1.24. Release Notes 1.0.3

NetSpyGlass v1.0.3

1.24.1. New features

  • this version introduces discovery and monitoring of the policy counters on Juniper SRX devices. These counters are configured on the device as part of the security policy rule actions (action “count”). NetSpyGlass discovers policy rules with action “count” and creates the following monitoring variables to track statistics:

    • jnxJsPolicyStatsInputByteRate: The number of input bytes per second or the rate that enters the FW through this policy
    • jnxJsPolicyStatsInputPacketRate: The number of input packets per second or the input packet rate of the FW through this policy
    • jnxJsPolicyStatsOutputByteRate: The number of output bytes per second or the rate associated with this policy
    • jnxJsPolicyStatsOutputPacketRate: The number of output packets per second or the rate associated with this policy
  • This version adds support for discovery and monitoring of QoS queue counters for Juniper (packet and bit rate).

  • New monitoring variable: SNMP round trip time, measured as a time it takes to receive SNMP response and exposed as monitoring variable snmpRtt (category SNMP), measured in milliseconds. The round trip time is equal to the interval between the moment when SNMP query has been sent to the device and the moment when response has been received. Note that this includes both network RTT and the time device takes to respond and therefore is always longer than network RTT measured with ping. Note that RTT can be long when device is “far” away from the monitor or when device is slow to respond.

  • New monitoring variable: per-device free time. The free time (variable monitorFreeTime, category SNMP, measured in seconds) is amount of time left inside of the polling cycle when the monitor is about to send the last SNMP query to the device. The monitor tries to spread queries over the polling interval to avoid slamming device with lots of queries very fast. It reserves 10 sec at the end of the polling cycle when it calculates the delay between subsequent queries. This means values of the variable monitorFreeTime are usually equal or less than 10 sec. When the value starts dropping and approaches zero or even becomes negative, this means monitor is running out of time. This is a sign of excessive polling because it indicates that the monitor could not send all queries to all devices in required amount of time.

  • ICMP ping monitoring. Beginning with this version, NetSpyGlass can monitor devices using ping. To do this, the server starts utility fping as a background process and feeds lists of ip addresses to ping to it. ICMP monitor is controlled by two parameters in the configuration file: monitor.fpingCommand and monitor.fpingMaxTargets. ICMP monitor is turned off by default (monitor.fpingCommand is set to an empty string). To enable it add these parameters to your configuration file. Here is an example:

    # command the monitor will use to start fping process. This is disabled by default by
    # setting command to an empty string.
    fpingCommand = "fping -Q 30 -l -p 10000"
    fpingMaxTargets = 200

    You can change fping command but be careful: NSG expects fping to work in the “loop” mode and it should print statistics in a specific format it uses, so cli options -l and -Q are mandatory. You can change the timing using parameter -p (time in milliseconds between consequtive pings sent to the same device). Fping tuning can be tricky because it makes additional delay between subsequent pings to all devices (25 ms by default). This can amount to significant time if NetSpyGlass is monitoring all ot of devices. The command above tries to be “gentle” and sends one ping to each device every 10 sec. This provides for a very little additional traffic but packet loss statistics is very coarse (just 6 packets to device during default polling interval of 60 sec).

    To avoid problems caused by the delay fping makes between sending pings to any device (that 25 ms mentioned above), NetSpyGlass starts multiple fping processes and limits number of devices each one of them pings. This is controlled by the parameter fpingMaxTargets.

    ICMP monitoring data appears in the Graphing Workbench under category ICMP.

  • This version introduces support for discovery of Dell Networking switches

1.24.2. Improvements in the Server

  • component index of the ACL counter variables has changed in this version to better disambiguate these component from other hardware components created during discovery. Unfortunately this means continuity is lost in the time series data for the variables fwCntrByteRate and fwCntrPacketRate

1.24.3. Bugs fixed in this version

  • file watcher did not recognize “include” statements in the configuraton file if they were preceded by any number of spaces. This lead to the situation where the server would not watch included config files for changes and did not reconfigure itself automatically. Typical case is when list of devices in the file devices.conf was included with indentation.
  • The bug that caused the server to not add report Python scripts to the list of watched files has been fixed. This bug meant the server did not reload report scripts when they changed. The only way to make the server reload these scripts was to modify main configuration file nw2.conf.