ManageEngine OpManager NetFlow Plug-In

Welcome to the ManageEngine NetFlow Analyzer Read Me. This Read Me file contains information about the current release, along with system requirements and installation instructions for the Windows and Linux builds of NetFlow Analyzer.

About ManageEngine NetFlow Analyzer

ManageEngine NetFlow Analyzer is a web-based bandwidth monitoring tool that collects NetFlow data exported from routing devices, and uses it to analyze and report on IP traffic across the network. With instant reports on top applications, protocols, conversations, and hosts, NetFlow Analyzer gives you valuable insight into bandwidth usage in your enterprise without the complexity and expense involved in a traditional WAN analysis setup.

For more information on NetFlow Analyzer, visit https://www.netflowanalyzer.com/
For more information on Cisco® NetFlow Services visit http://www.cisco.com/go/netflow

This Read Me is divided into the following sections:

1. Release Features
   • 10.2.5- Build 10250

     NetFlow Analyzer 10.2.5 (Build 10250)

     Features:

     1. Heat Maps : Heat maps in NetFlow Analyzer helps to visualize the health status of all the interfaces in a single page. It uses color codes to depict the severity of the monitored devices.
     2. QoS graphs : QoS graphs displays the real-time information of interface traffic in graphical format. This helps to get a better view of your interfaces and applications performance.
     3. API Client Enhancements :
        • Add & Edit options included in IP Groups, Interface Groups & Alert Profiles.
        • Add option included in DSCP & App Groups.
        • Option to Add, Edit & Delete User Management.
        • New segment named "Attacks" added inside Settings. It comprises of three settings,
          • ASAM Setting:- Start/ Stop the flow processing for Advanced Security Analytics Module.
          • Manage Config:- Enable/ disable the Problems, Resources and Algorithms involved in ASAM.
          • Threshold Setting:- Basic and advance settings to update the threshold values in ASAM.
   • 10.2 - Build 10201

     NetFlow Analyzer 10.2 (Build 10201)

     Features:

     1. Supports high-performance database named as "HighPerf Reporting Engine" for enhancing raw data storage and report generation.
     2. Manual raw data collection option for a Router.
     3. Option to clean up aggregated data.
     4. Option to "Exclude weekends" in alert profile.
   • 9.9.0 - Build 9900

     NetFlow Analyzer 9.9.0 (Build 9900)

     Service Pack Released

     1. Cisco AVC monitoring reports - NBAR2 application reports, HTTP host reports, QoS class hierarchy reports, ART reports
     2. Support for Cisco NBAR2 (Ability to identify 1000+ applications by default)
   • 9.8.6 - Build 9860

     NetFlow Analyzer 9.8.6 (Build 9860)

     Service Pack Released

   • 9.8.0 - Build 9800

     NetFlow Analyzer 9.8 (Build 9800)

     Features

     1. NetFlow Configurator
     2. IPv6 support is extended to Historical data(aggregated data) reports, Application mapping, Top sites mapping, Schedule reports and Report profiles
   • 9.7.0 - Build 9700

     NetFlow Analyzer 9.7 (Build 9700)

     Features

     1. Support for IP SLA Video Operations
     2. Google maps visualization v3
     3. Interface groups support in Billing module
     4. Source Network and Destination Network based Anamoly detection in ASAM module
     5. Option to ignore events for all resources in ASAM module
     6. IPv6 support in ASAM
     7. Facility to shut down ASAM module from admin settings page
     8. Support for Multicast Reporting
     9. Alert clone copy
     10. User interface has been re-vamped to suit Customer needs
     11. Support for Cisco's Medianet and Mediatrace technology
     12. Support for App-flow
     13. Create and Monitor IP groups using WAN RTT Monitor
     14. Edit Threshold Settings in WAN RTT monitor
     15. Generate on-demand bills in capacity planning reports.
     16. Option to schedule Capacity Planning reports and Medianet reports
     17. Customizable e-mail subject
     18. Performance tuning of product through user interface
     19. Option to Add, Modify, and Delete Top sites
     20. AS Number added in AS Report
     21. Option to Exclude week-end and Business Hour in capacity planing PDF and CSV
     22. Export reports in CSV format for Device and interface based Consolidated Report.
     23. Option to load DNS Names from CSV file
     24. View Top 20 interfaces in consolidated report view per page
     25. Option to Export reports in CSV format for IP Group consolidated report
     26. View IPSLA Collector name in GUI
     27. Global Search - Report Based sorting.
     28. New application names has been added
     29. Anomaly detection based on Source IP and Destination IP
     30. Heuristics based event classification that includes Denial of Service Attack,Host Scan, Port Scan, Diagonal Scan and Grid Scan
     31. Enrichment of events with location details(Geographical and Topological) for Offender IPs and Target IPs
     32. Customized user interface for white listing problem specific Flows and Events(Ignore Events and Discard Flows)
     33. Customized User Interface that includes
         -- Enable/Disable specific Problem
         -- Enable/Disable specific Algorithm
         -- Enable/Disable Resources
     34. Algorithm Settings
         -- Customized Algorithm specific Threshold configuration
         -- Algorithm specific Offender/Target Field configuration
     35. Location(EventList report)
         -- Customized Topological configuration for Offender IPs and Target IPs
         -- Offender/Target Location Mode settings
     36. Security Posture dashboard - Problems & Time Lines
         - Listing all the Problems with the Events(with Pie Chart) and
         Resources(with Bar chart) for each Class
         - Multi-line graph of Time showing occurences of Events, Resources and Problems
     37. Offenders & Targets dashboard - Resources & Time Lines
         - Lists all the Resources along with the Events(Pie-Chart) and problems (with Bar chart) for each Algorithm Type
         - Multi-line graph of Time showing occurences of Events, Resources and Problems
     38. Problem Analysis dashboard
         - Lists all Resources along with the Events(with pie chart) for the specific Problem
         - Multi-line graph of Time showing occurences of Events and Resources
     39. Resource Analysis dashboard
         - Lists all problems along with the events(with pie chart) for the specific Resource
         - Multi-line graph of Time showing occurences of Events and Problems

     Bug Fixes

     1. Mail Authentication issues have been fixed
     2. Issues with incorrect speed graphs in the Dashboard have been fixed
     3. Cisco recommended QoS base line - PDF broken link has been fixed
     4. Service start-up issues in Windows 2008 have been fixed
     5. URL Related Security bug fixes
     6. Issues in Auto login has been fixed
     7. index page sorting has been fixed
     8. MySQLl IPv6 issue has been fixed
     9. MS SQl and empty page issue in WAAS has been fixed
     10. Application mapping duplication has been fixed
     11. Individual graph fix in non-English environment
     12. Enhancements in WAAS Reporting to support all CM versions
     13. Issue related to parsing IPSLA Monitor OID has been fixed
     14. Handled Request time out error in QoS polling
     15. CBQoS temp table split fixed
     16. Handled AS Number field in a different position and not in usual position of V9 Flow
     17. Report profile - report display issue on non-english environment
     18. Bill plan config script error in French language
     19. License management script error in Spanish language fixed
   • 9.0.0 - Build 9000

     NetFlow Analyzer 9.0.0 (Build 9000)

     Major Features:

     1. Capacity Planning Report
     2. Report Profiles
     3. Top Sites
     4. Selection box for list of applications
     5. Compare report includes 95th percetile
     6. Compare report includes 1,5,15 min reports
     7. Resolve NATED Addresses in ASA reports
     8. Resizeable columns
     9. Automatic CBQoS configurations for the first 20 routers
     10. Schedule Reports CSV option
     11. Geo location PDF and CSV
     12. Schedule Business hours for last month and week
     13. Standard Deviation calculation in Traffic Report
     14. Interface performance dashboard
     15. Add custom URL widget in Dashboard
     16. Wide Area Application Services (WAAS)
     17. Support IPV6 Address Format
     18. Enhanced Capacity Planning Report
     19. Creating Alert Profile with IP Address as Criteria
     20. Report Filter Enhancements
     21. Option to map IP addresses to site names
     22. Scheduling Options for Compare Reports and Report Profiles
     23. Support for Radius server Authentication in MSSQL
     24. Enhancements to Consolidated Reports
     25. Network Snapshot Improved with Widget for Top N Alerts
     26. String Search Option for IP groups
     27. Custom Selection Option in Device Reports

     Bug Fixes:

     1. The average for 5 / 15 Min Data point Average in traffic page has been fixed
     2. The junk characters in Non-english property file has been removed
     3. Sampling in Adtran Devices has been added
     4. Dashboard related issues have been fixed
     5. Consolidated Device based Report - (graph color related issue) fixed
     6. Schedule Report file names with "null" has been fixed
     7. Billing "Alert" issue has been fixed
     8. User Defined DNS added for Schedule reports
     9. Geolocation - "unaccounted" removed
     10. Dashboard - Topstat - Last 15 Min Report - time period wrong
     11. Dashboard related issues have been fixed.
     12. Tomcat Vulnerability issues have been fixed.
         1. Fix for Apache Tomcat SingleSignOn HTTP Cookie exposure Vulnerability (CVE-2008-0128)
         2. Hidden the webserver details (say Apache/Tomcat 5.0.28) and return a blank information for the sake of security.
         3. Fix for the multi-content-length vulnerability issue in Tomcat
         4. Fix for HTTP Cookie (jsessionid) Exposure Vulnerability
     13. Temp raw table growing issue has been fixed
     14. Index page sorting has been fixed
     15. SNMP V3 related issue has been fixed
     16. MailServer related issue has been fixed
     17. admin users sync issue has been fixed
     18. chinese language issue has been fixed
   • 8.5.0 - Build 8500

     NetFlow Analyzer 8.5 (Build 8500)

     Feature:

     Advanced Security Analytics Module. More information.

     Bug Fixes:

     1. The average for 5 / 15 Min Data point Average in traffic page has been fixed
     2. The junk characters in Non-english property file have been removed
     3. Sampling in Adtran Devices has been added
     4. Dashboard related issues have been fixed
     5. Consolidated Device based Report - (graph color related issue) fixed
     6. Schedule Report file names with "null" has been fixed
     7. IPSLA fix
   • 7.5.0 - Build 7500 (SP 2.0)

     NetFlow Analyzer 7.5.0 (Build 7500)

     Major Features:

     1. Customizable dashboard
     2. Site to site traffic monitoring
     3. GRE application filter
     4. Email option for sending reports with single click.
     5. Policy enabled (CBQoS) routers need not export NetFlow for CBQoS monitoring
     6. DSCP names in alerts and IP groups
     7. Volume based billing
     8. Secondary DNS server lookup
     9. Raw data storage - Can be stored for as less as one hour
     10. Report based on nexthop values.
     11. Localization available in 8 languages.

     Minor Features:

     1. Password strength is displayed
     2. "Compare reports" can also be exported as PDF now.
     3. UAE Dirhams added in billing.
     4. Option to modify interface groups.
     5. Users can switch off raw data reports and generate reports from aggregated data, in case of time constraints
     6. Look and feel changed
     7. Subminute visibility available

     Bug Fixes:

     1. Issues related to sFlow fixed.
     2. Day light saving time brought into effect. Product will automatically sync to the day light saving time change.
     3. AS view related bug fixed
     4. CBQoS related issues fixed
     5. Automatic deletion of older raw data in non-English-OS issue fixed.
     6. Issue with the "scheduled custom report" fixed
   • 7.0.0 - Build 7002 (SP 2.0)

     NetFlow Analyzer 7.0.0 (Build 7002)

     Bug Fixes

     1. Issue related with "seeing data point only for the last ten minutes in the graphs" has been fixed.
     2. Inablility to start as a service in Linux has been fixed.
     3. Issue related to mysql crashing every 24 hours (typically at 2:00 am every day - while loading DNS entries) has been fixed.
     4. Issue related to mail receiving and mail attachment in scheduled reports has been fixed.
     5. NetFlow Analyzer temporary images stored in the OS tmp folder will be periodically cleaned up.
   • 7.0.0 - Build 7001 (SP 1.0)

     NetFlow Analyzer 7.0.0 (Build 7001)

     Major Features

     1. Usage based billing
     2. Localization supported
     3. Reporting on source network and destination network
     4. Look and feel changed

     Minor Features

     1. Option to resolve DNS for single IP addresses.
     2. Quick view graph from the dashboard view for IP groups.

     Bug Fixes

     1. Application mapping with IP addresses will be categorized in the order in which they were created.
     2. Ordering of interface list in the browsing of older scheduled reports.
     3. Average calculation bug in scheduled custom report has been fixed.
   • 7.0.0 - Build 7000 (Beta)

     NetFlow Analyzer 7.0.0 (Build 7000)

     Major Features

     1. Reporting on Cisco CBQoS - Useful for monitoring class based pre and post policy traffic usage, class based drops and queuing.
     2. Authentication using radius server
     3. Ability to create IP groups with exclude IP address option
     4. Ability to add application mapping from the Show Ports page for enhanced usability
     5. DNS resolving enhancement of source and destination addresses
     6. Support for user configurable DNS names for IP addresses
     7. Different IN and OUT speed can be configured for interfaces
     8. Support for exporting reports to CSV
     9. Sorting on the Autonomous Systems view for easier tracking and for peering arrangement
     10. Option to exclude ESP_App on user defined interfaces - Ensures that traffic is not double counted in case of ESP tunnels.
     11. Option to suppress output interface accounting on user defined interfaces - Useful when working with WAN accelarators
     12. Option to suppress ACL(Access Control List) related drops (based on destination interface being null) on user defined interfaces
     13. Quick view traffic graph in Dashboard view for enhanced usability
     14. Graphs enhanced to one min granularity and also to real-time in Network Snapshot
     15. Ability to set snmp parameters globally for all routers
     16. Support for sorting of interfaces based on usage in Dashboard View
     17. User management enhanced to provide last login time and current login status for all users
     18. The LHS view can be re-arranged for convenience
     19. Support for configuring alerts on interface groups. Interface groups can be used for checking the router traffic by combining all the interfaces into a single group.
     20. User permission can be granted at a interface group level. This feature would enable providing permission at an interface level while creating a user
     21. Option to view older schedules reports from the UI

     Minor Features

     1. Login page enhanced with a "keep me signed in" option
     2. Alerting can be disabled for non-business hours
     3. Ability to Backup.bat just the aggregated data
     4. Option to bulk-load IP groups from flat file
     5. Distribution graph for troubleshooting, custom reports and drill down reports
     6. Configurable deletion of older alerts

     Bug Fixes

     1. Bug related to scheduled report attachment resolved
     2. Today report to have only values from 00:00 to current time
   • 6.1.0 - Build 6100

     NetFlow Analyzer 6.1.0 (Build 6100)

     Major Features

     1. Network Snapshot View brought in
     2. Global Comparison Report feature added
     3. QoS reporting brought in
     4. Alerting for IP group added

     Minor Features

     1. DSCP Group brought in
     2. Distribution Graph for Conversation added
     3. Support for mail in HTML format

     Bug Fixes

     1. Issue in average calculation and monthly report drilldown to 1 min code addition fixed
     2. TCP FLAGS is not reported correctly - fixed
     3. Issues related to google map fixed
   • 6.0.0 - Build 6001

     NetFlow Analyzer 6.0.0 (Build 6001)

     Major Features

     1. Real time reports with graphs updates immediately as the data is received
     2. Support for sFlow data capture and reporting
     3. Option to click and drag on the graph for easier drilldown
     4. IN and OUT traffic (in bytes and packets) for each interface maintained with 1 minute granularity for upto 1 year
     5. Performance improvement in IP group classification engine
     6. Integration with Google Maps for a better view of the network
     7. Ability to report on DSCP mapping
     8. Alerting feature enhanced to send an alert when link goes down or when no flows are received for 15 minutes
     9. Ability to group together applications into a single logical entity

     Minor Features

     1. Exporting pages to PDF
     2. More options in the scheduled reports (Modify reports, speed / utilization, IP / DNS and option to zip or not zip the reports)
     3. Option to back up configuration data
     4. Source and Destination dissemination (to see how many unique destination that a source talked to and vice versa).
     5. Individual graph for each source, destination and application
     6. NBAR storage period extended to 1 year
     7. Option to disable an IP Group

     Bug Fixes

     1. Bug related to random interfaces appearing with NetFlow V9 has been fixed
     2. Bug in alert mail classification has been fixed
     3. Ambiguity in Min and Max points with respect to the graph has been resolved
   • 5.5.0 - Build 5505 (SP 1.2)

     NetFlow Analyzer 5.0.0 (Build 5505)

     Major Features

     1. Full i18N compliant
     2. Localized setup in Chinese, Croatian, Dutch, French, German, Japanese, Spanish languages

     Bug Fixes

     1. Exporting V9 flows will report large number of interfaces than the actual number. This issue has been fixed
   • 5.5.0 - Build 5502 (SP 1.1)

     NetFlow Analyzer 5.5.0 (Build 5502)

     Major Features

     1. Reporting on NBAR statistics
     2. Support for netflow V9
     3. Automatic Scheduling and emailing of reports
     4. Associating IP address in application mapping (in addition to the port and protocol available now)
     5. Ability to create interface group - ability to group interfaces together and monitor traffic
     6. Reporting on ToS and TCP_Flag
     7. Ability to listen on multiple UDP ports for incoming NetFlow datagram packets
     8. Option to retain raw data for upto 30 days.( earlier limit was 2 weeks)

     Minor Features

     1. 95-th percentile added in traffic graph.
     2. Configurable from address for emails - both in alert emails and scheduled reports
     3. logZipUtil.bat to include .err file in mysql\data folder
     4. Back-Up DB will have the backup location as configurable and also have option to overwrite the old backup
     5. IP Groups list sorted by name
     6. Values for the first few minutes were not plotted in the last traffic graph. This issue has been fixed.
     7. Ability to enable/disable collection of AS information based on user's needs.

     Bug Fixes

     1. Alert will not be generated for interfaces whose interface index is 0.
     2. Bug in NetFlowAnalyzer MIB for SNMP trap (Variables do not correspond to trap varbind order) has been fixed.
     3. When reports are scheduled and automatically emailed, the files and the folders have been appropriately named for easier identification.
   • 5.0.0 - Build 5001 (SP 3)

     NetFlow Analyzer 5.0 Beta (Build 5001)

     Major Features

     1. Threshold-based alerting - option to send e-mail notifications and SNMP traps based on alerts
     2. Increased granularity - option to configure maximum time period for retaining raw data (upto 2 weeks)
     3. Enhanced IP group management - option to modify IP groups and associate interfaces to IP groups
     4. Internationalization - option to support local languages (French, German, Spanish, Japanese, and Chinese are available out-of-the-box)

     Minor Features

     1. Option to view IfName and If Alias values for an interface in addition to IfDesc value.
     2. Dashboard filters - option to set filters on interfaces displayed on the Dashboard, based on the percentage of incoming and outgoing traffic received.
     3. Enhanced Traffic Filter - option to view hour-based traffic data in daily and weekly traffic graphs.
     4. Support link - Separate link with several options to contact NetFlow Analyzer Technical Support in case of any problems
   • 4.0.2 - Build 4020 (SP 2)

     NetFlow Analyzer 4.0.2 (Build 4020)

     Major Features

     1. Support for NetFlow version 7
     2. Reporting based on AS information
     3. Localized setup in Chinese, and Japanese languages

     Minor Features

     1. Reporting based on packet count
     2. Port range in mapping applications

     Bug Fixes

     1. Fixed PDF loading issue in Acrobat Reader 6.0
     2. Fixed color bug in Dashboard percentage values
     3. Fixed bug in IP address range when incorrect values were entered
   • 4.0.1 - Build 4010 (SP 1)

     NetFlow Analyzer 4.0.1 (Build 4010)

     Major Features

     1. Address Grouping - Create monitoring and reporting groups based on IP addresses or applications
     2. Custom reports across multiple interfaces and devices

     Minor Features

     1. Criteria to define ports and port ranges in custom reports
     2. Database archiving - Utility that makes a backup of the database.
     3. Support file creation - Utility that zips the log files and database information to send to the NetFlow Analyzer Support Team.
     4. Traffic graphs made as non-stacked graphs, and shown as a combination of line and area graphs
     5. Interface Traffic graphs shown in one-minute intervals

     Bug Fixes

     1. Both In and Out traffic of managed interfaces are maintained - Previously traffic was accounted for flows whose source interface was managed. Now traffic is accounted for flows whose source or destination interface is managed.
     2. Fixed mismatch in total number of interfaces marked as managed in DB and memory
     3. Fixed PDF loading bug - Error when exporting to PDF when server was installed in non-"C" drive.
     4. Fixed Applications graph bug - graph was hidden when more than 100 applications were listed.
     5. runQuery.jsp file works fine on Linux platforms
   • 4.0.0 - Build 4002

     NetFlow Analyzer 4.0.0 (Build 4002)

     Bug Fixes

     1. Fixed threading issues in updating database while handling more than 250 interfaces
     2. Fixed issue in determining number of managed interfaces in License Management
     3. Fixed application port bug - minimum value of ports was assigned to an application. Now whichever source or destination port maps to the application is used. Apart from this, source and destination ports are now displayed for unknown applications.
     4. Fixed Delete Router bug - when all interfaces of a disabled router were deleted, new flows from any interface on that router were not processed. Now fixed to enable the router when all its interfaces are deleted. This ensures that if this router starts sending flows again, these incoming flows are processed.
     5. Fixed percentage utilization bug in traffic reports - value was exceeding 100% in some cases.
     6. Fixed Update Router Settings bug - device is now scanned again even if no changes have been made to Router Settings.
     7. SNMP requests to routers sent in batches to ensure better response

     Minor Features

     1. NetFlow Analyzer can be run as a service on Linux
     2. Update Manager tool included - tool to apply, manage, and remove service packs and patches
     3. Option to edit Device Settings is available only for Administrator and Operator users
     4. Application Mapping list is sorted on Application name for easy access
     5. More enterprise applications added to the list of applications supported
     6. NetFlow Analyzer can be run as root/non-root user
     7. Server can be started in non-X-windows (headless) environment in Linux/Solaris
   • 4.0.0 - Build 4001

     NetFlow Analyzer 4.0.0 (Build 4001)

     Bug Fixes

     1. Fixed time zone-related bug causing problems in setting Start and End time in graphs
     2. About and Feedback links made to open in separate windows
   • 4.0.0 - Build 4000
     (GA)

     NetFlow Analyzer 4.0.0 (Build 4000)

     General Features

     1. Support for NetFlow version 5 exports
     2. Web-based interface for viewing the network as well as performing administrative tasks
     3. Configurable applications and application ports
     4. Support for logical grouping of routers
     5. Three user levels with different privileges, to enable managing of groups

     Graphs & Reports

     1. Instant graphs of network utilization per network interface
     2. Daily, weekly, and monthly reports showing current, average, and peak traffic patterns on an interface, as well as percentage utilization
     3. Reports on Top Applications, Top Sources & Destinations, and Top Conversations
     4. Resolvable source & destination addresses
     5. Reports include protocol & bandwidth utilization information
     6. Subnet-based and IP range-based reports
     7. Consolidated reports to show Top Application, Top Source, and Top Destination for an interface in one report
2. System Requirements

   2.0 System Requirements

   The specifications of your system depends on the number of routers sending NetFlow exports to NetFlow Analyzer, as well as how busy the actual router is. The minimum requirements for the system on which NetFlow Analyzer needs to be installed are given below.

   Hardware Requirements

   • 2.4 GHz Pentium 4 processor or equivalent
   • 1GB RAM
   • 10GB disk space for the database
   • Monitor that supports 1024x768 resolution

   Supported Platforms

   • Windows Vista
   • Windows 2000 Server/Professional with SP4
   • Windows XP with SP1
   • RedHat Linux 8.0, 9.0

   Supported Web Browsers

   • Internet Explorer 5.5 and above
   • Netscape 7.0 and above
   • Mozilla 1.5 and above

   Note on NetFlow Support:

   Ensure that the routing device supports NetFlow or sFlow , and is exporting NetFlow version 5, 7 or 9 only. Refer the User Guide for more information on NetFlow export.

3. Installation and Setup

   3.0 Installation and Setup

   Detailed installation instructions are given in Installation and Setup section of the User Guide. Router setup information is also included in the same document. Specific sections include,

   • Installing NetFlow Analyzer
   • Starting and Shutting Down
   • Setting up Cisco Routers
4. Contact Information

   4.0 Contact Information

   Email :
   Website : https://www.netflowanalyzer.com/
   User Forums : https://forums.netflowanalyzer.com
   Toll-free : +1 888 720 9500