Release Notes SevOne NMS 7.2.0

Edit online

Below please find the Release Notes for SevOne NMS 7.2.0. Please contact your Technical Account Manager (if applicable) or Systems Engineering Team or Support Team to discuss and plan the installation. Thank you for being a customer.

Note: *** IMPORTANT - please read ***

If your SevOne NMS appliance is on SevOne NMS 7.2.0 and you are connected to your SevOne NMS appliance using the Graphical User Interface, you can click on ? in the upper-right corner to view the documentation for the page you are on in SevOne NMS.

At present, ? is taking you to SevOne NPM IBM Documentation's test environment instead of the published environment. The test environment pages are up-to-date. To fix this issue and view the published documentation, here is a workaround.
  1. SSH into your SevOne NMS virtual machine and log in as support or root user. 
    
ssh support@<SevOne NMS appliance IP address or hostname>
    OR 
    
ssh root@<SevOne NMS appliance IP address or hostname>
  2. Execute the following commands. 
    
sed -i 's/ibmdocs-test.dcs.ibm.com/www.ibm.com/' /etc/sevone/nms.yaml

nms

sed -i 's#$MANUAL_BASEURL#https://ibm.com/docs/en/sevone-npm/#' /config/php-fpm.conf && supervisorctl restart php-fpm

Published documentation for SevOne NPM 7.2.x can also be accessed directly from SevOne NPM 7.2.x.

Browser Requirements

Edit online

Minimum Resolution: 1200x768 Browsers:

  • Modern, standards-compliant browser
  • JavaScript enabled
  • Pop-up blocker disabled for hostname/IP

The following browsers are supported in the current versions of SevOne. SevOne recommends use of the latest version of your preferred (supported) browser.

Vendor Family SevOne NMS 7.2
Google Chrome (latest) Tested, Supported, & Recommended
Mozilla Firefox (latest) Tested & Supported
Microsoft Edge (latest) Supported (with limited testing performed)
Apple Safari (latest) Supported

Tested = Complete UI regression testing completed prior to release of updates.

Supported = Developer-led testing and resolution of any customer reported defects. No complete UI regression test is performed.

Facts & Requirements

Edit online
  • SevOne NMS on Red Hat Enterprise Linux (RHEL) release 8.10 (Ootpa)
  • SevOne Data Insight 7.x is compatible with both SevOne NMS 6.8.x and 7.x versions
    Note: If you are using SevOne NMS versions earlier than 6.8.x or later than 7.x in combination with SevOne Data Insight 7.x, SevOne does not guarantee full feature compatibility or expected performance.
  • SOA must be running the same version as SevOne NMS, or a higher version
Note: For details on SevOne Data Insight, please refer to its guides and Release Notes.

Containers

Edit online
Important: Containerization

As of SevOne NMS 7.0.0, SevOne is distributed using container technology, allowing a more confident deployment of the software. To run administrative commands on a SevOne appliance, the administrator must now execute commands in the context of the intended container.

By default, the container deployment of SevOne is set to be read-only.

CAUTION: stopIcon DO NOT proceed to SevOne NMS 7.0 or above if you have Expert Labs customizations. Please contact Expert Labs first. If you have deployed any of your own custom scripting, you may also require amendment(s) to these custom scripts if writing to directory structures that are now in the read-only pod.
  • The host and the container each has its own ssh config; both for the server and the client.
  • To ssh as root, you must use the sudo command.
For details on how to connect IBM SevOne NMS appliance to the Command Line Interface where SevOne NMS software runs in podman containers, please refer to SevOne NMS Connect Appliance using Command Line Interface.

For additional details, please refer to SevOne NMS System Administration Guide and / or SevOne NMS User Guide.

Other Notices

Edit online
Note: Prior to SevOne NMS 7.0, if you had /etc/sysctl.d/99-sysctl.conf file and had modified net.ipv4.ip_forward, then after the upgrade to SevOne NMS 7.0 or above, you will need to instead create /etc/sysctl.d/90-custom.conf file and add net.ipv4.ip_forward = 0 to it.
Note: Starting SevOne NMS 6.1, SevOne stores backups of installed hot-patch bundles in /opt/patches.

/opt/patches is a reserved directory; please refrain from making any modifications.

Note: Applies to SevOne NMS 6.8 and prior releases only

During the initial deployment, when you execute SevOne-fix-ssh-keys, it produces /root/.ssh/authorized_keys file which contains your cluster's public keys.

If you have custom keys, the keys must be added to /root/.ssh/custom_keys.pub file.

  • if /root/.ssh/custom_keys.pub file does not exist, using a text editor of your choice, add the new custom key(s) to it.
  • if /root/.ssh/custom_keys.pub file already exists, concatenate the new custom key(s) after the existing custom keys in the file.

To persist the custom keys added in /root/.ssh/custom_keys.pub file, run SevOne-fix-ssh-keys script for the keys in /root/.ssh/custom_keys.pub file to be automatically added in /root/.ssh/authorized_keys file. The /root/.ssh/authorized_keys file will now contain your cluster's public keys along with a set of custom keys stored locally in /root/.ssh/custom_keys.pub file.

Retains 'all' keys - cluster's public keys & custom keys 

SevOne-fix-ssh-keys

Third-Party Packages / Resources Required

Edit online

The following are third-party packages updated to address security.

This is a list of third-party packages updated to address security.
Package Version

General

 Kafka For SevOne Data Bus 7.2.0,
  • Internal Kafka Client (for SDP): sarama 1.45.0
  • NMS Kafka Server : 3.4.1 (version must be < 4.x)

Upstream package used for Kafka, provided by RedHat: OpenJDK v21.0.7
Kernel

4.18.0-553.36.1.el8_10.x86_64

NOTE: The kernel will automatically get installed as part of the upgrade and will be loaded after the reboot of the appliance.
MySQL 10.6.21-MariaDB
nginx 1.24.0-1
PHP

8.3.16-1.el8

NOTE: To consume PHP 8, please contact Expert Labs if assistance is needed.
REST API 2.1.47
xStats Adapter 2.1.11
Signature Tools
Note: The latest files can be downloaded from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support Team for the file.

Once you have downloaded the package, unpack the fix / upgrade packs to obtain the required files.

  • signature-tools-2.0.3-build.1.tgz
  • signature-tools-2.0.3-build.1.tgz.sha256.txt
Artifacts
Note: For new installs / upgrades / downgrades,

the latest TAR and CHECKSUM files can be downloaded from IBM Passport Advantage (https://www.ibm.com/software/passportadvantage/pao_download_software.html) via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support Team for the file.

Once you have downloaded the package, unpack the fix / upgrade packs to obtain the required files.

  • TAR / CHECKSUM Upgrade:
    • v7.2.0-build20250217-135025-3224d91f.tar.gz
    • v7.2.0-build20250217-135025-3224d91f.tar.gz.sha256.txt
  • TAR / CHECKSUM Downgrade
    • v7.2.0-to-v7.1.0-build20250217-135025-3224d91f.tar.gz
    • v7.2.0-to-v7.1.0-build20250217-135025-3224d91f.tar.gz.sha256.txt
  • ISO / CHECKSUM
    • nms-7.2.0-20250217-135025-3224d91f.iso
    • nms-7.2.0-20250217-135025-3224d91f.iso.sha256.txt
  • AWS OVA - nms-7.2.0-20250217-135025-3224d91f-ami.ova
  • OVA - nms-7.2.0-20250217-135025-3224d91f.ova
  • QCOW2
    • nms-7.2.0-20250217-135025-3224d91f.qcow2
    • nms-7.2.0-20250217-135025-3224d91f.qcow2.sha256.txt
  • VHD
    • nms-7.2.0-20250217-135025-3224d91f.vhd.gz
    • nms-7.2.0-20250217-135025-3224d91f.vhd.gz.sha256.txt
Fabric Azure Windows 2008 (modified)
Hypervisor OpenStack >= 10.a
VMware
  • Intel-VT or AMD-V CPU extensions
  • ESXi 5.0 and later (VM version 8) - minimum requirement
  • Tested with vSphere Client version 7.0 (ESXi 7.0 and later; VM version 8)

Planning & Preparation

Edit online
  • Prior to applying the patch, system creates a backup of the files and puts them into an archived file to be reverted.

  • Total Upgrade Time and Polling Outage: On a cluster consisting of 20 x (PAS 200Ks, DNCs, HSAs), upgrade takes approximately 1 hour 45 minutes. The polling outage on this cluster ranged from 2 minutes to 5 minutes. Polling outages can be slightly higher when a MySQL restart is required and it does not include the time it takes for the reboot of a new kernel. Depending on the cluster and load per appliance, times will vary. The total Netflow outage for this cluster ranged from 10 minutes to 15 minutes. Netflow outage can be up to 2 hours since the Netflow shortterm tables which hold 2 hours of data, do not get backed up when MySQL is restarted.

    Important: When a new flow interface is setup with a DNC at capacity, the system collects all existing allowed flows and denies any new flows.
  • The number of peers in a cluster must not exceed 200 peers; this includes the HSAs. This limit is due to MySQL replication maintainer.

  • On large deployments, Object Groups may take 15 minutes to update.

Forward / Reverse Migrations

Edit online

Please refer to SevOne NMS Upgrade Process Guide published with this release for details on forward / reverse (upgrade / downgrade) migrations. The latest tarball files can be downloaded from IBM Passport Advantage via Passport Advantage Online. However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact SevOne Support Team for the forward / reverse migration files.

Once you have downloaded the package, unpack the fix / upgrade packs to obtain the required files.

New Features / Enhancements

Edit online
  • Google Cloud Platform introduced in SevOne NMS to allow you to store, manage, and analyze data. Also used for developing, deploying, and scaling applications on Google's environment.
  • New Wi-Fi Plugin added to reduce install and setup time.
Important: IMPORTANT
If you want to upgrade SevOne NMS to SevOne NMS 7.2 and you are currently on SevOne NMS version below SevOne NMS 6.1, you must:
  • upgrade from SevOne NMS version below SevOne NMS 6.1 to SevOne NMS 6.7
  • then, upgrade from SevOne NMS 6.7 to SevOne NMS 6.8 or SevOne NMS 7.0.1+
  • now, from SevOne NMS 7.0.1+ you can upgrade to 7.2.

Resolved Issues

Edit online
Component/s Key Resolved Issues
Collection Windows S1NPM-77746 Platform: WMI Proxies configuration now ships with a 64-bit compatible WMI Proxy setup executable (setup64.exe).
Device Profiles S1NPM-77786 Platform: Improved load performance of Cluster Manager page.
NMS S1NPM-77788 Device Types: Allows user to INCLUDE / EXCLUDE a device rule.
Collection xStats + Deferred S1NPM-77884 Platform: Synthetic Indicator is now evaluated when the data point goes into backfill task of process SevOne-ingestion-resolved.
Collection xStats / Deferred S1NPM-78009 Platform: kafka_inspector stream --topic dispatchd_metrics is now sending valid data to Kafka.
Platform Clustering S1NPM-78013 Device Move: If a failure happens during the device move, the longterm tables that have already moved, no longer exist. SevOne-device-mover will only attempt to move the tables that have not yet moved.
Analytic Threshold / Anomaly S1NPM-78082 Policy Browser: For Technology Type = Flow, Trigger Conditions tab > field Duration must be between 1 and 60 minutes. If the value for duration is not set correctly, user will get message Duration must be between 1 and 60 minutes.
Collection Windows S1NPM-78089 WMI Proxy: Can now escape backslashes in instance names properly.
Analytic Threshold / Anomaly S1NPM-93652

Platform:

  • Unnecessary variable binding removed from SNMPv1 traps emitted by SevOne.
  • Trap OID associated with flow traps sent via SNMPv1 has been fixed.
Platform S1NPM-95753 Policy Editor: If Technology Type is Flow and no custom field is selected, field Filter is now set to default value None.
Analytic Calculation S1NPM-95807 Object Types: For SNMP Poller, object type SevOne Process now contains synthetic atomic indicator types, trapTrapsKnown and trapTrapsUnknown.
Platform S1NPM-96124 Platform: Additional messages added to correctly represent the reason for the failure when adding a device tag.
Collection xStats / Deferred S1NPM-96129 Platform: SevOne-fcad now logs the boost exception rather than the inaccurate / misleading hardcoded log messages.
Platform Clustering S1NPM-96157 Platform Clustering: SevOne-act cluster migrate-data no longer takes hours to estimate how long the migrate data process will take on a DNC to a DNC HSA.
Grouping / Metadata S1NPM-96711 Platform: From NMS container and with NMS on MariaDB now, SevOne-act check rules can now properly check the rules with improper / invalid RegEx.
Security / Compliance S1NPM-96943 Platform: Last login of SAML is now updated.
Security / Compliance S1NPM-97081 Platform: Allows user to proceed with the login even when no valid API key is found.
NMS S1NPM-98657 REST API: Device / Object metadata endpoints are now on the peer of the device and not on the master.
Platform S1NPM-110117 Cluster Manager: From Appliance Level, tab Appliance Settings has been removed. Common Criteria is not supported as of SevOne NMS 7.2.0.
Platform S1NPM-110839 Platform: SevOne NMS version is no longer displayed on Dell Server LCD displays.
Platform S1NPM-111106 Device Types: Allows you to associate / unassociate metadata namespaces with device types.
Platform S1NPM-111110

REST API:

  • Can associate any device type to metadata namespace via API.
  • Can unassociate any namespace from any device types using API.
  • Can delete any device type to metadata namespace mappings using API - except the Device and Location namespaces.
  • Can get / filter available mappings via API.

The following API endpoints have been implemented.

  • GET api/v3/devicetypes/{deviceTypeId}/metadata_namespace/
  • POST api/v3/devicetypes/{deviceTypesId}/metadata_namespace/{metadataNamespaceId}/
  • DELETE api/v3/devicetypes/{deviceTypesId}/metadata_namespace/{metadataNamespaceId}/
Platform S1NPM-111431 Cloud Platform: import_data_disk.sh successfully mounts the extra disk on an Azure instance. Due to this, azure_setup.sh is no longer required.
Platform S1NPM-111479 Device Types: During an add / edit of a rule, you can now add Metadata Namespace, Metadata Attribute, and Metadata Value.
Platform S1NPM-111543

User Role Manager: From Permissions tab, add a user, TestGen (for example) under All Roles > System Administrators > Administrators > General Users. Click Save Changes to save the changes after enabling/disabling Device Manager and Can create devices based on the options listed below.

Now, log in to your SevOne NMS as user, TestGen, you have created. If

  • Device Manager is disabled and Can create devices is disabled, you will not be able to add devices.
  • Device Manager is disabled and Can create devices is enabled, you will be able to add devices as user, TestGen.
  • Device Manager is enabled and Can create devices is disabled, you will not be able to add devices.
  • Device Manager is enabled and Can create devices is enabled, you will be able to add devices as user, TestGen.

NOTE: As long as Can create devices is enabled, you will be able to add devices.
Platform S1NPM-112504 Platform: From Cluster Manager > Cluster Settings tab > subtab Custom Logo has been added to allow user to customize the logo.
Platform S1NPM-112864

Cluster Manager: Run Installer button from tab Cluster Upgrade performs the following steps in the background.

  • Cleans up the Cluster Leader's old /data/upgrade/ansible folder.
  • The latest installer from the artifact is extracted in /data/upgrade.
  • The installer, SevOne-gui-installer, is upgraded to the latest version, if a newer version is available.
  • A URL for the installer is generated.
NMS S1NPM-113010 Webhooks: Improved handling of sending One Webhook per Alert. Additional webhooks are no longer sent after a Maintenance Window if one was received before the Maintenance Window.
Platform S1NPM-113036 Platform: Downgrade of large clusters sometimes an issue on mysqldump in prior release, is now resolved.
Platform S1NPM-113194 Platform: Cluster Manager > select an appliance > tab Appliance License > Expiration Date field is no longer relevant.
NMS S1NPM-113585 Webhook Definition Manager: Template Watson AIOps has been renamed to CloudPak for AIOps.
NMS S1NPM-113635 Platform: The following new licensing metrics fields have been added.
  • totalFps
  • fpsCapacity
  • totalFlowInterfaces
  • flowInterfaceCapacity
These fields must be added as indicators under the object licensing_metric_object so that licensing metric data can be collected every 5 minutes to generate a time series.
NMS S1NPM-113754 Platform: External indicators are aged out individually rather than by the entire object.
NMS S1NPM-113857 SDWAN Plugin: Support for Aruba EdgeConnect and Cisco SD-WAN have been added.
SDN S1NPM-114358 SDN Plugin: CPU and memory limits are now set by default for the SDN container. For additional details, please refer to SevOne SDN Collector Set Container Resource Limit guide.

35 issues

CVEs / CWEs

Edit online
Important: It is strongly recommended to run the external security scans such as Nessus, Snyk, or similar on the latest available patch for this release to verify whether the vulnerability has been addressed. If upgrading the production environment is not currently possible, these scans can still be performed in a lab or test environment.
CVEs CVEs (continued) CVEs (continued) / CWEs

CVE-2019-20916

CVE-2020-26555

CVE-2021-46909

CVE-2021-46939

CVE-2021-46972

CVE-2021-46984

CVE-2021-47018

CVE-2021-47069

CVE-2021-47073

CVE-2021-47097

CVE-2021-47101

CVE-2021-47236

CVE-2021-47257

CVE-2021-47284

CVE-2021-47287

CVE-2021-47289

CVE-2021-47304

CVE-2021-47310

CVE-2021-47311

CVE-2021-47321

CVE-2021-47338

CVE-2021-47352

CVE-2021-47353

CVE-2021-47356

CVE-2021-47373

CVE-2021-47383

CVE-2021-47384

CVE-2021-47385

CVE-2021-47386

CVE-2021-47393

CVE-2021-47408

CVE-2021-47412

CVE-2021-47432

CVE-2021-47441

CVE-2021-47455

CVE-2021-47456

CVE-2021-47461

CVE-2021-47466

CVE-2021-47468

CVE-2021-47491

CVE-2021-47495

CVE-2021-47497

CVE-2021-47527

CVE-2021-47548

CVE-2021-47560

CVE-2021-47579

CVE-2021-47582

CVE-2021-47609

CVE-2021-47624

CVE-2022-48624

CVE-2022-48632

CVE-2022-48743

CVE-2022-48747

CVE-2022-48754

CVE-2022-48757

CVE-2022-48760

CVE-2022-48804

CVE-2022-48836

CVE-2022-48866

CVE-2023-5090

CVE-2023-6040

CVE-2023-20584

CVE-2023-22102

CVE-2023-28746

CVE-2023-31315

CVE-2023-31346

CVE-2023-31356

CVE-2023-43804

CVE-2023-50387

CVE-2023-50782

CVE-2023-50868

CVE-2023-52451

CVE-2023-52463

CVE-2023-52464

CVE-2023-52469

CVE-2023-52471

CVE-2023-52476

CVE-2023-52478

CVE-2023-52486

CVE-2023-52522

CVE-2023-52530

CVE-2023-52560

CVE-2023-52605

CVE-2023-52615

CVE-2023-52619

CVE-2023-52622

CVE-2023-52623

CVE-2023-52626

CVE-2023-52648

CVE-2023-52653

CVE-2023-52658

CVE-2023-52662

CVE-2023-52667

CVE-2023-52669

CVE-2023-52675

CVE-2023-52679

CVE-2023-52683

CVE-2023-52686

CVE-2023-52700

CVE-2023-52703

CVE-2023-52707

CVE-2023-52730

CVE-2023-52756

CVE-2023-52762

CVE-2023-52764

CVE-2023-52775

CVE-2023-52777

CVE-2023-52781

CVE-2023-52784

CVE-2023-52791

CVE-2023-52796

CVE-2023-52798

CVE-2023-52800

CVE-2023-52803

CVE-2023-52809

CVE-2023-52811

CVE-2023-52813

CVE-2023-52817

CVE-2023-52832

CVE-2023-52834

CVE-2023-52835

CVE-2023-52840

CVE-2023-52845

CVE-2023-52847

CVE-2023-52864

CVE-2023-52877

CVE-2023-52878

CVE-2023-52881

CVE-2024-1737

CVE-2024-1975

CVE-2024-2201

CVE-2024-2398

CVE-2024-3446

CVE-2024-3651

CVE-2024-4032

CVE-2024-4032

CVE-2024-4032

CVE-2024-4467

CVE-2024-5564

CVE-2024-6232

CVE-2024-6345

CVE-2024-6345

CVE-2024-6345

CVE-2024-6345

CVE-2024-6923

CVE-2024-6923

CVE-2024-6923

CVE-2024-7254

CVE-2024-7383

CVE-2024-7409

CVE-2024-8088

CVE-2024-8088

CVE-2024-21823

CVE-2024-24786

CVE-2024-25638

CVE-2024-25739

CVE-2024-26130

CVE-2024-26583

CVE-2024-26584

CVE-2024-26585

CVE-2024-26586

CVE-2024-26595

CVE-2024-26600

CVE-2024-26614

CVE-2024-26638

CVE-2024-26640

CVE-2024-26645

CVE-2024-26656

CVE-2024-26660

CVE-2024-26665

CVE-2024-26669

CVE-2024-26675

CVE-2024-26686

CVE-2024-26698

CVE-2024-26704

CVE-2024-26717

CVE-2024-26720

CVE-2024-26733

CVE-2024-26735

CVE-2024-26740

CVE-2024-26759

CVE-2024-26769

CVE-2024-26772

CVE-2024-26773

CVE-2024-26801

CVE-2024-26802

CVE-2024-26804

CVE-2024-26810

CVE-2024-26826

CVE-2024-26837

CVE-2024-26840

CVE-2024-26843

CVE-2024-26846

CVE-2024-26852

CVE-2024-26853

CVE-2024-26855

CVE-2024-26859

CVE-2024-26870

CVE-2024-26878

CVE-2024-26880

CVE-2024-26894

CVE-2024-26906

CVE-2024-26907

CVE-2024-26908

CVE-2024-26921

CVE-2024-26923

CVE-2024-26925

CVE-2024-26939

CVE-2024-26940

CVE-2024-26958

CVE-2024-26960

CVE-2024-26961

CVE-2024-26974

CVE-2024-26982

CVE-2024-27010

CVE-2024-27011

CVE-2024-27013

CVE-2024-27019

CVE-2024-27020

CVE-2024-27025

CVE-2024-27042

CVE-2024-27065

CVE-2024-27388

CVE-2024-27395

CVE-2024-27397

CVE-2024-27410

CVE-2024-27434

CVE-2024-28182

CVE-2024-31076

CVE-2024-32002

CVE-2024-32004

CVE-2024-32020

CVE-2024-32021

CVE-2024-32465

CVE-2024-32487

CVE-2024-33621

CVE-2024-34064

CVE-2024-35789

CVE-2024-35790

CVE-2024-35801

CVE-2024-35807

CVE-2024-35809

CVE-2024-35810

CVE-2024-35814

CVE-2024-35823

CVE-2024-35824

CVE-2024-35835

CVE-2024-35838

CVE-2024-35845

CVE-2024-35847

CVE-2024-35852

CVE-2024-35853

CVE-2024-35854

CVE-2024-35855

CVE-2024-35876

CVE-2024-35877

CVE-2024-35884

CVE-2024-35888

CVE-2024-35890

CVE-2024-35893

CVE-2024-35896

CVE-2024-35897

CVE-2024-35899

CVE-2024-35900

CVE-2024-35910

CVE-2024-35912

CVE-2024-35924

CVE-2024-35925

CVE-2024-35930

CVE-2024-35937

CVE-2024-35938

CVE-2024-35944

CVE-2024-35946

CVE-2024-35947

CVE-2024-35952

CVE-2024-35958

CVE-2024-35959

CVE-2024-35960

CVE-2024-35962

CVE-2024-35989

CVE-2024-36000

CVE-2024-36004

CVE-2024-36005

CVE-2024-36006

CVE-2024-36007

CVE-2024-36010

CVE-2024-36016

CVE-2024-36017

CVE-2024-36020

CVE-2024-36025

CVE-2024-36039

CVE-2024-36270

CVE-2024-36286

CVE-2024-36489

CVE-2024-36883

CVE-2024-36886

CVE-2024-36889

CVE-2024-36896

CVE-2024-36901

CVE-2024-36902

CVE-2024-36904

CVE-2024-36905

CVE-2024-36917

CVE-2024-36919

CVE-2024-36920

CVE-2024-36921

CVE-2024-36922

CVE-2024-36924

CVE-2024-36927

CVE-2024-36929

CVE-2024-36933

CVE-2024-36939

CVE-2024-36940

CVE-2024-36941

CVE-2024-36945

CVE-2024-36950

CVE-2024-36952

CVE-2024-36953

CVE-2024-36954

CVE-2024-36960

CVE-2024-36971

CVE-2024-36978

CVE-2024-36979

CVE-2024-37356

CVE-2024-37370

CVE-2024-37371

CVE-2024-37891

CVE-2024-38428

CVE-2024-38538

CVE-2024-38555

CVE-2024-38558

CVE-2024-38559

CVE-2024-38570

CVE-2024-38573

CVE-2024-38575

CVE-2024-38579

CVE-2024-38581

CVE-2024-38596

CVE-2024-38598

CVE-2024-38615

CVE-2024-38619

CVE-2024-38627

CVE-2024-38821

CVE-2024-39276

CVE-2024-39471

CVE-2024-39472

CVE-2024-39476

CVE-2024-39487

CVE-2024-39499

CVE-2024-39501

CVE-2024-39502

CVE-2024-39506

CVE-2024-40901

CVE-2024-40904

CVE-2024-40911

CVE-2024-40912

CVE-2024-40927

CVE-2024-40929

CVE-2024-40931

CVE-2024-40941

CVE-2024-40954

CVE-2024-40958

CVE-2024-40959

CVE-2024-40960

CVE-2024-40972

CVE-2024-40974

CVE-2024-40977

CVE-2024-40978

CVE-2024-40988

CVE-2024-40989

CVE-2024-40995

CVE-2024-40997

CVE-2024-40998

CVE-2024-41005

CVE-2024-41007

CVE-2024-41008

CVE-2024-41012

CVE-2024-41013

CVE-2024-41014

CVE-2024-41023

CVE-2024-41035

CVE-2024-41038

CVE-2024-41039

CVE-2024-41040

CVE-2024-41041

CVE-2024-41044

CVE-2024-41055

CVE-2024-41056

CVE-2024-41060

CVE-2024-41064

CVE-2024-41065

CVE-2024-41071

CVE-2024-41076

CVE-2024-41090

CVE-2024-41091

CVE-2024-41097

CVE-2024-42084

CVE-2024-42090

CVE-2024-42094

CVE-2024-42096

CVE-2024-42114

CVE-2024-42124

CVE-2024-42131

CVE-2024-42152

CVE-2024-42154

CVE-2024-42225

CVE-2024-42226

CVE-2024-42228

CVE-2024-42237

CVE-2024-42238

CVE-2024-42240

CVE-2024-42246

CVE-2024-42322

CVE-2024-43830

CVE-2024-43871

CVE-2024-45490

CVE-2024-45491

CVE-2024-45492

CVE-2024-53104

CWE-349

CWE-770

Known Issues

Edit online

This section lists issues that SevOne is aware of in the 7.2.0 release. Most of these issues were discovered during quality assurance testing and are published here to provide you with information that may be relevant when you plan your update. This list does not include feature requests or low impact issues that do not affect functionality. If you have questions, comments, or concerns, please contact us.

  • If you have a scenario where adding HSA has failed during the masterslave console, format slave step, you may execute the following steps as a workaround.
    • Using a text editor of your choice, edit /config/cron.d/mode file.
    • Search for the line containing discover-netflow.
    • Comment this line by adding a # at the start of this line.
    • Save /config/cron.d/mode file.
    • Add the HSA.
    • Using a text editor of your choice, edit /config/cron.d/mode file again.
    • Search for the line containing discover-netflow.
    • Uncomment this line by removing the # that is at the start of this line.
    • Save /config/cron.d/mode file.
  • REST API docs are unavailable when the domain name has an underscore. For example, http://sevone_test1/api/docs/ or http://sevone_test1.sevone.com/api/docs/.
Component/s Key Known Issues
Platform Operations S1NPM-77802 Policy Import / Export: In certain scenarios, the SevOne-import and SevOne-export functionalities may not manage multiple Webhook Definitions optimally during import/export operations across diverse configurations. For instance, if a policy, encompassing numerous webhook definitions, is initially exported, and subsequently, one or more of these webhook definitions are deleted, a subsequent import operation may encounter failure.
Platform Operations S1NPM-77927 Platform: SevOne import/export does not work with the AWS plugin device.
Platform Operations S1NPM-79915 SNMP: When SNMPv3 credentials are updated, polld requires a restart as the cache does not reflect the new credentials.
Platform S1NPM-110201 SevOne Data Publisher: When configuring the kerberos config krb5.conf file, SDP will not work if variable dns_canonicalize_hostname is set.
Platform S1NPM-110549 xStats: In SevOne NMS 7.0 and above, the configuration of the xStats adapters based on ADK is not migrated properly after the upgrade from a prior release.
Workaround: The following steps must be executed manually post-upgrade.
  • You must be in the NMS container. To enter the NMS container, execute the following command. 
    
sudo podman exec -it nms-nms-nms /bin/bash
  • Execute the following command to identify the log rotations and cron.d files for your adapter. 
    
echo "adapterName,cronDfile,logDir,logRotateFile";\
find /opt/sevone-xstats/ -type f -name install.config.json | \
grep -v backup | \
while read INSTALLCONFIGFILE;do adapterName=$(cat ${INSTALLCONFIGFILE} | \
jq -r '.adapterName');LOGDIR=$(cat ${INSTALLCONFIGFILE} | jq -r '.logDir');LOGROTATEDIR=$(cat ${INSTALLCONFIGFILE} | \
jq -r '.components.Logrotate.logrotateDir');LOGROTATEFILE=$(cat ${INSTALLCONFIGFILE} | \
jq -r '.components.Logrotate.logrotateFile');CRONDIR=$(cat ${INSTALLCONFIGFILE} | \
jq -r '.components.Cron.cronDir');CRONDFILE=$(cat ${INSTALLCONFIGFILE} | \
jq -r '.components.Cron.cronFile');echo "${adapterName},${CRONDIR}/$(eval echo \"$CRONDFILE\"),$(eval echo \"$LOGDIR\"),${LOGROTATEDIR}/$(eval echo \"$LOGROTATEFILE\")";done
    where the output is, 
    
adapterName,cronDfile,logDir,logRotate
GenericCSVTransform,/etc/cron.d/xstats-GenericCSVTransform,/var/log/xstats/GenericCSVTransform,/etc/logrotate.sevone.d/adapter-xstats-GenericCSVTransform
AccedianCSVTransform,/etc/cron.d/xstats-AccedianCSVTransform,/var/log/xstats/AccedianCSVTransform,/etc/logrotate.sevone.d/xstats-AccedianCSVTransform
AccedianNidXmlTransform,/etc/cron.d/xstats-AccedianNidXmlTransform,/var/log/xstats/AccedianNidXmlTransform,/etc/logrotate.sevone.d/xstats-AccedianNidXmlTransform
  • Move the following files to the correct folder. 
    
mv /etc/cron.d/<your xStats adapter name> /config/cron.d/<your xStats adapter name>

mv /etc/logrotate.sevone.d/adapter-xstats* /config/logrotate.sevone.d/

mv /etc/logrotate.sevone.d/xstats* /config/logrotate.sevone.d/
Platform S1NPM-112463 Platform: Peering does not properly distribute ssh keys in Hub-and-Spoke setup.
NMS supports a Hub-and-Spoke setup, where some peers cannot reach each other across the network, as long as the cluster master / cluster leader is fully reachable by all peers. The objective is to make a best-effort attempt to support functions that do not strictly require connectivity to other peers. One case where this standard is not reached is during peering. If a new peer is being added to the cluster which lacks connectivity to just one other peer (not even the cluster master / cluster leader) then, while peering will succeed, the distribution of ssh keys will fail, and no keys will be distributed. 

2024-09-23T21:38:49+00:00 SevOne soa: {"error":"rpc error: code = FailedPrecondition desc = problem encountered executing command",\
"fatal":false,"level":"warning","method":"AddNewNodeStage2","module":"clusterOrchestrator",\
"msg":"failed to fix ssh keys, user should manually fix them from the cluster leader","time":"2024-09-23T21:38:49Z"}
This prevents ssh communication even between peers that are connected across the network, including the cluster master / cluster leader. Running SevOne-fix-ssh-keys manually from the new peer also fails. 

SevOne-fix-ssh-keys

time=2024-09-23T22:37:30.503Z level=ERROR msg="error getting public keys" error=<nil> failureIds="[PeerId: 2 | Peer State: Active]"

The reason is simply that the operation bails entirely if keys are failed to be obtained from even a single peer.

Workaround: Run SevOne-fix-ssh-keys manually on the Cluster Master / Cluster Leader after peering.
Platform S1NPM-112542 Platform: dex and samplicator do not restart on boot even if running previously. 

systemctl enable dex

Failed to enable unit: Unit /run/systemd/generator/dex.service is transient or generated.
  • dex is needed if and only if you are using Single Sign-On (SSO). Otherwise, dex should not be running.
  • samplicator is an optional service if you want to multiplex flow.
Workaround:
  • If you are using Single Sign-On (SSO), you must start dex if it is not already running. 
    
systemctl restart dex
  • To ensure dex starts on reboot, using a text editor of your choice, edit /etc/containers/systemd/dex.container file. 
    
vi /etc/containers/systemd/dex.container
  • Uncomment the following line to enable dex. i.e., remove the # before WantedBy.
    Change from: 
    
[Install]
#WantedBy=multi-user.target
    to: 
    
[Install]
WantedBy=multi-user.target
  • Save file /etc/containers/systemd/dex.container.
Note: This will be have to be re-executed one time after a SevOne NMS upgrade or downgrade.
NMS S1NPM-113539 xStats: If you have upgraded your SevOne NMS from version 6.x to 7.x, you must set the following variables from Command Line Interface before running /opt/sevone-xstats/GenericCSVTransform/bin/console.php script. 

PHPRC=/config/php.d/php-cli.ini

HOME=/
NMS S1NPM-113572 WiFi Plugin: By default, Wi-Fi plugin poll frequency is set to 5 minutes. If it is changed to let's say 3 minutes, it will poll at every 3 minutes, as expected. However, if you refresh New Device / Edit Device page, the user interface will show Wi-Fi plugin poll frequency is set to 5 minutes (its default value) again. Internally, it will continue to poll at every 3 minutes but the user interface is not reflecting the correct value set for field Wi-Fi plugin poll frequency.
NMS / WiFi S1NPM-114363 If you have WiFi solution in your environment and on the cluster leader, NO_PREFIX flag is either set to true or the flag is not set in /config/collectors/wifi/configuration/wifi_global_settings.json file and you want to do an upgrade, it will result in duplicate devices and loss of data.

Workaround: Please refer to the note block titled WiFi solution in your environment? for details.
NMS S1NPM-114545 Platform: SevOne-trapd stops processing traps with high CPU. This issue applies for SevOne NMS 7.2.0 and 7.2.1 versions only; resolved in SevOne NMS 7.2.2.
NMS / SDWAN S1NPM-115128 / S1NPM-115469 VeloCloud Collector: During SevOne NMS 7.2.0 installation, when you navigate to SevOne NMS > Devices > Object Manager > HTTP Poller plugin, the HTTP Poller for the orchestrator device generates Error: HTTP Error 404 on page <device-name> - HTTP error. This issue may be from the API call however, no data loss occurs as a result.

The issue continues to persist when upgrading SevOne NMS from version 7.2.0 to version 7.2.1.

Workaround: Navigate to SevOne NMS > Alerts. Select the device with the 404 error for HTTP Poller. Click the Acknowledge button to acknowledge the alert.
NMS / WiFi S1NPM-115134 Metadata: Field Metadata Last Update displays Multiple value detected due to presence of two timestamps. System is appending the new timestamp instead of overwriting the existing one, resulting in duplicate values.
NMS S1NPM-117402 Platform: MariaDB 10.6.21 allocates too much virtual memory for memory engine tables such as, short term data storage resulting in memory-ring health check errors. 

SevOne-act check memory-ring
                
[ FAIL ] Ring Memory Test - The memmory tables are larger than 90%
There were 1 errors found
Run the following command to check the MariaDB version. 

SevOne-show-version
WiFi S1NPM-118130 Platform: When upgrading SevOne NMS from 7.0.1 or 7.1.0 to 7.2.0, the following fields are missing in /config/collectors/wifi/configuration/advanced_config.env file.

Observed behavior post-upgrade


AUDIT_LOGS_RETENTION_PERIOD=
DEL_AUDIT_LOGS=

Expected behavior


AUDIT_LOGS_RETENTION_PERIOD=8760
DEL_AUDIT_LOGS=True
Note: By default, DEL_OBJECTS must be set to True. However, if the value is False, please contact IBM Support Team.

15 issues