...
- If MongoDB is not present, the installer now offers to install MongoDB Version 3.2.
- opEvents now offers a new database status and statistics page, accessible to admin-level logins (only) from the Help menu.
The display of time and dates when a time zone is configured is now more consistent across all of opEvents's screens.
- The Event Details page now shows the event time in both raw and human-friendly format.
- opEvents can now compensate better for input data with wrong timezone or badly desynchronized clock.
If you set the config optionopevents_max_time_delta
to a positive numberN
, then any event input whose time is off by more thanN
seconds is rewritten with the current time.
Default value is 0, ie. disabled. You cannot set this option to a higher value thanopevents_max_event_age
(which is the upper limit for old events that opEvents will consume). - opeventsd now handles server overload situations better.
The internal queue for event policy actions is now checked for (increasing) size, and a warning log message is created if it should grow above two times the number of parallel processes that opeventsd is allowed to create. In addition to that warning, the new config optionopevents_max_action_queue_age
(default: 3600s) controls whether very old stuck action queue entries should be aborted and purged. The related new optionopevents_reschedule_action_age
(default: 180s) controls how long to wait until rescheduling an action that was started but whose handler process died unexpectedly or timed out. - opEvents policy actions of type
script
are now limited in terms of process runtime.
The config optionopevents_action_max_runtime
(default: 30s) defines how long an external action program is allowed to run. Programs running over time are terminated, and suitable error messages are logged. - Improved error handling and reporting for creating events remotely with
create_remote_event.pl
oropevents-cli.pl
Automatic generation of missing nodes is now configurable and handled more consistently
If the config optionopevents_auto_create_nodes
is set to 'true' (which is the default), then opEvents will create a full node record when it receives an event input for a nonexistent node.
If the option is set to 'false', then the event is skipped altogether, but a record in the raw log will indicate that and why the event was discarded.Renaming and amending of auto-generated nodes now works correctly.
The event correlation engine now honors the combination of the options inhibit and autoacknowledge more completely.
The generic extensible parser
cisco_alternate
has been renamed tocisco_compatible
, and is now the default parser for Cisco-style syslog logfiles for new installations.
For existing installations it is recommended that youmerge or replace the parser definition file
conf/EventParserRules.nmis
with the new defaults frominstall/
,and that you change the config entry
opevents_logs
to switch from the deprecated parsercisco_syslog
to the more flexible parsercisco_compatible
.
plus a number of minor bug fixes.
...