTION: Logger Configuration Backup files could exceed the default limit of 10 MB, which could cause the restore operation to fail. This happened because Logger erroneously included some hprof files and the Forwarding Connector AUP backup update files in the Configuration Backup.
FIX: Logger Configuration Backup now excludes the hprof files in $ARCSIGHT_HOME and in the forwarding Connector's user/agent folder. It also excludes the AUP Backup files from user/agent/aup folder of the Connector, but still includes the current AUP update file.
LOG-12724
DESCRIPTION: If you ran a Configuration Backup and set the Backup Content to "Report Content Only", when you tried to restore the backed-up content, the restore failed with the error message, "The version of the backup file is not restorable." This happened because the backup did not include the correct path, and so the restore could not find the version file.
Fix: Restoring backups where the Backup Content is "Report Content Only" now works as expected.
LOG-11704
DESCRIPTION: If you attempted to restore a Logger Configuration Backup and the backup's Logger version did not match the local Logger version, the following error message was displayed: "The version of the backup file is not restorable."
FIX: When a Configuration Backup cannot be restored because the Configuration Backup's Logger version the local Logger do not match, the message is now more helpful and tells you the Configuration Backup Logger Version and the Local Logger version.
Dashboard:
LOG-13161
DESCRIPTION: Some dashboard graphs would only display data for seven days, even when you selected to display data for a longer period. For example, if you selected the CPU usage graph for a period of 30 days, you only see data in the graph going back one week.
FIX: The dashboard graphs now properly display data for periods longer than 7 days.
LOG-11907
DESCRIPTION: The Logger monitor dashboard duration drop-down, available after you select a category (such as Platform), provided only "4 hour", "Daily", and "Weekly" durations. There was no way to select durations longer than Weekly.
FIX: The duration drop-down has been improved to provide more durations. Now you can select "4 hours", "24 hours", "7 days", "30 days", "90 days", and "365 days". All the durations have been changed to use hours/days. For example,
Weekly is now 7 days.
General:
LOG-12713
DESCRIPTION: In order to install Logger, you first had to install the 32-bit glibc libraries.
FIX: Logger no longer has a dependency on the 32-bit glibc libraries, so you do not need to install them before installing Logger.
LOG-12566
DESCRIPTION: The Logger SAN model only supported a 5.4TB LUN.
FIX: Logger 6.0 supports up to 8TB of storage volume.
LOG-11760
DESCRIPTION: The Logger Administrator's Guide documented Device Event Class ID: platform:204, which was not implemented.
FIX: Removed unused Device Event Class ID: platform:204 from the documentation.
LOG-11168
DESCRIPTION: Users sometimes encountered firewall issues when trying to access Logger after installation.
FIX: Added information to the installation instructions telling users to ensure that Logger's publicly-accessible ports are allowed through any firewall rules that they have configured.
Reports:
LOG-12181
DESCRIPTION: When the account or a user that had created reports was deleted, those reports were orphaned and could not be run nor deleted.
FIX: These reports can now be access by the administrator and either run or modified. Also, when a user whose account has created reports, a warning is displayed saying that the user's reports will no longer be available.
LOG-11876
DESCRIPTION: When a Report timed out (after 4 hours for a Scheduled Report and 1 hour for an Ad hoc Report), it was killed with no notice to the user.
FIX: Logger now notifies the user of Report timeouts and other important information. This is dependent on the "Job Error Mail To" field being filled in with a valid email address at Reports > Report Administration.
LOG-9991
DESCRIPTION: Specifying a "Scan Limit" with a value larger than the default 100K did not take effect. Since the filter only applied to the first 100K records matched from the report query, the generated report did not display the correct filtered records.
FIX: Specifying a "Scan Limit" with a value larger than the default 100K now works as expected.
Summary:
LOG-11698
DESCRIPTION: The user session did not time out on Logger's Summary page and custom Dashboards. This happened because any panel that updated its contents automatically extended the user session.
FIX: Logger has been improved so that the user session is not extended by the Summary/Dashboards page updates.
LOG-10084
DESCRIPTION: The Count value displayed on the Summary page may be slightly different from the Hit value on the Search page for the same field.
Understanding: These differences can occur for various reasons including the following:
• There may have been a delay between the time when the count was displayed on the Summary page and when the search query was run on the Search page.
• Indexing can lag behind when there are large number of incoming events, thus causing a discrepancy between the Count on the Summary page and Hit value on the Search page.
System Admin:
LOG-13397
DESCRIPTION: After upgrading to Logger 5.5, 6.0, or any version with an open appliance, there will no longer be a challenge response when you log into the appliance as root via SSH.
FIX: SSH access to the appliance is disabled by default.
Important: HP strongly recommends that you must change the root password for
your appliance as soon as the upgrade completes.
LOG-12931
DESCRIPTION: NFS mounts with special characters in their Name could be created but not deleted.
FIX: NFS mounts with characters in their Name others than alphanumeric, dash and underscore can no longer be created.
LOG-11712
DESCRIPTION: Certificates that had spaces in their names did not work correctly. If you clicked the link to view the details of the certificate, the certificate appeared to have no content. If you tried to delete that certificate, it still remained in the list of certificates.
FIX: Now Logger checks the certificate alias so that only alphanumeric characters and hyphen are allowed in the alias.
LOG-10187
DESCRIPTION: The Device Event Class ID of the system health event Disk/Monitor/Disk/Space/Remaining/ in the Logger Administrator's Guide was incorrect.
FIX: Updated the documentation to include the correct Device Event Class ID: Disk /Monitor/Disk/Space/Remaining/Root disk:101.
Logger 6.0 Patch 1 (L7307)
LOG-13510
DESCRIPTION: Lx200 models are not supported for upgrade to Logger 6.0. However, if you attempted to run the upgrade, the process upgraded some packages before failing, leaving you with a partially upgraded system.
FIX: The upgrade process now checks the Logger model number and prevents attempts at upgrading Lx200 models to Logger 6.0.
LOG-13585
DESCRIPTION: If you ran multiple distributed reports, the first report ran fine, but subsequent reports could hang.
FIX: Subsequent reports now run as well as the first report if you run multiple distributed reports.
Logger 6.0 Patch 2 (L7334)
Analyze/Search:
LOG-13574
DESCRIPTION: If you ran a peer search that ran for a long time or scanned a large number of events, the search screen continued to indicate that the search was running (displayed the rotating circle), even though the search was finished and the scanned events count was constant. If you clicked cancel, the UI indicated that the search was cancelled.
FIX: Peer searches now end when the search is finished, as expected.
Logger 6.1 (L7491)
Analyze/Search:
LOG-14895
DESCRIPTION: You could click or alt-click non-searchable fields in the search results table and append them to your search. Understanding: When you run a full-text (keyword) search against raw event data (non-CEF), the search results contain system-defined fields including parser, source, sourceType. However, these system-defined fields are not searchable because they are not included in the raw event data.
FIX: The fields parser, source, sourceType fields are no longer clickable in search results grid.
LOG-13897
DESCRIPTION: The following tabs require write permission, but were not displayed if the user had both read and write permissions: "Search Indexes", "Search Options", "Default Fields", "Running Tasks", "Parsers", "Source Types", and "Data Validation".
FIX: This user permissions issue has been corrected.
LOG-13893
DESCRIPTION: The ability to expand all events or see all raw events with one click was removed.
FIX: Logger has been updated to restore this feature.
LOG-13781
DESCRIPTION: Peer search did not always not give accurate results because events in the queue were not properly retrieved and displayed.
FIX: For peer searches, all events in the event queue are now displayed as expected.
LOG-13574
DESCRIPTION: If a peer search ran for a long time or scanned a large number of events, the search screen continued to indicate that the search was running (displayed the rotating circle), even though the search was finished and the scanned events count was constant. If you clicked cancel, the UI indicated that the search was cancelled.
FIX: Peer searches now end when the search is finished, as expected.
LOG-13463
DESCRIPTION: Logger did not provide an easy way to see details of historical receiver up and down times for troubleshooting/analysis.
FIX: The up/down status of receivers has been added to internal events whose deviceEventClassId is "eps:102" in field deviceCustomString3. Additionally, if the receiver event's status is up, more information can be located in the receiver log file.
LOG-12930
DESCRIPTION: When you exported raw events to a .csv file, the rawEvent field was not separate. Instead, it was included with the entire CEF event.
FIX: Now when you export, the rawEvent field contains only the raw event.
LOG-12175
DESCRIPTION: When running searches that use certain functions, the user may see the error message, "java.lang.NumberFormatException". Understanding: Aggregation functions such as avg, stdev, stdevp, and sum only work on numeric fields. Messages like this occur when an aggregation function is used on some field of another data type.
FIX: This information was added to the Logger Administrator's Guide.
LOG-11871
DESCRIPTION: If a Search Group Filter included a Device Group and the search query included a Device Group constraint that differed from the Search Group constraint, the query failed.
FIX: The search now returns the correct number of hits when the Device Group constraint in the search query differs from that in the Search Group Filter.
LOG-11785
DESCRIPTION: The Java Virtual Machine (JVM) reported running out of memory during searches/reporting.
Understanding: HP ArcSight investigated the issue but did not find a definitive pattern. However, the product software has been fortified to mitigate issues of this nature.
LOG-11467
DESCRIPTION: Having a very large internal database could cause slower searches.
FIX: This release improves search speed on Loggers with large internal databases.
LOG-9746
DESCRIPTION: Using Internet Explorer 7, the search UI showed a spinner indicating that it was still working even though logger_mysqld.log showed that the query finished.
FIX: This issue does not occur on any currently supported browser.
Configuration:
LOG-14145
DESCRIPTION: Drop downs in the Event Archive page were sorted incorrectly.
FIX: Drop downs in the Event Archives page are now sorted numerically.
LOG-13904
DESCRIPTION: On the Logger 6.0 P1 appliance with the ArcMC agent installed, you might be unable to download logs via Logger's Configuration > Retrieve Logs function due to a file permission issue.
FIX: The file permission issue is fixed and you can retrieve logs when the ArcMC agent is installed.
LOG-13853
DESCRIPTION: The UDP receiver on the Logger sometimes stopped working when receiving agent statistics events.
FIX: The UDP receiver has been updated to handle agent statistics events properly.
LOG-13568
DESCRIPTION: No error or indication was displayed if you created a duplicate event archive.
FIX: Logger now displays an error message if you attempt to create and archive for events that have already been archived.
LOG-13545
DESCRIPTION: With Logger 6.0, you could perform or schedule data validation to check the integrity of events stored in Logger. However, Logger did not automatically let you know if there were any data integrity issues.
FIX: This release adds the ability to send email notifications of data validation results.
LOG-11550
DESCRIPTION: When you put Logger into maintenance mode and tried to run a database defrag, you sometimes encountered a divide by zero error.
FIX: This error happened when there was not enough free space to perform the defrag. Now, the defrag will return error if space is not enough. In that case, the defrag can only be done manually.
LOG-11220
DESCRIPTION: Under certain conditions, the Database Defragmentation calculations caused an arithmetic exception divide by zero. This caused error messages like the following. "Caused by: java.lang.ArithmeticException: / by zero".
FIX: Logger has been updated to correct this issue.
LOG-10248
DESCRIPTION: Under certain conditions, the Configuration Backup file incorrectly saves large heap dump files, which made the Configuration Backup file too large for Configuration Restore.
FIX: Configuration Backup now excludes heap dump files.
LOG-10247
DESCRIPTION: Under certain conditions of zero available root partition space, the Logger onboard connector configuration file became corrupted and its auto-recovery mechanism
did not complete. This preventing forwarding to ESM after recovering space in the root partition.
FIX: The onboard connector configuration file is now properly recovered to its default state and forwarding to ESM works as expected after recovering space in the root partition.
LOG-10111
DESCRIPTION: The documentation said that you could configure as many ESM Destinations as you had Smart Connectors. However, having many ESM destinations can use a lot of system resources.
FIX: The Logger Administrator's Guide has been updated to say that you should not have more than two ESM Destinations pointing to a single ESM Destination and that one should suffice for most installations.
LOG-9907
DESCRIPTION: The Event Archives page would display the following error message if you deleted a mount point that had no archives: "There are event archives which are using these invalid mounts: <name of deleted mount point>".
FIX: If a mount is deleted and no archives are present on that mount, there will no longer be an error. Logger will display the message only when appropriate.
LOG-9284
DESCRIPTION: If a scheduled event archive job took longer than three hours to run, the Scheduled Task page would incorrectly show the Scheduled Archive job as timed out after three hours, even though archive job completed successfully.
FIX: Logger now displays the job status correctly for jobs that take longer than three hours to run.
LOG-9274
DESCRIPTION: Searching Archived events was very slow.
FIX: You can now index existing archives. Searching archived events that have been indexed is as fast as searching events in local storage.
LOG-3944
DESCRIPTION: Configuration Backup does not support the Remote Directory names that contain a space, but the documentation did not relay this information.
FIX: The Logger Administrator's Guide has updated to say that Remote Directory names cannot contain spaces.
Connector Appliance:
LOG-10029
DESCRIPTION: On Logger Appliances that have integrated Connector Appliances, users could not access the Connector Appliance module after upgrading to Logger 5.2. This happened because a new "Connector Appliance Rights Group" was introduced in Logger 5.2. A user who needed to access the Connector Appliance module had to be assigned to this group.
FIX: This issue does not apply when upgrading to Logger 6.1. Since you cannot upgrade directly from Logger 5.1 or earlier to Logger 6.1, the issue will have been resolved before the upgrade to 6.1 takes place.
General:
LOG-14014
DESCRIPTION: Logger 6.0 only supported Firefox ESR 31.
FIX: Logger now supports Firefox ESR 39.
LOG-13930
DESCRIPTION: When the Logger license violation limits are exceeded, the expected behavior is for all search and reporting capabilities to be disabled. However, under these conditions, the REST API accepted the Search request, but did not return either Search results or an error message, making it appear that the search was hung.
FIX: When the license violation limits have been exceeded, the REST API now properly returns an error message when attempting to initiate a Search.
LOG-13696
DESCRIPTION: The banner text on the login screen was displayed with scroll bar if it exceeded three lines.
FIX: Now the whole banner text is displayed without scroll bars.
LOG-13601
DESCRIPTION: When creating an extract parser in Logger 6.0, you could not use the equal sign or other special characters as Key/Value delimiters or pair delimiters.
FIX: The parser fields Key/Value delimiter and Pair delimiter now correctly accept special characters as input.
LOG-13297
DESCRIPTION: The search speed improvement for using super-indexed fields in queries was not seen when the Case Sensitive Field Search Option was set to No on the Search Options page.
FIX: Using super-indexed fields now improves the case-insensitive search speed.
LOG-8164
DESCRIPTION: Logger did not include MIBs that enabled you to capture hardware monitoring information.
FIX: In Logger 6.1, we have redesigned SNMP solution based on Net-SNMP agent. Hardware health events are now handled by Net-SNMP standard MIBs. ArcSight application parameters are defined in the new ArcSight MIB (ARCSIGHT-EVENTMIB.txt).
Reports:
LOG-14264
DESCRIPTION: Upgrading Software Logger from 6.0 to 6.0 P1 or 6.0 P2 reset the settings in Reports Administration page.
FIX: Report Administration parameters are now retained when an upgrade is performed.
LOG-7540
DESCRIPTION: Logger did not enable you to display the query start and end time parameters on the report.
FIX: The report templates have been updated to include the query start and end times.
Summary:
LOG-13599
DESCRIPTION: The Summary web page panel only displays a maximum of 30 values (maximum of 3 pages of 10 values each).
FIX: Added scroll bars to the Summary panels for ease of viewing and updated the documentation to reflect this limit.
System Admin:
LOG-14770
DESCRIPTION: Logger Appliance SNMP agent OIDs did not match the associated definition in appliance.mib.
FIX: This issue no longer occurs in the new implementation of SNMP.
LOG-13891
DESCRIPTION: Logger used to sign Certificate Signing Requests (CSR) with SHA-1.
FIX: Logger has been updated to sign CSRs with SHA-256.
LOG-13668
DESCRIPTION: A rare condition caused Logger to take a very long time to start up.
FIX: Logger was enhanced to remediate this condition.
LOG-13567
DESCRIPTION: The Logger documentation stated that Logger 6.0 requires a defrag less frequently than previous versions, but did not give guidelines for this.
FIX: Added this information to the Logger Best Practices Guide.
LOG-13384
DESCRIPTION: Performing an event archive did not generate appropriate events. (logger:520, logger:525, and logger:528).
FIX: Logger now generates the appropriate events when performing an event archive. You will receive the "logger:520" event when initiating an event archive, "logger:525" upon a successful event archive, and "logger:528" for a failed event archive.
LOG-13234
DESCRIPTION: Logger only supported Transport Layer Security (TLS) 1.
FIX: This release adds support for TLS 1.1 and 1.2.
LOG-10780
DESCRIPTION: In earlier versions of Logger, the SNMP implementation was based on the snmp4j agent. One trap message included all the objects (OIDs). In some cases, the trap was too long. Therefore, the Network Management System did not recognize it.
FIX: The Logger 6.1 release includes a new SNMP implementation is based on the Net-SNMP agent and each ArcSight application object is defined as a separate notification (trap). Therefore, this problem is no longer an issue.
Upgrade:
LOG-14028
DESCRIPTION: If you upgraded Logger 5.5x to Logger 6.0x, the upgrade disabled SSH regardless of your SSH setting.
Understanding: Logger 6.0 opened up root management to the user and therefore required the user to change the password. This issue does not apply when upgrading to Logger 6.1, it would have been handled in an earlier upgrade.
FIX: Upgrading to Logger 6.1 preserves your SSH setting.
LOG-13997
DESCRIPTION: If your Logger came installed on RHEL 6.1 or 6.2, and you upgraded Logger and then upgraded the operating system to RHEL 6.5, the insp process could fail to start. (For example, this might be a Logger that came with 5.3 and was upgraded to 5.3-SP1, or a Logger that came with 5.3-SP1 and was upgraded to 6.0 (with required intermediate upgrades).
FIX: This issue does not apply when upgrading to Logger 6.1. Logger 6.1 uses RHEL 6.6 and 7.1.
Logger 6.1 Patch 1 (L7504)
Analyze/Search
LOG-15589
DESCRIPTION: When performing a distributed search for rare events across multiple peers, if one of the peer was returning results slowly, the search process could time out, causing inconsistent peer search results.
FIX: The search process has been updated and the correct search results will now be returned.
LOG-15576
DESCRIPTION: When you exported events from a search and the export all fields box was checked, some fields were not included in the exported .csv file.
FIX: Fields are now correctly populated when the export all fields box is checked.
LOG-14538
DESCRIPTION: The Query Explorer did not allow you to open and edit previously saved queries containing '\' character.
FIX: Queries containing the '\' character can now be opened and edited from the query explorer.
Logger 6.2 (L7633)
Analyze/Search
LOG-15089
DESCRIPTION: New filters created on the Search page were not appearing in the auto-complete list when you typed '$filter$<FilterName>' to show the available filters. (Filters created on the Configuration > Filters page work properly.)
FIX: New filters created on the Search page now appear in the autocomplete list.
Configuration
LOG-15083
DESCRIPTION: An error message was appearing on the page when you closed the Edit Parser menu.
FIX: The error message no longer displays.
LOG-15052
DESCRIPTION: Configuration menus "Peer Loggers" and "Peer Authorizations" were listed in the Configuration | Search category.
FIX: These menus now are grouped in the Configuration | Advanced category.
LOG-13411
DESCRIPTION: When creating or editing a scheduled alert, you could select a query that contained aggregated operators (such as "chart" and "top"), which would return an error.Scheduled alerts do not support aggregated search operators.
FIX: The query list now displays only queries not containing those aggregated search operators.
LOG-11771
DESCRIPTION: Previously, Logger scheduled reports were restricted to daily or weekly scheduling options.
FIX: You can now schedule reports monthly by specifying the day of the month and the hour of day (in 24-hour format) when you want the report to run. Monthly scheduling is not available for all report options.
LOG-8233
DESCRIPTION: Previously, there was no warning in the documentation that during a configuration backup, the Logger license is backed up, and may overwrite a newer license when the configuration is restored.
FIX: The Logger Administrator's guide now clearly instructs users about this issue.
LOG-6667
DESCRIPTION: Previously, the only backup and restore option was via Secure Copy Protocol (SCP).
FIX: You now have the option to write a configuration backup to a thumb drive or local device. For this release however, you will still need to use SCP to restore Logger after a configuration backup.
Dashboards:
LOG-15451
DESCRIPTION: After upgrading to Logger 6.1, some Dashboards were reporting that there was no data available, instead of displaying the available data correctly.
FIX: All Dashboards display available data correctly after upgrading to Logger 6.1.
LOG-15097
DESCRIPTION: When using Software Logger running on either RHEL 7.1 or CentOS 7.1, some graphs were not displaying, due to changes within the operating systems for Ethernet interfaces, from "eth-n" to "ens32."
FIX: Irrespective of the network interface name, the Dashboard graphs display correctly.
LOG-13161
DESCRIPTION: After an upgrade, some dashboard graphs would only display data for seven days, even when you selected to display data for a longer period. For example, if you selected the CPU usage graph for a period of 30 days, you would only see data in the graph going back one week.
FIX: Logger Dashboard graphs now display more than seven days of data when a longer period is selected and the data is available.
General:
LOG-16105
DESCRIPTION: For Logger 6.2 Beta, if a user has these permissions unchecked in: Logger Rights group "View registered peers" or in Logger Search group, "Search for events on remote peers", their local query attempts may fail with a
java.lang.NullPointerException message, even if no peers are configured.
FIX: The permissions issues have been corrected.
LOG-16092
DESCRIPTION: Previously, when editing a CIFS mount, Logger allowed you to include special characters in the name, which prevented the mount from appearing on the list of Remote File Systems.
FIX: Logger now accepts only alphanumeric characters, dashes (-) and underscores ( _ ) within the CIFS mount name field. Dashes and underscores cannot be the first character in the field.
LOG-15933
DESCRIPTION: On Logger appliances, when logging in to the ArcSight Platform Console following a reboot, the authentication could sometimes fail, even if the correct credentials were provided.
FIX: The ArcSight Platform Console now takes a longer time to initialize, to ensure that the Logger will be ready to process authentication requests. This matches the behavior of the ArcMC ArcSight Platform Console.
LOG-15900
DESCRIPTION: On G8 appliances, system health events like disk/cpu/raid/fan may not be generated on the first boot after upgrade to 6.1 P1. Work around was to reboot the system one more time after upgrade.
FIX: The extra reboot is not required after upgrade.
LOG-15547
DESCRIPTION: At times the Logger UI shows that Reports are in a "pending" state, even when they have already run successfully.
FIX: The Logger UI now updates with the correct Report status.
LOG-15483
DESCRIPTION: In situations where the earliest data file had the wrong receipt time, Logger could not overwrite the old data, causing Logger to hang and stop working.
FIX: Logger will allow the data file to be recycled, even if the time stamp is incorrect.
LOG-15275
DESCRIPTION: In the Logger 6.1 Release Notes, CentOS 6.6 was not mentioned as a supported OS platform.
FIX: Release Notes were reissued to include support for CentOS 6.6.
LOG-15110
DESCRIPTION: The Logger report template header could not display Japanese characters.
FIX: Logger report templates that display report parameters in the header can now display those parameters in Japanese and other languages.
LOG-15088
DESCRIPTION: Previously, hypertext links on the Event Summary by Receiver panel of the Global Summary Device page were sometimes incorrect.
FIX: These hypertext links now redirect correctly.
LOG-13538
DESCRIPTION: The time zone for Europe/Kaliningrad was displaying FET instead of EET on the Summary page and in the search results. This is a UI display issue. The time on Logger is correctly adjusted to be in the EET time zone.
FIX: EET now displays properly.
Reports:
LOG-15446
DESCRIPTION: Expired, published reports were not being properly deleted from the file system.
FIX: Expired reports are now properly deleted.
LOG-15053
DESCRIPTION: The Configuration menu option for the Running Searches page was incorrectly labeled "Running Tasks."
FIX: The Running Searches page is now available from the Configuration > Running Searches menu option.
LOG-15028
DESCRIPTION: When Japanese characters were used in a Report Caption X-axis field, the caption did not display properly when exported to PDF/XLS.
FIX: Japanese Report captions now display correctly.
LOG-14457
DESCRIPTION: Previously, if you tried to view the run options for a Scheduled Report after navigating to the Scheduled Tasks page via the Configuration menu, you could be redirected to the Intellicus Login Page. Navigating to the Scheduled Tasks page from the Reports menu did not cause this redirect.
FIX: The Scheduled Reports page is available only through the Reports menu.
System Admin:
LOG-15025
DESCRIPTION: Previously, some of the labels on the System Admin Rights menu of the System Admin > User Management > Groups tab > Default System Admin Group > Edit Group page were unclear.
FIX: The "Configure Software Installation" label is now "System Settings." The "Configure Software Installation Settings" label is now "Configure software startup options." The "System Configuration Settings" label is now "Software Startup Options."
LOG-12727
DESCRIPTION: Previously, when creating a CIFS mount, Logger allowed you to include special characters in the name, which prevented the mount from appearing on the list of Remote File Systems.
FIX: Logger now accepts only alphanumeric characters, dashes (-) and underscores ( _ ) within the CIFS mount name field. Dashes and underscores cannot be the first character in the field.
LOG-12591
DESCRIPTION: In previous Logger versions, when users requested a password reset, the URL in the generated email pointed to the IP address of the Logger's eth1 interface instead of eth0.
FIX: The URL now points to the correct IP address of the eth0 network interface.
Upgrade:
LOG-15722
DESCRIPTION: In Logger 6.0, the VMware Logger did not contain enough space on the /boot partition to allow OS upgrades.
FIX: With Logger 6.2 and 6.1, the /boot partition now has enough space to allow such OS upgrades.
Logger 6.2 Patch 1 (L7648)
Configuration:
LOG-16649
DESCRIPTION: When Logger forwarded events to ESM, the EPS could drop to zero over a period of time. This happened because of a java.util.ConcurrentModificationException error.
FIX: The java.util.ConcurrentModificationException error no longer occurs when forwarding to ESM, and the EPS rate no longer drops to zero.
General:
LOG-15402
DESCRIPTION: On Logger L7500 and L7600 appliances, platform audit events did not reflect the correct destination address for the Logger appliance.
FIX: Platform audit events now populate the correct location in the destinationAddress field.
Reports:
LOG-16324
DESCRIPTION: In some cases, Logger Reports were not working after a Backup and Restore. This happened because Logger accepted too high a value for the Scheduled Report timeout limit. Some very high numbers caused the report engine to fail.
FIX: The new limit on 'Database Connection Timeout' setting is 48 hrs (172800 seconds). The default value for the 'Database Connection Timeout' is 600 seconds.
LOG-15916
DESCRIPTION: Report category filters were not effective for peer queries. The result contained all events, whether or not they matched the filter.
FIX: Report category filters are propagated to peer queries.
LOG-15229
DESCRIPTION: The Logger Report iPackager feature did not load on later versions of Chrome.
FIX: The iPackager is no longer a Java Applet, and can now open browsers that dropped Java applet support (Chrome 48, as well as Firefox 44 and IE 11 browsers.)
LOG-14948
DESCRIPTION: When exporting Reports to Excel, some letters were dropped in fields containing formatted data, such as multi-line SQL statements with indentation.
FIX: Letters are no longer dropped in formatted data fields when Reports are exported to Excel.
Logger 6.3 (L7861)
(DO NOT USE IN PRODUCTION DUE TO LICENSE CALCULATION ISSUE)
Analyze/Search:
LOG-16739
DESCRIPTION: On rare occasions, indexing stopped completely, causing severe performance degradation for the Logger.
FIX: The Indexing function now works as expected.
LOG-16439
DESCRIPTION: The documentation did not explain clearly how to use the RESTful Search Web service to return aggregate search data from the sort, tail, and head operators.
FIX: The following information was added to the Logger documentation: Use the chart_data HTTP POST to return aggregate search data. The chart_data service returns the data you can use to display a chart and the table under the chart. It can also be used to return the results of aggregate operators like sort, tail, and head.
LOG-16431
DESCRIPTION: The documentation did not explain how to run concurrent searches.
FIX: The documentation now mentions that you can run concurrent searches by using two different browsers or a browser with a plugin that allows you to open different sessions, such as Multifox in Firefox.
LOG-16325
DESCRIPTION: Previously, when you tried to limit events in the Live Event Viewer to a particular storage group, the filter didn't work, and the search returned events from other storage groups.
FIX: The storage group filter for the Live Event Viewer now works as expected.
LOG-14897
DESCRIPTION: The documentation did not clearly explain what can and cannot be searched for in a field-based search.
FIX: The search documentation has been updated to include this information. See "Things You Should Know About Logger Searches" in the "Searching and Analyzing Events" section of the Logger Admin Guide.
LOG-14896
DESCRIPTION: Previously, when performing a full-text (keyword) search, the user interface did not differentiate between fields that are system-defined, which cannot be searched, and searchable event data columns such as device, DeviceHostName, message, and so on.
FIX: Event data is now color-coded, to help identify indexed, super-indexed, and other searchable fields. System-defined fields are included in the search results, but they are not searchable, because they contain no event data. To tell if a field is searchable, hover over it. If it highlights, it is searchable, if it does not, you cannot search on that term.
LOG-14814
DESCRIPTION: By default, NULL values were not included in Logger search results, an you had to explicitly call out NULL values with <field> IS NOT NULL or <field> IS NULL. If you wanted to change this, you had to contact support.
FIX: Logger can now be configured to make NOT search conditions include NULL values from the Configuration > Search Options menu.
LOG-14020
DESCRIPTION: When performing a peer search on one peer and then immediately performing a peer search on the other peer, the search occasionally terminated prematurely and displayed the error "[Local] Error: Database Connection".
FIX: Consecutive peer searches now execute correctly.
LOG-13752
DESCRIPTION: The Search UI stops when it reaches a maximum of 1 million results. However, when exporting search results, if the Rerun Query checkbox was enabled, the query continued to the end, which could be well beyond 1 million results.
FIX: The Export Search Results function now stops when it reaches the 1 million result maximum.
LOG-12624
DESCRIPTION: Previously, local search queries that were supposed to stop when search results hit 1 million, continued to run to completion.
FIX: Local search queries now stop when Logger reaches 1 million results.
LOG-5958
DESCRIPTION: Previously, when you tried to remove a selected field in the Fieldset Editor with the left arrow button, the field did not return to the correct group.
FIX: The Fieldset Editor now works as expected, and the selected items go back to the correct groups.
Configuration:
LOG-14546
DESCRIPTION: Previously, when you saved a copy of a Saved Search containing a bad query type, the save would fail, and append the words "Copy of" many times in the Name field.
FIX: Saved Search copies containing a bad query type no longer triggers multiple "Copy of" text to the Name field.
LOG-13498
DESCRIPTION: Previously, When you tried to import an invalid file, the error message showed the file name along with the absolute path, which was not related to the error.
FIX: When you attempt to import an invalid file, the error message now displays correctly.
LOG-10605
DESCRIPTION: The Source Types page (Configuration > Source Types) was not visible to non-Admin users who did not have the correct permissions assigned to them.
FIX: The documentation now includes a reminder to assign rights from the Default Logger Rights Group and Default System Admin Group to non-Admin users who need access to Source Types.
LOG-10581
DESCRIPTION: If you delete a parser that has an associated Source Type and is being used by a Folder Follower Receiver, no warning message is displayed indicating the dependency.
FIX: A note was added to the Source Type Documentation to warn users to be cautious when deleting parsers.
LOG-6209
DESCRIPTION: Previously, the Finished Tasks page could take a long time to load, due to an accumulation of finished tasks.
FIX: You can now apply filter criteria to limit the search results. If the data that matches the provided criteria has more than 5000 rows, Logger will return only the first 5000 rows.
Dashboards
LOG-16877
DESCRIPTION: Custom dashboards with an individual receiver displayed "No data available," even when the Monitor > Receivers dashboard displayed valid information.
FIX: Custom dashboards now display available data for the receiver.
LOG-15827
DESCRIPTION: When creating a Dashboard from the Search page, if the dashboard name contained a slash (/), Logger displayed an error, but still created the Dashboard as named. This resulted in a Dashboard that users could not access or delete.
FIX: The Search documentation has been modified to advise users not to include the slash character within Dashboard names.
LOG-15500
DESCRIPTION: Previously, when mousing over data points on a Dashboard graph, the individual data point values did not display.
FIX: When mousing over data points on a Dashboard, individual data point values now display correctly.
LOG-14156
DESCRIPTION: When using Internet Explorer, the bottom of the Monitors Dashboard does not always render properly.
FIX: Maximize the Internet Explorer window when viewing the Monitors Dashboard.
Localization:
LOG-15761
DESCRIPTION: When the selected Logger interface language was something other than English, only Column-type charts displayed.
FIX: The different chart types now display correctly in all languages.
Reports:
LOG-16260
DESCRIPTION: Previously, when a single connector sent events to multiple destinations, the Daily Byte Count was sometimes inaccurate.
FIX: The Daily Byte Count now works as expected.
LOG-15392
DESCRIPTION: Previously, Logger did not support digitally signed PDF reports.
FIX: You can now enable and configure digitally signed PDF reports in Reports > Report Administration > Report Configuration dialog under Sign Document.
LOG-11292
DESCRIPTION: The documentation incorrectly included an option to package Scheduled Reports.
FIX: The incorrect option was removed from the Logger Administrator's Guide.
System Admin:
LOG-15501
DESCRIPTION: CentOS did not recognize the second hard disk you added to the VM. You had to mount it manually.
FIX: The OVA installer now handles the second hard disk correctly. The drive is automatically recognized and mounted to the correct location.
Upgrade:
LOG-17317
DESCRIPTION: Previously, the Logger System License/Update page did not prevent users from accidentally trying to upgrade their Logger Appliance using a Software Logger upgrade script.
FIX: If a software .enc upgrade file is imported to a Logger Appliance, Logger will display the error message: "Upgrade failed. Invalid enc file".
LOG-16576
DESCRIPTION: Appliance upgrade sometimes did not set file permissions correctly, causing the upgrade to fail.
FIX: Appliance upgrades now handle permissions properly.
LOG-16571
DESCRIPTION: When upgrading to Logger 6.2, the installer timed out if the mount locations if they were in the /opt/mnt directory.
FIX: The Logger upgrade installer can now complete the upgrade even when the mount locations are in the /opt/mnt directory.
Logger 6.3.1 (L7874)
Configuration:
LOG-17734
DESCRIPTION: Data Volume calculations were not accurate in Logger 6.3. Consequently, the Configuration > Data Volume page displayed inaccurate data and the 5-day license violation feature lockout could be triggered erroneously.
FIX: Data Volume calculations have been fixed. The Configuration > Data page now displays the accurate Data Volume information and the license violation feature now works as expected.
LOG-17049
DESCRIPTION: Parser-created search event fields were not displaying in the search results.
FIX: Parser-created fields now display as expected.
System Admin:
LOG-17664
DESCRIPTION: Logger did not have the option to remain permanently on Daylight Savings Time (DST), which customers in Turkey now require.
FIX: Software Logger now provides an option to install an updated tzdata file during installation or upgrade, which resolves the issue. Users who do not need this fix can continue without the time zone upgrade. For Logger appliances, the upgrade automatically installs the 2016g timezone data if has not already been installed on the system.
LOG-17617
DESCRIPTION: After upgrading to Logger 6.3, G8 appliances no longer responded to ICMP requests, such as ping requests.
FIX: This is resolved by upgrading to Logger 6.3.1. After the upgrade, ICMP requests function as expected.
Logger 6.4 (L8117)
Analyze/Search:
LOG-17465
DESCRIPTION: It was taking 20 minutes to open the Configuration > Scheduled Searches/Alerts page. A bug triggered a new search for each Scheduled search or alert when opening the page.
FIX: Opening the Scheduled Searches/Alerts page no longer triggers new searches, reducing the time it takes to load the page.
LOG-17440
DESCRIPTION: If the first 30 characters of a report chart column heading or stacked column were the same, Logger would sometimes stack the data incorrectly.
FIX: Logger now compares the entire column name, and data columns stack correctly.
LOG-17419
DESCRIPTION: Previously, when you indexed a field, the correct field type color icon would not display until Logger restarted.
FIX: The indexed field displays the correct color icon for an indexed field without restarting Logger.
LOG-16498
DESCRIPTION: Previously, users were unable to run multiple searches in one browser session.
FIX: Users can now run multiple simultaneous searches in the same browser session.
LOG-16348
DESCRIPTION: When exporting search results with all fields included, custom fields are not exported.
FIX: Custom fields are now exported correctly.
LOG-14262
DESCRIPTION: Some internal Logger events used incorrect field notation.
FIX: The Logger internal events now use correct notation for the fields.
LOG-7864
DESCRIPTION: The time in the agentReceiptTime fields was not in human-readable format when exported.
Understanding: Logger records time field values in UNIX epoch format (long values).
Fixed: Now the agentReceiptTime is exported in human-readable format.
LOG-5618
DESCRIPTION: Searches on the requestURL field were very slow because that field could not be indexed.
FIX: You can now index requestURL field. If you do this, searching on requestURL will be much faster. When indexed, the requestURLfield requires a lot of storage space. Be sure to account for the increased storage requirements in your planning.
Configuration:
LOG-18384
DESCRIPTION: In Logger v.6.3, some users were unsure of where to upload the LDAP over SSL trusted certificate.
FIX: A cross-reference was added to the 6.4 "LDAPS Authentication" documentation, referencing the "Uploading Trusted Certificates" topic.
LOG-17734
DESCRIPTION: Data Volume calculations were not accurate in Logger 6.3. Consequently, the Configuration > Data Volume page displayed inaccurate data and the 5-day license violation feature lockout could be triggered erroneously.
FIX: Data Volume calculations have been fixed. The Configuration > Data page now displays the accurate Data Volume information and the license violation feature now works as expected.
LOG-17049
DESCRIPTION: Parser-created search event fields were not displaying in the search results.
FIX: Parser-created fields now display as expected.
General:
LOG-17664
DESCRIPTION: Logger did not have the option to remain permanently on Daylight Savings Time (DST), which customers in Turkey now require.
FIX: Software Logger now provides an option to install an updated tzdata file during installation or upgrade, which resolves the issue. Users who do not need this fix can continue without the time zone upgrade. For Logger appliances, the upgrade automatically installs the 2016g timezone data if has not already been installed on the system.
LOG-15114
DESCRIPTION: Logger could show ULAT instead of ULAST during Mongolia time zone Daylight Saving time.
FIX: Logger updated to tzdata2016g in release 6.3.1, and to tzdata2016j in release 6.4 which resolved the problem. For Software Logger to get the full fix, update the Logger host OS tzdata rpm files prior to upgrading Logger.
Installation:
LOG-17470
DESCRIPTION: The Logger 6.3 GUI installation wizard could stall during the "configuring" stage.
FIX: Logger v6.4 installs correctly when using the GUI mode installer.
LOG-17436
DESCRIPTION: The Logger documentation did not explain how to set the group ID and user ID when installing and upgrading Logger.
FIX: This information was added to the Logger 6.4 Installation Guide and Release Notes.
Related Products:
LOG-18268
DESCRIPTION: Some Active Loggers managed by ArcMC 2.5 failed to report their data consumption.
FIX: This issue is not reproducible in this release.
LOG-17869
DESCRIPTION: ArcMC Dashboard incorrectly reported Loggers in Warning state.
FIX: ArcMC Dashboard will show Loggers in warning state only when one or more enabled receivers are in unhealthy state.
Reports:
LOG-17120
DESCRIPTION: Non-ASCII characters in a report name were sometimes corrupted when customizing the report. The behavior occured only on Internet Explorer 11, and depends on the timing of user actions.
FIX: Report's name do not show unreadable characters when title is changed.
LOG-16880
DESCRIPTION: Logger reports published in iHTML format generated an empty file.
FIX: iHTML reports showing data as expected.
LOG-16825
DESCRIPTION: Users could not modify field values on-the-fly when creating reports.
FIX: You are now able to modify search values on-the-fly while creating reports.
For example, to modify the value of sourceServiceName field from COR to change to Core, follow these steps.
1. Open the report´s Query.
Drag and drop a Formula Field step in the Transformation Area.
- Select the Formula Field step.
- Add a Formula Field.
- Create the formula. (See example below.)
- Link the steps correctly (Data Source -> Formula Fields -> Format).
2. Save the Query.
3. On the report, select the Formula Field instead of the arc_sourceServiceName field.
4. Save and run the report.
Example Formula Field Formula:
var temp = "COR";
FormulaField1 = arc_sourceServiceName;
if (arc_sourceServiceName.toUpperCase().localeCompare(temp .toUpperCase()) == 0)
{FormulaField1 = "Core";}
LOG-16824
DESCRIPTION: Previously, Logger reports could not display charts from more than one query at a time.
FIX: The 6.4 Logger Reporting upgrade features Smart Reports, which can display many queries in the same report or dashboard.
LOG-16597
DESCRIPTION: When search results for the arc_destinationProcess name field are more than 30 characters long, Logger Reports may truncate the field.
FIX: This update increases the size of the field arc_destinationProcess displayed in a Logger Report from 30 to 256 characters so all characters are displayed.
LOG-15829
DESCRIPTION: You could only display 50 values on the X-axis in Logger reports. This prevented you from being able to display hourly counts for a week.
FIX: You can now display 168 values on X-axis (7*24)
To display hourly counts for a week:
1. Select the Create New Report tab or customize the desired report.
2. Navigate to the Chart tab.
3. In the Sort Order section, select the desired field and set Show (N) values to "All".
4. Save the changes and run the report.
LOG-13750
DESCRIPTION: In reports exported in PDF format, time was displayed in 12 hour format but the AM/PM was not included.
FIX: AM/PM is now included in PDF reports.
LOG-13372
DESCRIPTION: If you clicked on the graph at the top of the "Job Execution Status" page and then clicked "Last Run Status" table in the popup window, an error message appeared.
FIX: Clicking on the graph now shows the status of the reports.
LOG-12392
DESCRIPTION: You could not enable a user access published reports without also enabling them to write or edit report configuration such as queries, parameters, and scheduling.
FIX: A user right called "View all published reports" enables you to provide a user with access to published reports and not the rest of the reporting tool.
LOG-12124
DESCRIPTION: You could not see published reports without having to drill down into each specific report.
FIX: You can now use the Report Explorer to search for published reports by name.
LOG-11535
DESCRIPTION: The sourceServiceName and destinationServiceName fields were limited to 30 characters.
FIX: The size of the sourceServiceName and destinationServiceName fields were increased from 30 to 1023.
LOG-7867
DESCRIPTION: The start time and end time of the period during which a report ran could not be not shown in the report.
FIX: Start time and end time are now shown in Ad-hoc Reports.
LOG-6264
DESCRIPTION: You could not add a logo to Logger reports.
FIX: You can select the report template from the Template Styles menu option, edit the layout to add an image of your choice, and position it.
System Admin:
LOG-18603
DESCRIPTION: The RADIUS client library did not support RFC 2865.
FIX: The RADIUS client library has been updated to support RFC 2865.
LOG-18586
DESCRIPTION: On some L7600/C6600 appliances running RHEL 7.2, the OS was crashing or hanging.
FIX: Applying the RHEL 7.3 OS upgrade file included with this release will upgrade the kernel to a
more stable version and resolve this issue.
LOG-18413
DESCRIPTION: After applying an OS upgrade on a Logger appliance, an error message about a missing tzdata rpm file would sometimes display on the Retrieve Logs page.
FIX: When you apply an OS upgrade on a Logger appliance, it does not trigger the error message.
LOG-18375
DESCRIPTION: In Logger 6.3, customized logos were not always rendering to a correct display size.
FIX: Customized Logos can now be rendered to the correct display size for Logger. ArcSight suggests that you use the recommended logo size of 150 X 30 pixels.
LOG-16446
DESCRIPTION: Previously, when a Logger that was receiving events was shut down, between 3-5% of events sent to it were dropped.
FIX: Now, when Logger is shut down correctly, no events are lost.
- To shut down Software Logger, use the loggerd stop or quit commands. For more information, refer to the Software Logger command line options section of the Logger Administrator's guide.
- To shut down Logger Appliances, perform a Shutdown from the System Reboot UI. For more information refer to the System Reboot section of the Logger Administrator's guide.
LOG-16266
DESCRIPTION: On L7600 Logger Appliances, the first time you visited the System Admin > Process Status page after a reboot, some processes could appear to be in "Execution failed" state.
FIX: The UI displays the correct state of the processes on System Admin > Process Status page.
Upgrade:
LOG-18788
DESCRIPTION: Logger Search and Receivers use an auto-discovery device detection mechanism. However, if devices were manually created in versions prior to Logger 6.4, users may see the following error message during search activities: “Unexpected high bits set in a MAC-48 address.”
FIX: The pre-upgrade script will correct the manually-created device entry and allow Search to function normally.
LOG-18026
DESCRIPTION: After applying an OS upgrade on a Logger appliance, log files did not rotate as expected.
FIX: When you apply an OS upgrade on a Logger appliance, it does not interfere with log file rotation.
LOG-17827
DESCRIPTION: Logger upgrades were resetting report configuration settings to their defaults.
FIX: Report configuration settings are not affected by Logger upgrades.
LOG-17617
DESCRIPTION: After upgrading to Logger 6.3, G8 appliances no longer responded to ICMP requests, such as ping requests.
FIX: This is resolved by upgrading to Logger 6.3.1. After the upgrade, ICMP requests function as expected.
Logger 6.41 (L8132)
Analyze/Search:
LOG-17583
DESCRIPTION: After upgrade to 6.3, Logger's License Information page displayed "unavailable" or other incorrect data in the some license fields. This happened because those fields were no longer required for the license, but the License information page had not been updated to account for this change.
FIX: The License Information page now displays the correct information.
LOG-16435
DESCRIPTION: Logger was not able to do a peer search when it included the insubnet command. The Insubnet command only worked for local searches.
FIX: The insubnet works for local and peer searches as well.
LOG-14625
DESCRIPTION: When a query called more than ten fields using the "top" search operator, Logger generated no results. Logger also did not give the user an error message that the supported number of fields had been exceeded.
FIX: The top operator now returns results as expected when you use more than ten fields.
Logger 6.5 (L8152)
Analyze/Search:
LOG-18583
DESCRIPTION: Active Search reports displayed the status "InProgress", on searches with status "running".
FIX: The status of a running search is shown as "In Progress".
LOG-18568
DESCRIPTION: When cancelling a search, the results displayed in the columns: hits, scanned and elapsed, did not match the count located below the table.
FIX: The results in the columns: hits, scanned and elapsed match the count located below the table.
LOG-18463
DESCRIPTION: The Active Search columns could not be sorted.
FIX: The content in the Active Search columns can now be sorted.
Configuration:
LOG-16024
DESCRIPTION: When platform:230 and platform:201 events are forwarded from Logger to an ESM manager, the device host name and the device address are converted to localhost and 127.0.0.1, respectively.
FIX: Platform audit events have the device and deviceHostName fields filled with the address of the Logger.
LOG-10222
DESCRIPTION: The Bulk Import Parameter Values for a Pre-defined list was not available.
FIX: New option added to Bulk Import Parameter Values for a Pre-defined list.
General:
LOG-19306
DESCRIPTION: Previously, excel exported reports were not properly removing blank rows and columns. This has been resolved.
LOG-19011
DESCRIPTION: Logger message of not being managed by ArcMc, when it is actually managed by it.
FIX: ArcMC issue
LOG-18981
DESCRIPTION: One of the online help sections was not showing the description and the links.
Reporting / Using the Right Tool for the Job / Frequently-Asked Questions / What Reports Open Where?
FIX: The description and links are now being displayed.
LOG-18426
DESCRIPTION: The Active Searches green button is missing tooltip when hovering the mouse pointer over it.
FIX: Now, the Active Searches green button shows the appropriate tooltip message when hovering over the mouse pointer.
Related Products:
LOG-18875
DESCRIPTION: When Logger has an ADP License installed and it is not managed by ArcMC for more than 2 days, it displays a message on top of the screen and the data volume page tries reaching for capacity from ArcMC. Currently, there are not Standalone Licenses for G9.
FIX: Logger behaves as a Standalone license even with an installed ADP. The message is no longer shown and license capacity information from the ADP is properly shown.
Reports:
LOG-19046
DESCRIPTION: The Logger report engine is incompatible with Linux kernel version 2.6.32-696.3.2.el6.x86_64. Loggers running on RHEL 7 are not affected. Appliance customers were not affected as we never released an OS update with the bad kernel version.
FIX: Logger Software customers should upgrade their kernel to version 2.6.32-696.6.3.el6.x86_64 or later.
LOG-18969
DESCRIPTION: The Font Picker from the Report Header Style window presented size issues when clicking a drop-down.
FIX: The size of the window and the fonts were adjusted.
LOG-18889
DESCRIPTION: When clicking "refresh data" while processing a publishing request, the engine finds a cached report param XML from report data with the same report ID and executes it.
FIX: The code was modified to report param XML from request info while a report is being published.
LOG-18716
DESCRIPTION: The help page related to Report Category Filters section is pointing to a wrong help page (Default online help page).
FIX: The help page related to Report Category Filters section is pointing to the correct help page.
LOG-15653
DESCRIPTION: Logger reports fields are truncated when reaching 100 characters.
FIX: Logger reports fields are properly displayed depending on the field length.
LOG-13373
DESCRIPTION: Report "Execution Status" doesn't list the most recent jobs by default.
FIX: Report "Execution Status" now lists the most recent jobs by default ordering them by descendent execution time.
LOG-11255
DESCRIPTION: The edit action for report parameters added as favorite was not working.
FIX: The edit action now works for favorite report parameters.
LOG-8901
DESCRIPTION: If you are using an email address with more than three characters in the top-level domain (such as user @yourco.info), Logger may reject the email as invalid.
FIX: Logger now allows top-level domains with more than three characters.
LOG-7186
DESCRIPTION: If you limited a user's rights to a specific report template, the user was not able to run any reports at all and error messages were displayed when the user tried to run reports.
A user needs the right to see the parent node of the report tree in order to be able see the child node. An admin can edit permissions for individual Report folders without enabling access to levels higher on the tree. If this happens, the user cannot run or edit the reports.
This issue is partially fixed. Now, when a user's permissions are set properly, the user can view the restricted reports and run them ad-hoc, but cannot schedule the restricted reports to run later. If a user tries to schedule a restricted report, the user will see: "Unauthorized Operation: We're sorry, but you are not authorized for that operation."
Workaround: Give the user global access to all reports, then the user will be able to schedule the reports, as well as view and run them ad-hoc.
System Admin:
LOG-16757
DESCRIPTION: Logger users can be deactivated if the date_last_active database field is not updating when the user logs in. The expected behavior would be that the field gets updated anytime a user successfully authenticates.
FIX: the date_last_active field is updated when a user logs in.
Upgrade:
LOG-19128
DESCRIPTION: Some versions of the Redhat 6.9 OS upgrade package caused certain Logger processes (insp) to fail after application. This affects only L7500 appliances.
FIX: The latest RHEL 6.9 OS upgrade package does not cause this issue. Customers looking to upgrade the OS on their appliance to RHEL 6.9 should use the latest OS upgrade package.
LOG-18017
DESCRIPTION: When performing an OS upgrade on an appliance, the oldest kernel version is deleted in order to conserve space on the root partition, but the old version is still shown as an option in the GRUB menu.
FIX: Old kernel versions are now removed from the boot menu during an OS upgrade.
Logger 6.51 (L8154)
Analyze/Search:
LOG-19625
DESCRIPTION: The Active Search link, sometimes, opens two new tabs instead of one.
FIX: The Active Search link now opens in just one tab.
LOG-19222
DESCRIPTION: The Active Search link, sometimes, opens two new tabs instead of one.
FIX: The Active Search link now opens in just one tab.
LOG-19113
DESCRIPTION: When using the Logger API to run a query, if the search results reach its hit limit (1 million events by default) the status remains as "running" even though the search is completed.
FIX: Now, Logger behaves as expected and shows the actual status of the search when running a query the API.
LOG-11106
DESCRIPTION: After changing the IP address of a system sending events to Logger, the error "duplicate Logger devices" pops in Devices tab.
FIX: Error is no longer shown.
Configuration:
LOG-19721
DESCRIPTION: After upgrading Logger web UI, an error is displayed from Configuration -> Configuration Backup Error: We'are sorry, but there was an unexpected error.
FIX: Error is no longer displayed.
LOG-19633
DESCRIPTION: Logger (About page) - HPE logo displayed in black when the dark theme is active.
FIX: Logger (About page) - HPE logo is displayed in white when the dark theme is active.
LOG-11093
DESCRIPTION: Logger SNMP alerts do not send events by default, and it is not configurable.
FIX: Logger SNMP alerts do not send base events by default, however, it can be configured though following properties file: logger_processor.properties > forwarder.baseevents.send
Dashboard:
LOG-19768
DESCRIPTION: When adding a Widget from Reports <del>> Classic</del>> Dashboards -> Classic Designer -> Dashboards -> select/create a dashboard, the layout does not let you add more than one widget.
FIX: To add a new widget, click "Divide Widget Horizontally" or "Divide Widget Vertically" and split it into two widgets. The original widget remains the same and a new empty widget is placed in the dashboard layout.
Reports:
LOG-19628
DESCRIPTION: When filtering by jobs status, the chart line for "failure" (failed jobs) is displayed in blue.
FIX: chart line for failed jobs is displayed in red.
LOG-19627
DESCRIPTION: From job execution status, when filtering by date, the dates are overlapped.
FIX: From job execution status, dates are no longer overlapped when filtering by date.
LOG-19604
DESCRIPTION: Users are not able to change the initial parameters (time range and local only) for reports created based on a saved search or a filter.
FIX: Users can now change either the time range or local only fields for reports created based on a saved search or a filter.
LOG-19587
DESCRIPTION: When using a report created from Logger/Reports tab to schedule a report, these are not taking into consideration the time set from Logger in Data filter.
FIX: Scheduled reports created from Logger/Reports take into consideration the time set in Logger's Data filter.
LOG-19580
DESCRIPTION: Local Only is not getting refreshed in Data Filter when running reports.
FIX: Local Only is refreshing in Data Filter when running reports.
LOG-19441
DESCRIPTION: Reports cannot be saved in the Report Engine under the following scenarios:
New users who did not access at least one time the Reports tab.
First users of a fresh install that just accessed Logger and that did not access at least one time the Reports tab.
FIX: Users who were under the scenarios mentioned above can now save reports in the report engine.
LOG-19438
DESCRIPTION: When users run a report and they cancel it before its completion, the UI correctly shows a message indicating the report was canceled but the search action keeps executing and consuming server resources.
FIX: Now, when canceling a report, Logger cancels the action from back end as well.
LOG-19430
DESCRIPTION: After a Logger upgrade 6.5, some reports based on system fieldsets and filters may not run correctly.
FIX: After a Logger upgrade 6.5, the reports based on system fieldsets and filters run as expected.
LOG-19383
DESCRIPTION: When trying to run a particular report twice or more, it is not refreshed with different parameters (start date, end date and scan limit) from the ones showed during the first execution.
FIX: When trying to run a particular report twice or more, it is now evaluating and executing the report with the new parameters provided by the user (start date, end date and scan limit).
LOG-19354
DESCRIPTION: Users are not able to create Reports (Filters) after using unsaved customized fieldsets.
FIX: Users can now create reports using unsaved customized fieldsets.
LOG-19156
DESCRIPTION: Logger 6.4p1 email link goes to summary page and not to the report output.
FIX: Logger email link goes directly to the report output, if the user was previously authenticated on the system. If not, it requests the user's credentials an then, redirects him to the output of the report.
LOG-14215
DESCRIPTION: Non admin users are unable to schedule reports.
FIX: Non admin users can now schedule reports.
System Admin:
LOG-19611
DESCRIPTION: Users with limited rights can edit any scheduled reports.
FIX: Now, users can only see and edit scheduled reports that were created by them. Users with "Global access to all report objects" rights and permissions to change the report engine configuration, may see and edit all scheduled reports.
Logger 6.6 (L8204)
Analyze/Search:
LOG-20118
DESCRIPTION: Search Group Filters could not be created in version 6.5.1.
FIX: Search Group Filters can now be created.
LOG-19605
DESCRIPTION: In some searches, the results Field filter was not being displayed.
FIX: The Field filter is now displayed in all search results.
General:
LOG-19770
DESCRIPTION: Most Internet browsers have the default option of automatically downloading and saving files in an OS directory but users were not informed about it.
FIX: A pop-up message now indicates users to open or save the file before closing the tab.
LOG-19631
DESCRIPTION: Dark Theme is not correctly set when displaying the log in banner
FIX: After microfocus rebranding, the login page is going to remain the same even if the user have dark-theme active. Therefore, this issue is not present on logger 6.6
Installation:
LOG-19895
DESCRIPTION: In order to retrieve logs correctly and prevent rotation, Software Logger requires 2 Linux OS pre-installed packages: zip and unzip.
FIX: Note added to the Logger's Installation Guide 6.6
Reports:
LOG-20257
DESCRIPTION: When reports with chart controls displayed zero record count, the report execution threads were not released by the reporting engine.
Therefore, the incoming report execution requests went to a queue.
FIX: On the UI, an additional HTML is used to show the message 'No Data Available' when charts do not have any data. In the case of exports, the content of the chart output was modified by appending this message. Also, a timeout was a applied at a Report Engine level and after a certain interval, the exporting step is killed.
LOG-19865
DESCRIPTION: When viewing/sending Scheduled Reports as an "embedded email", the email body was displaying default information and not the updated information.
FIX: Now, when a user is viewing/sending Scheduled Report, the body email displays the correct information.
LOG-19776
DESCRIPTION: When selecting the radio button and then changing the report format, the email type was not being saved. Also, when publishing or performing any other scheduling action, all the report formats were listed as available in the drop-down.
FIX: Email type can now be saved when selecting the radio button even if the report format changes. Also, if a user selects a report format that is not supported for a specific action the system shows an error message.
LOG-19735
DESCRIPTION: No scrollbar available in custom and expanded reports due to a mismatch between content and HTML body height.
FIX: The scrollbar is now available in custom/expanded reports.
LOG-19593
DESCRIPTION: When saving reports, these are being saved with invalid characters.
FIX: Some special characters are considered invalid, so avoid saving reports with special characters.
LOG-19537
DESCRIPTION: When publishing scheduled reports in Fast CSV and PDF, the files generated were corrupted.
FIX: Set the SYS_ZIPPED flag as true. If sysZipped is shown as null, double click the published report from explorer.
LOG-11658
DESCRIPTION: If a user deleted a Report Category, it still appeared in the Default Logger Reports Group with enabled rights.
FIX: When a user deletes a Report Category, its rights are removed from the Default Logger Reports Group.
Upgrade:
LOG-19166
DESCRIPTION: On older OS upgrade packages, old kernels were pruned incorrectly, causing the upgrade to fail.
FIX: new OS upgrade packages correctly prune old kernel versions.
Logger 6.61 (L8214)
Analyze/Search:
LOG-20457
DESCRIPTION: After upgrading from Logger 6.5 to 6.6, Logger 'User Management' did not allow some users to see the time range in the search page.
FIX: Time range is visible in search page.
LOG-20317
DESCRIPTION: "SecureData Decryption" was enabled by default in Logger 6.6 or higher versions. Users may see padlocks in the Search page and Reports grid, even if the data was not encrypted-configured yet. When users clicked on the padlocks, the system showed an error message.
FIX: If Logger is configured with SecureData parameters, the padlocks are shown.
LOG-20253
DESCRIPTION: Logger 6.5 Data Migration failed comparing the directory after data file copy. This is due to an anomaly of RH 7.4 when using Grep command with Regex.
FIX: Anomaly of RH 7.4 is handled and Data Migration is not failing in this stage.
Configuration:
LOG-20316
DESCRIPTION: Server field in SecureData configuration was not accepting domains, only IPs.
FIX: https:// is removed in the string validation.
General:
LOG-20505
DESCRIPTION: The Report Engine system used MD5 algorithm for generating GUID while creating RPG folders, primary keys for database tables, etc. In FIPS mode, the system was writing the error in the logs although the scheduled reports were executed successfully.
FIX: The ReportEngine now uses SHA-1 algorithm.
LOG-20498
DESCRIPTION: For Logger 6.6 and forward, the search tools were missing when removing permissions from a Logger rights group.
FIX: A not null validation has been added to correct this issue.
LOG-20487
DESCRIPTION: Login Banner instructions on Admin Guide were not updated.
FIX: Instructions have been updated based on current functionality.
LOG-20438
DESCRIPTION: Error "Too many clients already" was appearing in Web UI.
FIX: The issue is now fixed.
LOG-20375
DESCRIPTION: While using the embedded email option for an increased number of data, output format was set to Text, so, an error was displayed at the time of generating reports.
FIX: Reports validate the maximum limit with a new configuration property.
LOG-20356
DESCRIPTION: The "Schedule with Page Setting as Single Sheet" option was rendering reports in a single page, utilizing more space than usual.
FIX: Report pages are rendered with horizontal breaks except for those cases in which they are exported as a spreadsheet.
LOG-20296
DESCRIPTION: Report Engine opened the port 8000 for Java Debug Wire Protocol Remote.
FIX: The values were completely removed from the starting process of the Report Engine server.
LOG-20103
DESCRIPTION: Auto refresh for search was not working on Logger.
FIX: Now, the user can enable "Auto refresh" on the search page and it is going to refresh properly.
LOG-20098
DESCRIPTION: When the client opened reports from Other Reports (under Recent Reports) using Internet Explorer, the action might have failed. However, Google Chrome and Mozilla Firefox did not present this issue. This error was happening in IE because the parameters to run a report were not set up correctly and a Number Format Exception was appearing in the system. The system received a null instead of a valid number.
FIX: Now, the system validates if the parameter is a valid number before converting it to an integer.
LOG-19230
DESCRIPTION: When a user was added under User Management in System Admin menu, adding an email with a ( - ) hyphen was not a valid operation.
FIX: Now, it is possible to set an email address with a hyphen.
LOG-19061
DESCRIPTION: When a data field ended with a greater than sign ">", an extra semicolon ";" was shown at the end.
FIX: Data tokenization is fixed.
LOG-9529
DESCRIPTION: When the client sent the login request to the Logger's SOAP API, it returned a non-routable address location (eg. 'localhost:<port>'): </wsdl:binding>.
FIX: Now, when the user gets the WSDL file from Logger, it will come with the current IP address and port of logger's server instead of "localhost".
LOG-4863
DESCRIPTION: Client could not set up SMTP authentication when performing SMTP configuration.
FIX: New feature is added.
Reports:
LOG-20371
DESCRIPTION: The system was returning an empty report in the option "Explorer". This was happening because the Report Engine server did not send the correct output to the Web client in this particular option.
FIX: The Report Engine is sending the correct output of the published report.
LOG-20355
DESCRIPTION: Scheduled reports displayed an "Out of memory" error popped in the report engine (logs).
FIX: Reports validate the maximum limit with a new configuration property.
LOG-20342
DESCRIPTION: In Logger 6.6, users were not able to create Smart Reports with a matrix.
FIX: Now, users can create Smart Reports with a matrix.
LOG-20340
DESCRIPTION: When creating a report with graph base and the"SecureData Decryption" enabled, the action was associated to the current user and the system displayed a message: "Error in drawing chart. Report server failed to update the post view properties of the report because Report OID cannot be null". Consequently, the chart was not created.
FIX: Issue is fixed and now clients can create charts.
System Admin:
LOG-20199
DESCRIPTION: When attempted to delete a new user by Logger from System Admin> User Management, the following error appeared: "Failed to delete users Error communicating to web server. Please reload browser and retry operation."
FIX: Users can be deleted successfully.
LOG-18599
DESCRIPTION: SNMP V3 traps were sent in plaintext with the username and message payload in plaintext.
FIX: SNMP V3 trap payloads are sent encrypted using the configured privacy and authentication parameters. As per the SNMP V3 RFC, the message username cannot be encrypted.
Logger 6.7 (L8242)
Analyze/Search:
LOG-20492
DESCRIPTION: Deleted search group filters still appeared when running a report causing the following error: "Unable to save additional parameters".
FIX: A new validation has been added. Deleted filter in the Report Category is automatically removed from reports.
LOG-20402
DESCRIPTION: If fields contained Event Time, an error "code: 1100" was displayed on Search Restful API.
FIX: Search Restful API returns correctly the events even when fields contains Event Time.
LOG-18018
DESCRIPTION: Cells from columns with square brackets in the field name were not displayed correctly.
FIX: The issue has been fixed.
LOG-19635
DESCRIPTION: If you performed a search in Logger using the pipe to fields option, the results were populated as expected. However, if results were exported to a .csv file, all the timestamps were in epoch time format.
FIX: Results are now exported in csv file format.
General:
LOG-20977
DESCRIPTION: Customer was unable to confirm if updates on RHEL were applied to Logger 6.7.
FIX: Updates have been applied.
LOG-20592
DESCRIPTION: After a fresh Install and some time of Logger usage, in invalid license error was displayed: "Logger has exceeded its data volume limit 0 times in the last 30 days.".
FIX: Restart the Logger Services.
LOG-20461
DESCRIPTION: Client requested Device Custom IPV6 address 1-4 to be added to Logger so it can be indexed.
FIX: Device Custom IPV6 addresses have been added
LOG-20198
DESCRIPTION: Error messages reporting that several default SSH keys could not be loaded by SSHD. These messages were harmless, but showed up in the logs.
FIX: Changed the method that SSH keys are generated to support more key types.
LOG-15794
DESCRIPTION: Customer was unable to confirm if RHEL used was affected by issue described at http://www.kb.cert.org/vuls/id/576313.
FIX: JDK and Java versions used are not among the affected versions.
LOG-11256
DESCRIPTION: Stored attributes for events logger:520 and logger:525 were not accurate in comparison with documentation.
FIX: The issue has been fixed.
LOG-11794
DESCRIPTION: Customer requested Add sourceTranslatedPort as an indexable field on Logger.
FIX: Custom field has been added.
Configuration:
DESCRIPTION: CategoryDeviceType field were not added in the logger schema as a predefined field.
FIX: Field parameters have been inserted.
LOG-20685
DESCRIPTION: On ArcMC 2.8 appliance, the SNMPV3 feature did not work.
FIX: The feature works now properly.
LOG-20688
DESCRIPTION: When Logger appliance/ArcMC appliance was enabled using SNMPV3 snmp-agents, it displayed an AuthenicationFailure Trap.
FIX: snmp-agents are now configured using V3.
LOG-20504
DESCRIPTION: Certificate SMTP fields did not change from enabled to disable when the Enable SMTP AUTH Mode checkbox was unchecked. Disabled fields did not become gray.
FIX: Upload Cert File SMTP Primary and Upload Cert File SMTP Backup are correctly disabled.
LOG-20503
DESCRIPTION: User entered and saved invalid data in the Backup SMTP Server Port without any error message being displayed.
FIX: System displays a error message if attempting to save invalid data.
LOG-18920
DESCRIPTION: Unable to add Lookup Files (from the Configuration menu).
FIX: Add the following rights: "View Lookup Files" and "Edit, save and remove Lookup Files."
LOG-18779
DESCRIPTION: When upgrading from 6.1 patch 1 to 6.3 patch 1 some Japanese characters were not viewed in Setting > Schedule Task> Completed task.
FIX: Japanese characters are correctly displayed.
LOG-17782
DESCRIPTION: On 6.3 Logger Appliance, deviceEventClassid Storagegroup:100 showed loopback address instead of Logger IP.
FIX: The issue has been fixed
LOG-21224
DESCRIPTION: When attempting to create an EB receiver using Logger 6.5 or 6.6.1 and EB 2.21, the following error on UI was displayed: "Failed to retrieve meta data from eb". Same error happened when trying to enable the created receiver.
FIX: A new EB receiver is created and enabled and can receive events from eb-cef topic.
Dashboard:
LOG-18272
DESCRIPTION: Logger dashboard was limited to only display the graphs for the first hard disk named SDA. " No data available" message appeared for graphs from other disks.
FIX: Now Dashboard can show the proper graphs of each disks if the user has more than one hard drive.
LOG-16998
DESCRIPTION: The system filters "Root Partition Below 10 Percent" and "Root Partition Below 5 Percent" were missing a space in the default query which can result in incorrect search results.
FIX: missing space has been added before query is executed.
System Admin:
LOG-20687
DESCRIPTION: After successful upgrade from Logger 6.5.0 to 6.5.1, if non-root user name contained [_], the system Admin page got blocked. Logger WebUI displayed a message stating data volume limit was reached locking the Logger.
FIX: The issue has been fixed.
LOG-18388
DESCRIPTION: On G8, SNMP polling for power supply, fan, and temperature was not supported on ArcSight appliances.
FIX: Polling for hardware parameters is supported.
LOG-17474
DESCRIPTION: "SNMP Polling Configuration failed using GUI, Error on the pooler indicated that the username did not exist.
FIX: SNMP configuration is set without any errors throughout the GUI
LOG-17230
DESCRIPTION: SNMP Health statistics fix did not contain the necessary information to resolve the issue.
FIX: Issue has been fixed updating LOG-16759
LOG-16759
DESCRIPTION: For G9, SNMP polling for power supply, fan and temperature parameters was not supported on Micro Focus Proliant appliances.
Fix:
1. Install the following two RPM files on your ArcSight appliance:
hp-health-10.80-1855.21.rhel7.x86_64.rpm
hp-snmp-agents-10.80-2965.21.rhel7.x86_64.rpm
Download available at: https://microfocusinternational.sharepoint.com/teams/IMG-TSG-I
2. Download the following MIB files and copy them to the /usr/share/snmp/mibs folder on your ArcSight appliance:
cpqhlth.mib cpqhost.mib
cpqsinfo.mib
3. From https://microfocusinternational.sharepoint.com, import the MIB files into the network management system
LOG-10196
DESCRIPTION: Ocasionally, the System Admin -> RAID Controller page on an L7400 and L7400-SAN got truncated and only displayed "General Controller Information"
FIX: Issue no longer appears in Logger 6.7 on G8 nor G9.
LOG-21396
DESCRIPTION: User is disconnected from SSH session after a 60 second period of inactivity.
Workaround: Configure sending keepalive packets in the SSH client.
Reports:
LOG-20937
DESCRIPTION: Logger reports did not display correctly AM/PM date formats.
FIX: The issue has been fixed.
LOG-20887
DESCRIPTION: "Device group" and "Storage Group" sections were not displayed while scheduling a report.
FIX: The issue has been fixed.
LOG-20441
DESCRIPTION: When previewing/exporting Classic Reports in dark theme, the reports were displayed in a dark background and consequently printed in the same way increasing not only the amount of dark toner used but also its cost.
FIX: The dark theme is no longer enabled in the preview/export option and these reports are printed in a white background.
LOG-20442
DESCRIPTION: When Search Group Filter was deleted, the Map File (/opt/arcsight/userdata/logger/user/logger) was not removed and entries still existed causing running AdHoc Reports to fail (Error “Unable to load additional parameters”).
FIX: Map Files are removed after Search Group Filter is deleted.
LOG-19765
DESCRIPTION: When exporting the results of a report in a CSV file, some column names were different from the ones in the exported search CSV.
FIX: The underscores are now displayed correctly.
Logger 6.7.1 (L8253)
Analyze/Search:
LOG-21471
DESCRIPTION: "Enable Global ID” box was not checked after fresh install or 6.7 upgrade despite it was set by default.
FIX: Save the Global ID configuration. Once it is saved, the actual behavior and the UI of Global ID configuration is consistent.
LOG-21808
DESCRIPTION: When the Global ID was enabled, a lot of BufferOverflowException were displayed in Logger Receiver.
FIX: Issue has been fixed.
Configuration:
LOG-21437
DESCRIPTION: When saving the information for the first time, SMTP data synchronization displayed an error. Logger and Report Engine synchronization took more time than time out range period.
FIX: Time out period has been extended.
LOG-21432
DESCRIPTION: "User was unable to save a SMTP configuration after it retrieved an exception. Logger displayed the following message: We encountered a problem saving the data. Try saving the data again. Error SMTP is on synchronization, please try again later.
FIX: SMTP configuration can be saved.
LOG-21398
DESCRIPTION: After an upgrade from Logger 6.6.x to 6.7.0, Backup SMTP server port was not seen in the UI.
FIX: Backup SMTP server port is visible in the UI after upgrade to 6.71.
LOG-21377
DESCRIPTION: Logger Web Process was running out of memory when Logger Dashboard was refreshed constantly.
FIX: memory has been increased.
LOG-12227
DESCRIPTION: When it was configured eth0 with a static IP netmask and gateway & eth1 with a different static IP in a Logger with RHEL 6.1, one of the NCIS configured interface dropped the incoming packets.
FIX: Issue has been fixed.
LOG-21339
DESCRIPTION: User was unable to create an eventbroker receiver as an error message was displayed when entered the hostname for the eventbroker Kafka node servers.
FIX: Receiver with EB broker nodes in either an IP Address or hostname format can be succesfully added.
Dashboard:
LOG-21402
DESCRIPTION: Cancel button on Dashboard > Saved Search disappeared while saved search was being executed.
FIX: Cancel button remains available until saved search process is completed.
General:
LOG-21472
DESCRIPTION: The following sections were not updated in the 6.7 online help: 1.
Retrieve Logs. 2.
Storage Volume. 3.
SSH Access to Appliance. 4.
Using Global ID. 5.
The Smart Report Designer. 6.
Report Filters.
FIX: Information has been added
System Admin:
LOG-21517
DESCRIPTION: User was disconnected from SSH session after a 60 second period of inactivity.
FIX: Now, user is disconnected after a 15 minute period of inactivity.
Reports:
LOG-21580
DESCRIPTION: When Logger search result was exported to a CSV format, odd characters were displayed instead of the original Chinese characters.
FIX: Chinese characters are displayed correctly.
LOG-21541
DESCRIPTION: Customer was unable to generate a report with graphics in PDF format. If a report was previously executed and later exported in PDF or Word, graphic was not retrieved.
FIX: Reports with graphics are now executed and exported in any format.
LOG-20126
DESCRIPTION: When Logger search result was exported to a CSV format, original Chinese characters were not correctly displayed.
FIX: Chinese characters are displayed correctly.
LOG-21223
DESCRIPTION: When exporting an SMART report in MS Excel format, results were in blank.
FIX: results are correctly displayed in all formats.
LOG-19646
DESCRIPTION: Upcoming jobs were displayed in Job Execution Status page.
FIX: Upcoming jobs are not longer displayed in Job Execution Status page
Upgrade:
LOG-21441
DESCRIPTION: One of the Logger validation processes was not updated with the correct OS version supported.
FIX: Issue has been fixed.
LOG-21259
DESCRIPTION: When Parser was upgraded on SmartConnector, only the framework version was updated on Logger device Version Column.
FIX: Logger Parser version is correctly displayed in the device.
LOG-17404
DESCRIPTION: When a non-root Logger that were running as a service upgraded OS to RHEL 7.2, the receiver process failed to start.
FIX: Log in as root and run the command '/sbin/ldconfig' before starting Logger.