OpManager -

The network, server and virtualization monitoring software

ManageEngine OpManager NetFlow Plug-In Read Me

Welcome to the ManageEngine NetFlow Analyzer Read Me. This Read Me file contains information about the current release, along with system requirements and installation instructions for the Windows and Linux builds of NetFlow Analyzer.

About ManageEngine NetFlow Analyzer

ManageEngine NetFlow Analyzer is a web-based bandwidth monitoring tool that collects NetFlow data exported from routing devices, and uses it to analyze and report on IP traffic across the network. With instant reports on top applications, protocols, conversations, and hosts, NetFlow Analyzer gives you valuable insight into bandwidth usage in your enterprise without the complexity and expense involved in a traditional WAN analysis setup.

For more information on NetFlow Analyzer, visit http://www.netflowanalyzer.com/
For more information on Cisco® NetFlow Services visit http://www.cisco.com/go/netflow

This Read Me is divided into the following sections:

  1. Release Features
  2. System Requirements
  3. Installation and Setup
  4. Contact Information

9.0 Release Features

NetFlow Analyzer 9.8.6 (Build 9860)

Service Pack Released

 

NetFlow Analyzer 9.8 (Build 9800)

Features

  1. NetFlow Configurator
  2. IPv6 support is extended to Historical data(aggregated data) reports, Application mapping, Top sites mapping, Schedule reports and Report profiles
 

NetFlow Analyzer 9.7 (Build 9700)

Features

  1. Support for IP SLA Video Operations
  2. Google maps visualization v3
  3. Interface groups support in Billing module
  4. Source Network and Destination Network based Anamoly detection in ASAM module
  5. Option to ignore events for all resources in ASAM module
  6. IPv6 support in ASAM
  7. Facility to shut down ASAM module from admin settings page
  8. Support for Multicast Reporting
  9. Alert clone copy
  10. User interface has been re-vamped to suit Customer needs
  11. Support for Cisco's Medianet and Mediatrace technology
  12. Support for App-flow
  13. Create and Monitor IP groups using WAN RTT Monitor
  14. Edit Threshold Settings in WAN RTT monitor
  15. Generate on-demand bills in capacity planning reports.
  16. Option to schedule Capacity Planning reports and Medianet reports
  17. Customizable e-mail subject
  18. Performance tuning of product through user interface
  19. Option to Add, Modify, and Delete Top sites
  20. AS Number added in AS Report
  21. Option to Exclude week-end and Business Hour in capacity planing PDF and CSV
  22. Export reports in CSV format for Device and interface based Consolidated Report.
  23. Option to load DNS Names from CSV file
  24. View Top 20 interfaces in consolidated report view per page
  25. Option to Export reports in CSV format for IP Group consolidated report
  26. View IPSLA Collector name in GUI
  27. Global Search - Report Based sorting.
  28. New application names has been added
  29. Anomaly detection based on Source IP and Destination IP
  30. Heuristics based event classification that includes Denial of Service Attack,Host Scan, Port Scan, Diagonal Scan and Grid Scan
  31. Enrichment of events with location details(Geographical and Topological) for Offender IPs and Target IPs
  32. Customized user interface for white listing problem specific Flows and Events(Ignore Events and Discard Flows)
  33. Customized User Interface that includes
    -- Enable/Disable specific Problem
    -- Enable/Disable specific Algorithm
    -- Enable/Disable Resources
  34. Algorithm Settings
    -- Customized Algorithm specific Threshold configuration
    -- Algorithm specific Offender/Target Field configuration
  35. Location(EventList report)
    -- Customized Topological configuration for Offender IPs and Target IPs
    -- Offender/Target Location Mode settings
  36. Security Posture dashboard - Problems & Time Lines
    - Listing all the Problems with the Events(with Pie Chart) and
    Resources(with Bar chart) for each Class
    - Multi-line graph of Time showing occurences of Events, Resources and Problems
  37. Offenders & Targets dashboard - Resources & Time Lines
    - Lists all the Resources along with the Events(Pie-Chart) and problems (with Bar chart) for each Algorithm Type
    - Multi-line graph of Time showing occurences of Events, Resources and Problems
  38. Problem Analysis dashboard
    - Lists all Resources along with the Events(with pie chart) for the specific Problem
    - Multi-line graph of Time showing occurences of Events and Resources
  39. Resource Analysis dashboard
    - Lists all problems along with the events(with pie chart) for the specific Resource
    - Multi-line graph of Time showing occurences of Events and Problems

Bug Fixes

  1. Mail Authentication issues have been fixed
  2. Issues with incorrect speed graphs in the Dashboard have been fixed
  3. Cisco recommended QoS base line - PDF broken link has been fixed
  4. Service start-up issues in Windows 2008 have been fixed
  5. URL Related Security bug fixes
  6. Issues in Auto login has been fixed
  7. index page sorting has been fixed
  8. MySQLl IPv6 issue has been fixed
  9. MS SQl and empty page issue in WAAS has been fixed
  10. Application mapping duplication has been fixed
  11. Individual graph fix in non-English environment
  12. Enhancements in WAAS Reporting to support all CM versions
  13. Issue related to parsing IPSLA Monitor OID has been fixed
  14. Handled Request time out error in QoS polling
  15. CBQoS temp table split fixed
  16. Handled AS Number field in a different position and not in usual position of V9 Flow
  17. Report profile - report display issue on non-english environment
  18. Bill plan config script error in French language
  19. License management script error in Spanish language fixed

NetFlow Analyzer 9.0.0 (Build 9000)

Major Features:

  1. Capacity Planning Report
  2. Report Profiles
  3. Top Sites
  4. Selection box for list of applications
  5. Compare report includes 95th percetile
  6. Compare report includes 1,5,15 min reports
  7. Resolve NATED Addresses in ASA reports
  8. Resizeable columns
  9. Automatic CBQoS configurations for the first 20 routers
  10. Schedule Reports CSV option
  11. Geo location PDF and CSV
  12. Schedule Business hours for last month and week
  13. Standard Deviation calculation in Traffic Report
  14. Interface performance dashboard
  15. Add custom URL widget in Dashboard
  16. Wide Area Application Services (WAAS)
  17. Support IPV6 Address Format
  18. Enhanced Capacity Planning Report
  19. Creating Alert Profile with IP Address as Criteria
  20. Report Filter Enhancements
  21. Option to map IP addresses to site names
  22. Scheduling Options for Compare Reports and Report Profiles
  23. Support for Radius server Authentication in MSSQL
  24. Enhancements to Consolidated Reports
  25. Network Snapshot Improved with Widget for Top N Alerts
  26. String Search Option for IP groups
  27. Custom Selection Option in Device Reports

Bug Fixes:

  1. The average for 5 / 15 Min Data point Average in traffic page has been fixed
  2. The junk characters in Non-english property file has been removed
  3. Sampling in Adtran Devices has been added
  4. Dashboard related issues have been fixed
  5. Consolidated Device based Report - (graph color related issue) fixed
  6. Schedule Report file names with "null" has been fixed
  7. Billing "Alert" issue has been fixed
  8. User Defined DNS added for Schedule reports
  9. Geolocation - "unaccounted" removed
  10. Dashboard - Topstat - Last 15 Min Report - time period wrong
  11. Dashboard related issues have been fixed.
  12. Tomcat Vulnerability issues have been fixed.
    1. Fix for Apache Tomcat SingleSignOn HTTP Cookie exposure Vulnerability (CVE-2008-0128)
    2. Hidden the webserver details (say Apache/Tomcat 5.0.28) and return a blank information for the sake of security.
    3. Fix for the multi-content-length vulnerability issue in Tomcat
    4. Fix for HTTP Cookie (jsessionid) Exposure Vulnerability
  13. Temp raw table growing issue has been fixed
  14. Index page sorting has been fixed
  15. SNMP V3 related issue has been fixed
  16. MailServer related issue has been fixed
  17. admin users sync issue has been fixed
  18. chinese language issue has been fixed

NetFlow Analyzer 8.5 (Build 8500)

Feature:

Advanced Security Analytics Module. More information.

Bug Fixes:

  1. The average for 5 / 15 Min Data point Average in traffic page has been fixed
  2. The junk characters in Non-english property file have been removed
  3. Sampling in Adtran Devices has been added
  4. Dashboard related issues have been fixed
  5. Consolidated Device based Report - (graph color related issue) fixed
  6. Schedule Report file names with "null" has been fixed
  7. IPSLA fix

NetFlow Analyzer 7.5.0 (Build 7500)

Major Features:

  1. Customizable dashboard
  2. Site to site traffic monitoring
  3. GRE application filter
  4. Email option for sending reports with single click.
  5. Policy enabled (CBQoS) routers need not export NetFlow for CBQoS monitoring
  6. DSCP names in alerts and IP groups
  7. Volume based billing
  8. Secondary DNS server lookup
  9. Raw data storage - Can be stored for as less as one hour
  10. Report based on nexthop values.
  11. Localization available in 8 languages.

Minor Features:

  1. Password strength is displayed
  2. "Compare reports" can also be exported as PDF now.
  3. UAE Dirhams added in billing.
  4. Option to modify interface groups.
  5. Users can switch off raw data reports and generate reports from aggregated data, in case of time constraints
  6. Look and feel changed
  7. Subminute visibility available

Bug Fixes:

  1. Issues related to sFlow fixed.
  2. Day light saving time brought into effect. Product will automatically sync to the day light saving time change.
  3. AS view related bug fixed
  4. CBQoS related issues fixed
  5. Automatic deletion of older raw data in non-English-OS issue fixed.
  6. Issue with the "scheduled custom report" fixed

NetFlow Analyzer 7.0.0 (Build 7002)

Bug Fixes

  1. Issue related with "seeing data point only for the last ten minutes in the graphs" has been fixed.
  2. Inablility to start as a service in Linux has been fixed.
  3. Issue related to mysql crashing every 24 hours (typically at 2:00 am every day - while loading DNS entries) has been fixed.
  4. Issue related to mail receiving and mail attachment in scheduled reports has been fixed.
  5. NetFlow Analyzer temporary images stored in the OS tmp folder will be periodically cleaned up.

NetFlow Analyzer 7.0.0 (Build 7001)

Major Features

  1. Usage based billing
  2. Localization supported
  3. Reporting on source network and destination network
  4. Look and feel changed

Minor Features

  1. Option to resolve DNS for single IP addresses.
  2. Quick view graph from the dashboard view for IP groups.

Bug Fixes

  1. Application mapping with IP addresses will be categorized in the order in which they were created.
  2. Ordering of interface list in the browsing of older scheduled reports.
  3. Average calculation bug in scheduled custom report has been fixed.

NetFlow Analyzer 7.0.0 (Build 7000)

Major Features

  1. Reporting on Cisco CBQoS - Useful for monitoring class based pre and post policy traffic usage, class based drops and queuing.
  2. Authentication using radius server
  3. Ability to create IP groups with exclude IP address option
  4. Ability to add application mapping from the Show Ports page for enhanced usability
  5. DNS resolving enhancement of source and destination addresses
  6. Support for user configurable DNS names for IP addresses
  7. Different IN and OUT speed can be configured for interfaces
  8. Support for exporting reports to CSV
  9. Sorting on the Autonomous Systems view for easier tracking and for peering arrangement
  10. Option to exclude ESP_App on user defined interfaces - Ensures that traffic is not double counted in case of ESP tunnels.
  11. Option to suppress output interface accounting on user defined interfaces - Useful when working with WAN accelarators
  12. Option to suppress ACL(Access Control List) related drops (based on destination interface being null) on user defined interfaces
  13. Quick view traffic graph in Dashboard view for enhanced usability
  14. Graphs enhanced to one min granularity and also to real-time in Network Snapshot
  15. Ability to set snmp parameters globally for all routers
  16. Support for sorting of interfaces based on usage in Dashboard View
  17. User management enhanced to provide last login time and current login status for all users
  18. The LHS view can be re-arranged for convenience
  19. Support for configuring alerts on interface groups. Interface groups can be used for checking the router traffic by combining all the interfaces into a single group.
  20. User permission can be granted at a interface group level. This feature would enable providing permission at an interface level while creating a user
  21. Option to view older schedules reports from the UI

Minor Features

  1. Login page enhanced with a "keep me signed in" option
  2. Alerting can be disabled for non-business hours
  3. Ability to Backup.bat just the aggregated data
  4. Option to bulk-load IP groups from flat file
  5. Distribution graph for troubleshooting, custom reports and drill down reports
  6. Configurable deletion of older alerts

Bug Fixes

  1. Bug related to scheduled report attachment resolved
  2. Today report to have only values from 00:00 to current time

NetFlow Analyzer 6.1.0 (Build 6100)

Major Features

  1. Network Snapshot View brought in
  2. Global Comparison Report feature added
  3. QoS reporting brought in
  4. Alerting for IP group added

Minor Features

  1. DSCP Group brought in
  2. Distribution Graph for Conversation added
  3. Support for mail in HTML format

Bug Fixes

  1. Issue in average calculation and monthly report drilldown to 1 min code addition fixed
  2. TCP FLAGS is not reported correctly - fixed
  3. Issues related to google map fixed

NetFlow Analyzer 6.0.0 (Build 6001)

Major Features

  1. Real time reports with graphs updates immediately as the data is received
  2. Support for sFlow data capture and reporting
  3. Option to click and drag on the graph for easier drilldown
  4. IN and OUT traffic (in bytes and packets) for each interface maintained with 1 minute granularity for upto 1 year
  5. Performance improvement in IP group classification engine
  6. Integration with Google Maps for a better view of the network
  7. Ability to report on DSCP mapping
  8. Alerting feature enhanced to send an alert when link goes down or when no flows are received for 15 minutes
  9. Ability to group together applications into a single logical entity

Minor Features

  1. Exporting pages to PDF
  2. More options in the scheduled reports (Modify reports, speed / utilization, IP / DNS and option to zip or not zip the reports)
  3. Option to back up configuration data
  4. Source and Destination dissemination (to see how many unique destination that a source talked to and vice versa).
  5. Individual graph for each source, destination and application
  6. NBAR storage period extended to 1 year
  7. Option to disable an IP Group

Bug Fixes

  1. Bug related to random interfaces appearing with NetFlow V9 has been fixed
  2. Bug in alert mail classification has been fixed
  3. Ambiguity in Min and Max points with respect to the graph has been resolved

NetFlow Analyzer 5.0.0 (Build 5505)

Major Features

  1. Full i18N compliant
  2. Localized setup in Chinese, Croatian, Dutch, French, German, Japanese, Spanish languages

Bug Fixes

  1. Exporting V9 flows will report large number of interfaces than the actual number. This issue has been fixed

NetFlow Analyzer 5.5.0 (Build 5502)

Major Features

  1. Reporting on NBAR statistics
  2. Support for netflow V9
  3. Automatic Scheduling and emailing of reports
  4. Associating IP address in application mapping (in addition to the port and protocol available now)
  5. Ability to create interface group - ability to group interfaces together and monitor traffic
  6. Reporting on ToS and TCP_Flag
  7. Ability to listen on multiple UDP ports for incoming NetFlow datagram packets
  8. Option to retain raw data for upto 30 days.( earlier limit was 2 weeks)

Minor Features

  1. 95-th percentile added in traffic graph.
  2. Configurable from address for emails - both in alert emails and scheduled reports
  3. logZipUtil.bat to include .err file in mysql\data folder
  4. Back-Up DB will have the backup location as configurable and also have option to overwrite the old backup
  5. IP Groups list sorted by name
  6. Values for the first few minutes were not plotted in the last traffic graph. This issue has been fixed.
  7. Ability to enable/disable collection of AS information based on user's needs.

Bug Fixes

  1. Alert will not be generated for interfaces whose interface index is 0.
  2. Bug in NetFlowAnalyzer MIB for SNMP trap (Variables do not correspond to trap varbind order) has been fixed.
  3. When reports are scheduled and automatically emailed, the files and the folders have been appropriately named for easier identification.

NetFlow Analyzer 5.0 Beta (Build 5001)

Major Features

  1. Threshold-based alerting - option to send e-mail notifications and SNMP traps based on alerts
  2. Increased granularity - option to configure maximum time period for retaining raw data (upto 2 weeks)
  3. Enhanced IP group management - option to modify IP groups and associate interfaces to IP groups
  4. Internationalization - option to support local languages (French, German, Spanish, Japanese, and Chinese are available out-of-the-box)

Minor Features

  1. Option to view IfName and If Alias values for an interface in addition to IfDesc value.
  2. Dashboard filters - option to set filters on interfaces displayed on the Dashboard, based on the percentage of incoming and outgoing traffic received.
  3. Enhanced Traffic Filter - option to view hour-based traffic data in daily and weekly traffic graphs.
  4. Support link - Separate link with several options to contact NetFlow Analyzer Technical Support in case of any problems

NetFlow Analyzer 4.0.2 (Build 4020)

Major Features

  1. Support for NetFlow version 7
  2. Reporting based on AS information
  3. Localized setup in Chinese, and Japanese languages

Minor Features

  1. Reporting based on packet count
  2. Port range in mapping applications

Bug Fixes

  1. Fixed PDF loading issue in Acrobat Reader 6.0
  2. Fixed color bug in Dashboard percentage values
  3. Fixed bug in IP address range when incorrect values were entered

NetFlow Analyzer 4.0.1 (Build 4010)

Major Features

  1. Address Grouping - Create monitoring and reporting groups based on IP addresses or applications
  2. Custom reports across multiple interfaces and devices

Minor Features

  1. Criteria to define ports and port ranges in custom reports
  2. Database archiving - Utility that makes a backup of the database.
  3. Support file creation - Utility that zips the log files and database information to send to the NetFlow Analyzer Support Team.
  4. Traffic graphs made as non-stacked graphs, and shown as a combination of line and area graphs
  5. Interface Traffic graphs shown in one-minute intervals

Bug Fixes

  1. Both In and Out traffic of managed interfaces are maintained - Previously traffic was accounted for flows whose source interface was managed. Now traffic is accounted for flows whose source or destination interface is managed.
  2. Fixed mismatch in total number of interfaces marked as managed in DB and memory
  3. Fixed PDF loading bug - Error when exporting to PDF when server was installed in non-"C" drive.
  4. Fixed Applications graph bug - graph was hidden when more than 100 applications were listed.
  5. runQuery.jsp file works fine on Linux platforms

NetFlow Analyzer 4.0.0 (Build 4002)

Bug Fixes

  1. Fixed threading issues in updating database while handling more than 250 interfaces
  2. Fixed issue in determining number of managed interfaces in License Management
  3. Fixed application port bug - minimum value of ports was assigned to an application. Now whichever source or destination port maps to the application is used. Apart from this, source and destination ports are now displayed for unknown applications.
  4. Fixed Delete Router bug - when all interfaces of a disabled router were deleted, new flows from any interface on that router were not processed. Now fixed to enable the router when all its interfaces are deleted. This ensures that if this router starts sending flows again, these incoming flows are processed.
  5. Fixed percentage utilization bug in traffic reports - value was exceeding 100% in some cases.
  6. Fixed Update Router Settings bug - device is now scanned again even if no changes have been made to Router Settings.
  7. SNMP requests to routers sent in batches to ensure better response

Minor Features

  1. NetFlow Analyzer can be run as a service on Linux
  2. Update Manager tool included - tool to apply, manage, and remove service packs and patches
  3. Option to edit Device Settings is available only for Administrator and Operator users
  4. Application Mapping list is sorted on Application name for easy access
  5. More enterprise applications added to the list of applications supported
  6. NetFlow Analyzer can be run as root/non-root user
  7. Server can be started in non-X-windows (headless) environment in Linux/Solaris

NetFlow Analyzer 4.0.0 (Build 4001)

Bug Fixes

  1. Fixed time zone-related bug causing problems in setting Start and End time in graphs
  2. About and Feedback links made to open in separate windows

NetFlow Analyzer 4.0.0 (Build 4000)

General Features

  1. Support for NetFlow version 5 exports
  2. Web-based interface for viewing the network as well as performing administrative tasks
  3. Configurable applications and application ports
  4. Support for logical grouping of routers
  5. Three user levels with different privileges, to enable managing of groups

Graphs & Reports

  1. Instant graphs of network utilization per network interface
  2. Daily, weekly, and monthly reports showing current, average, and peak traffic patterns on an interface, as well as percentage utilization
  3. Reports on Top Applications, Top Sources & Destinations, and Top Conversations
  4. Resolvable source & destination addresses
  5. Reports include protocol & bandwidth utilization information
  6. Subnet-based and IP range-based reports
  7. Consolidated reports to show Top Application, Top Source, and Top Destination for an interface in one report

2.0 System Requirements

The specifications of your system depends on the number of routers sending NetFlow exports to NetFlow Analyzer, as well as how busy the actual router is. The minimum requirements for the system on which NetFlow Analyzer needs to be installed are given below.

Hardware Requirements

  • 2.4 GHz Pentium 4 processor or equivalent
  • 1GB RAM
  • 10GB disk space for the database
  • Monitor that supports 1024x768 resolution

Supported Platforms

  • Windows Vista
  • Windows 2000 Server/Professional with SP4
  • Windows XP with SP1
  • RedHat Linux 8.0, 9.0

Supported Web Browsers

  • Internet Explorer 5.5 and above
  • Netscape 7.0 and above
  • Mozilla 1.5 and above

Note on NetFlow Support:

Ensure that the routing device supports NetFlow or sFlow , and is exporting NetFlow version 5, 7 or 9 only. Refer the User Guide for more information on NetFlow export.

3.0 Installation and Setup

Detailed installation instructions are given in Installation and Setup section of the User Guide. Router setup information is also included in the same document. Specific sections include,

4.0 Contact Information

Email :
Website : http://www.netflowanalyzer.com/
User Forums : http://forums.netflowanalyzer.com
Toll-free : +1 888 720 9500