Versa Analytics Release Notes for Release 21.2
This document describes features, enhancements, fixes, and known issues in the Release 21.2 Versa Analytics software, for Releases 21.2.0 (simply called 21.2) through 21.2.3. Releases 21.2.1 and later are general available (GA) releases and are supported for use in production networks.
August 2, 2022
Revision 3
Product Documentation
The Versa Networks product documentation is located at https://docs.versa-networks.com.
Install the Versa Analytics Software
To install the Versa Analytics software, see the Deployment and Initial Configuration articles.
Before You Upgrade
Before you upgrade the Analytics software to Release 21.2, upgrade the OS SPack on all Analytics nodes following the steps in Use OS Security Packages.
Release 21.2 requires that Analytics nodes run the Fusion database platform; the DSE database platform is not supported.
Before you upgrade, check the Analytics database platform:
- Upgrading to Release 21.2.2 or later requires that the underlying database to be Fusion. If the database is not Fusion, upgrade to 21.2.1 and then migrate the database to Fusion. After the Fusion migration, upgrade to Release 21.2.2 or later.
- Check whether the database is using the DSE or Fusion package. In Director view, select Analytics > Administration > Version in the left menu bar. If the string in the Database Version field ends with F, the database is Fusion. If it ends with E or does not display any character, the database is DSE.
- If the database is DSE, SSH to any of the analytics or search nodes and issue the following command:
versa@versa-analytics:~$ dse -v 4.5.2
- If the database is DSE 4.5.x, upgrade to DSE 4.8 using the DSE migration scripts in the Customer Support article at https://support.versa-networks.com/support/solutions/articles/23000019690
- After you upgrade to DSE 4.8, upgrade the Analytics application to Release 21.2, as described in Upgrade to Release 21.2, below.
Upgrade to Release 21.2
You can upgrade Versa Analytics nodes to Release 21.2 from any service release of Release 16.1R2, that is, from Releases 16.1R2(Sx), and from Releases 20.2.x. Upgrading to Release 21.2.2 or later requires the underlying database to be Fusion. If the database is not Fusion, upgrade to Release 21.2.1 and then migrate the database to Fusion. After the Fusion migration, upgrade to Release 21.2.2 or later.
To upgrade to Release 21.2:
- Copy the appropriate binary package file to the /home/versa/packages/ directory on the Analytics node. Ensure that the file has +x execute permission. Alternatively, issue the following command, which copies the file to the /home/versa/packages directory:
versa@versa-Analytics> request system package fetch uri uri
- Install the new software package:
versa@Versa-Analytics> request system package upgrade filename.bin
- Check the status of the Versa services to determine whether they have started:
admin@versa-analytics:~$ vsh status
- If the services have not started, start them:
admin@versa-analytics:~$ vsh start
- Ensure that the Analytics IP addresses are present:
- Search node IP addresses are listed under Search Hosts
- Analytics node IP addresses are listed under Analytics Hosts
- All log collector or forwarder IP addresses are listed under Driver Hosts
- After the upgrade completes, a message may display indicating that you should reboot the system. Even if a message does not display, it is recommended that you reboot the system to account for any GRUB or kernel parameter changes. To reboot the system:
admin@versa-analytics:~$ sudo reboot
After the reboot completes, the Versa services automatically restart.
Checks To Perform After the Upgrade
In Release 21.2, you cannot access the Versa Analytics application using port 8080, to avoid any security vulnerabilities. By default, only secure ports 443 and 8443 are enabled in Analytics, and port 8443 is used for communication between the Director and Analytics nodes. When you upgrade to Release 21.2 on Director nodes, the upgrade process automatically changes the northbound interface port number 8080 to 8443, and it automatically synchronizes the certificates required for SSL communication between the Analytics and Director nodes.
If there is no communication between the Versa Director and Versa Analytics nodes, perform the following steps:
- Check whether any firewall rule is blocking Versa Director to Versa Analytics communication on port 8443.
- Connect to Versa Analytics directly using https://analytics-ip-address to determine whether the portal is accessible. This ensures that the application is reachable using a secure port and that the SSL certificate is valid.
- Log in to the Versa Analytics node using the same username and password as the Versa Director node. If the login is successful, this means that RBAC between the Analytics and Director nodes is working using a secure connection. If the login is not successful, install Versa Director certificates on Versa Analytics nodes as described in https://support.versa-networks.com/a/solutions/articles/23000010418.
- Log in to the Versa Director shell and issue the following CLI command to check whether the Versa Analytics truststore has been created on Versa Director:
admin@versa-director:/var/versa/vnms/data/certs$ ls -tlr versa_analytics_truststore.ts -rw-rw---- 1 versa versa 1274 Jul 30 05:42 versa_analytics_truststore.ts
- If the truststore file does not exist or if the Versa Analytics certificates were regenerated, resynchronize and import the Versa Analytics certificates by running the vd-van-cert-upgrade.sh script in the active Director shell. This script transfers the Versa Analytics certificates from each of the Analytics nodes configured under the connectors and then imports them. You must restart Versa Director for the certificate to take effect.
admin@versa-director:~$ sudo su – versa versa@versa-director:~$ /opt/versa/vnms/scripts/vd-van-cert-upgrade.sh --pull
For example:
versa@versa-director:.../vnms/scripts$ ./vd-van-cert-upgrade.sh --pull Pulling Analytics certificates to Director key store Checking previous version config path Changing port for [Analytics] No modifications to commit. Port Migration completed VAN Clusters IPs: [ 10.48.189.23 ] Removing previous analystics cert store Getting Certificate for : 10.48.189.23 depth=0 C = US, ST = California, L = Santa Clara, O = versa-networks, OU = VersaAnalytics, CN = versa-analytics verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = California, L = Santa Clara, O = versa-networks, OU = VersaAnalytics, CN = versa-analytics verify return:1 DONE Importing Certificate for : 10.48.189.23 Certificate was added to keystore Certificates Imported... Requires restart.. Do you want to postpone restart (y/N): N [sudo] password for versa: Stopping VNMS service ------------------------------------ Stopping TOMCAT................[Stopped] Stopping REDIS.................[Stopped] Stopping NETBOX-IPAM...........[Stopped] Stopping POSTGRE...............[Stopped] Stopping SPRING-BOOT...........[Stopped] Stopping SPACKMGR..............[Stopped] Stopping NCS...................[Stopped] * Stopping daemon monitor monit Starting VNMS service ------------------------------------ Starting NCS...................[Started] Starting POSTGRE...............[Started] Starting NETBOX-IPAM...........[Started] Starting SPRING-BOOT.......... [Started] Starting REDIS.................[Started] Starting TOMCAT................[Started]
Fusion Database Information
Starting with Release 20.2, Versa Analytics supports a new database platform called Fusion, which is based on open source technology. When you install a new Analytics cluster using a Release 20.x or Release 21.x ISO/QCOW2/OVA image, the Fusion database is automatically enabled. If you are upgrading from Release 16.1R2 to Release 20.x or Release 21.x, you must run additional scripts after you upgrade the software to install Fusion database and migrate the data.
The following are some of the frequently asked questions related to this database upgrade:
- Why should we upgrade the database to Fusion?
- The Fusion database uses the latest version of database software that provides better scaling and performance, and fixes many security vulnerabilities. The DSE database used in Release 16.1R2 has reached its end of life.
- Although there currently is feature compatibility between the DSE Analytics database and the Fusion database, it will soon be required to diverge to take advantage of newer capabilities in the Fusion database, and so newer features may be available only in Fusion database.
- Is there any impact on reports and features after the upgrade?
- All reports and features available in Release 16.1R2 are also available in Releases 20.2 and later. Additionally, the new releases provide many new reports and features and vulnerability fixes.
- Some reports in Releases 21.2.1 and later use features specific to the Fusion database. These reports are not available without the Fusion database.
- I am using Versa Analytics Release 16.1R2. I want to upgrade to Release 20.2, Release 21.1, or Release 21.2. Which image do I download and how do I upgrade?
- First, upgrade the software to the desired version. To upgrade to Release 21.2.1, see Upgrade to Release 21.2, above. The software update does not automatically upgrade the database to Fusion. The underlying DSE database remains.
- Then, upgrade the database to Fusion. To do this, you can use a cluster upgrade script to uninstall the DSE packages and install Fusion packages. This script upgrades one node at a time. Historical data is preserved and real-time search data is truncated. The upgrade scripts and related documentation are available here:
https://versanetworks.box.com/s/8pdi9ppyjzfq8cx53s10l3zbwt6k2kbw - If you are upgrading a large database or have issues while running the upgrade scripts, contact the Versa Support team.
- Is it possible to upgrade only Versa Analytics to Release 20.2, Release 21.1, or Release 21.2 to use the Fusion database?
- Release 20.2.2 of Versa Analytics is backward compatible with Releases16.1R2S10 and 16.1R2S11 of Versa Director and Versa Operating SystemTM (VOSTM ) (previously called FlexVNF).
- Release 21.1.1 of Versa Analytics is backward compatible with Releases 16.1R2S10 and 16.1R2S11, and with Release 20.2.2 of VOS. However, Versa Director and Versa Analytics must be running Release 21.1.1.
- Release 21.2.1 of Versa Analytics is backward compatible with Releases 16.1R2S10 and 16.1R2S11, and with Release 20.2.2 or 21.1.x of VOS. Release 21.2.1 of Versa Analytics is compatible with Versa Director 21.1.2 for all features except single sign-on (SSO) authentication.
- Release 21.2.2 of Versa Analytics is backward compatible with Releases 16.1R2S10 and 16.1R2S11, and with Release 20.2.x or 21.1.x of VOS. Release 21.2.2 of Versa Analytics is compatible with Versa Director 21.1.x for all features except single sign-on (SSO) authentication.
- Release 21.2.3 of Versa Analytics is backward compatible with Releases 16.1R2S10 and 16.1R2S11, and with Releases 20.2.x, 21.1.x, and 21.2.x of VOS software. Release 21.2.3 of Versa Analytics is compatible with Versa Director 21.1.x for all features except single sign-on (SSO) authentication.
- Will there be downtime during the upgrade to Release 20.2, Release 21.1, or Release 21.2?
- The upgrade from Release 16.1R2 to Release 20.2, Release 21.1, or Release 21.2 is like any other upgrade in that only the Versa application software is upgraded. During the upgrade process, data is not lost. When you upgrade the database from DSE to Fusion using the upgrade script, there will be some downtime for the database operations (approximately 1 to2 hours), depending on the size of the cluster. You will not lose any logs, and streaming to third-party collectors will not be interrupted. To reduce the downtime, you can bring up a new cluster that is running Release 20.2, Release 21.1, or Release 21.2 and then configure the Controller to use the server IP addresses of the new cluster so that logs start flowing to the new cluster. If data stored in older cluster must be migrated to the new cluster, use one of these options:
- Export the archived data from the old cluster to the new cluster, and then restore it. Depending on the number of days and size of the data, this can take some time because archive logs do not differentiate between the type of data. All the data for the specified interval is transferred and restored. The scripts to trigger log transfer and restore are available here:
https://support.versa-networks.com/a/solutions/articles/23000008970 - Export the processed data from the old cluster to the new cluster, and then restore it. Here, you can specify the type of data you want to export and restore. The script is available here:
https://versanetworks.box.com/s/vryjpluuv18dfat03hxb5a49pgws0cx5
- Export the archived data from the old cluster to the new cluster, and then restore it. Depending on the number of days and size of the data, this can take some time because archive logs do not differentiate between the type of data. All the data for the specified interval is transferred and restored. The scripts to trigger log transfer and restore are available here:
- The upgrade from Release 16.1R2 to Release 20.2, Release 21.1, or Release 21.2 is like any other upgrade in that only the Versa application software is upgraded. During the upgrade process, data is not lost. When you upgrade the database from DSE to Fusion using the upgrade script, there will be some downtime for the database operations (approximately 1 to2 hours), depending on the size of the cluster. You will not lose any logs, and streaming to third-party collectors will not be interrupted. To reduce the downtime, you can bring up a new cluster that is running Release 20.2, Release 21.1, or Release 21.2 and then configure the Controller to use the server IP addresses of the new cluster so that logs start flowing to the new cluster. If data stored in older cluster must be migrated to the new cluster, use one of these options:
For more information, see Migrate the Versa Analytics Database from DSE to Fusion.
New Features
This section describes the new Versa Analytics features in Release 21.2. Releases 21.2.1 and later of Versa Analytics are backward compatible with any service release of Release 16.1R2, that is, from Releases 16.1R2(Sx), of VOS software. Releases 21.2.1 and later of Versa Analytics are also backward compatible with Releases 20.2 and Releases 21.1of VOS software.
- Advanced logging service—(For Releases 21.2.3 and later.) You can configure the advanced logging service (ALS) connector, and then on-premises Analytics clusters can reference the connector for various log types. See Configure the Versa Advanced Logging Service.
- Analytics alarm settings enhancements—(For Releases 21.2.2 and later.) Versa Analytics includes new alarm types and overrides for default severity settings per alarm type. These settings allow you to:
- Enable parameters for new alarms for CPU utilization, memory utilization, disk utilization and Versa Analytics driver stuck.
- Configure the severity for set and clear alarms.
- Configure overrides for threshold alarms for low-threshold and high-threshold severity alarms.
- Analytics cluster redundancy—You can configure Analytics cluster redundancy. There are two redundancy options: active-backup mode and active-active mode.
In active-backup mode, the secondary (backup) cluster is used only when the primary cluster goes down. The application delivery controller (ADC) load balancer on the Controllers steers the log connections to the secondary cluster during data center failure. When the primary data center comes back up, the ADC switches the connections back to the primary cluster. The secondary cluster may have collected data for the duration of the time of failure. The secondary cluster may run the database or just perform the log collection function. You can use cron scripts on the secondary cluster to ship logs back to the primary cluster when it comes back up.
The following components are involved for managing active-backup Analytics clusters:
• Director—Director has two connectors: one pointing to the primary cluster and another pointing to the secondary cluster. Director can access Analytics data by switching to the primary or secondary cluster IP address.
• Controllers—The application delivery controllers (ADC) running on the primary and backup Controllers have one virtual IP address (VIP) pointing to two pools: a primary and a backup. The primary pool contains servers of the primary data center and the backup pool contains servers of the secondary data center. See Configure an Application Delivery Controller.
• Branches—Branches are configured with LEF collector groups containing LEF collectors using the VIPs of the primary and backup Controllers as their destination IP address and port.
A configuration example for Controller1 is shown below.
admin@SDWAN-Controller1-cli(config-adc)% show lb { servers { LEF-Collector-Analytics-1 { type any; ip-address 192.168.95.2; port 1234; state enabled; routing-instance provider-org-Control-VR; } LEF-Collector-Analytics-2 { type any; ip-address 192.168.95.3; port 1234; state enabled; routing-instance provider-org-Control-VR; } LEF-Collector-Analytics-3 { type any; ip-address 192.168.96.2; port 1234; state enabled; routing-instance provider-org-Control-VR; } LEF-Collector-Analytics-4 { type any; ip-address 192.168.96.3; port 1234; state enabled; routing-instance provider-org-Control-VR; } } server-pools { VAN-Primary-Pool { type any; member LEF-Collector-Analytics-1; member LEF-Collector-Analytics-2; } VAN-Secondary-Pool { type any; member LEF-Collector-Analytics-3; member LEF-Collector-Analytics-4; } } virtual-services { VAN-VIP { type any; address 10.0.0.0; port 1234; default-pool VAN-Primary-Pool; default-backup-pool VAN-Secondary-Pool; fallback-to-active enabled routing-instance provider-org-Control-VR; } } }
A similar configuration is done on Controller2.
A configuration example for Tenant1 on a branch VOS device is shown below.
[edit orgs org-service Tenant1 lef] collectors { collector LEF-Collector-log_collector1 { destination-address 10.0.0.0; à Controller1 VIP destination-port 1234; routing-instance provider-org-Control-VR; transport tcp; template Default-LEF-Template; } collector LEF-Collector-log_collector2 { destination-address 10.0.0.4; -> Controller2 VIP destination-port 1234; routing-instance provider-org-Control-VR; transport tcp; template Default-LEF-Template; } } collector-groups { collector-group Default-Collector-Group { collectors [ LEF-Collector-log_collector1 LEF-Collector-log_collector2 ]; } } profiles { profile Default-Logging-Profile { collector-group-list [ Primary-Collector-Group Secondary-Collector-Group ]; } } default-profile Default-Logging-Profile;
In active–active mode, both primary and secondary clusters receive log data from VOS devices. The ADCs on the Controllers have separate VIPs for the primary and secondary clusters. There is no backup pool configured on the VIPs. During normal conditions, both clusters will have the same data. During failure, the cluster which is down may not have the data for the period of failure. Data will not be synced between the clusters. You may need to connect to both the clusters to compare the data during failure scenarios.
The following components are involved for managing active-active clusters:
- Director—Director has two connectors: one pointing to the primary cluster and another pointing to the secondary cluster. Director can access Analytics data by switching to the primary or secondary cluster IP address.
- Controllers—The ADC running on each Controller has two VIPs using only primary pools. The first VIP on each Controller points to servers in the primary cluster and the second VIP on each Controller points to servers in the secondary cluster.
- Branches—Branches are configured with two LEF collector-groups. One collector-group contains log collectors with the VIPs of primary and backup Controller pointing to the primary cluster as destination IP and port. The other collector-group contains collectors with the VIPs of primary and backup Controller pointing to the secondary cluster as destination IP and port. A collector group list containing both collector groups is configured under the LEF profile.
A configuration example for Controller1 is shown below.
admin@SDWAN-Controller1-cli(config-adc)% show lb { servers { LEF-Collector-Analytics-1 { type any; ip-address 192.168.95.2; port 1235; state enabled; routing-instance provider-org-Control-VR; } LEF-Collector-Analytics-2 { type any; ip-address 192.168.95.3; port 1235; state enabled; routing-instance provider-org-Control-VR; } LEF-Collector-Analytics-3 { type any; ip-address 192.168.96.2; port 1236; state enabled; routing-instance provider-org-Control-VR; } LEF-Collector-Analytics-4 { type any; ip-address 192.168.96.3; port 1236; state enabled; routing-instance provider-org-Control-VR; } } server-pools { VAN-Primary-Pool { type any; member LEF-Collector-Analytics-1; member LEF-Collector-Analytics-2; } VAN-Secondary-Pool { type any; member LEF-Collector-Analytics-3; member LEF-Collector-Analytics-4; } } virtual-services { VAN-Primary-VIP { type any; address 10.0.0.0; port 1235; default-pool VAN-Primary-Pool; routing-instance provider-org-Control-VR; } VAN-Secondary-VIP { type any; address 10.0.0.0; port 1236; default-pool VAN-Secondary-Pool; routing-instance provider-org-Control-VR; } } }
A similar configuration is done on Controller2.
A configuration example for Tenant1 on a branch VOS device is shown below
[edit orgs org-service Tenant1 lef] collectors { collector LEF-Collector-log_collector1 { destination-address 10.0.0.0; à Controller1 VIP destination-port 1235; routing-instance provider-org-Control-VR; transport tcp; template Default-LEF-Template; } collector LEF-Collector-log_collector2 { destination-address 10.0.0.4; -> Controller2 VIP destination-port 1235; routing-instance provider-org-Control-VR; transport tcp; template Default-LEF-Template; } collector LEF-Collector-log_collector3 { destination-address 10.0.0.0; à Controller1 VIP destination-port 1236; routing-instance provider-org-Control-VR; transport tcp; template Default-LEF-Template; } collector LEF-Collector-log_collector4 { destination-address 10.0.0.4; -> Controller2 VIP destination-port 1236; routing-instance provider-org-Control-VR; transport tcp; template Default-LEF-Template; } } collector-groups { collector-group Primary-Collector-Group { collectors [ LEF-Collector-log_collector1 LEF-Collector-log_collector2 ]; } collector-group Secondary-Collector-Group { collectors [ LEF-Collector-log_collector3 LEF-Collector-log_collector4 ]; } } profiles { profile Default-Logging-Profile { collector-group-list [ Primary-Collector-Group Secondary-Collector-Group ]; } } default-profile Default-Logging-Profile;
- Analytics log collector nodes accept newer IPFIX template version—In releases prior to Release 21.2.1, Analytics log collector nodes process IPFIX logs only if they are received with a template version less than or equal to its known value. In Releases 21.2.1 and later, Analytics log collector nodes can accept logs from VOS devices running newer versions of the IPFIX template.
By default, new log types sent by branches are dropped and log types recognized by Analytics nodes are accepted and parsed. You can change the default behavior from the CLI. If you disable the default values, all logs with a higher IPFIX template version are dropped. To disable the default values:
versa@versa-analytics% show log-collector-exporter settings template backward-compatible-only false;
You can check the value using vty commands:
LCED-DBG> show lced globals LEF Template Version: 97 Kafka Version : 0.11.4-2-g13befa-dirty LEF template version check relaxed - false
- Analytics platform alarms—Analytics platform alarms provide real-time status about services and activities that require attention. These alarms are logged locally on the hosts, and they can also be streamed to third-party remote collectors, including Director nodes. See Configure Analytics Device Alarms.
- Analytics Secure Access > Users dashboard displays top user count by appliance, continent, city, and country—(For Releases 21.2.2 and later.) You can display the top VOS devices, continents, cities, and countries by user count.
In Director view, select Analytics > Dashboards > Secure Access > Users > Summary to display the following:
Drill down to display the users for each category:
-
Analytics System dashboard displays search log activity—(For Releases 21.2.2 and later.) You can display the number of search logs per type, tenant, and appliance.
Select Analytics > Dashboards > System > Search to display the following.
- Application reports for SD-WAN and DIA traffic—(For Releases 21.2.2 and later.) You can generate application usage reports for traffic sent on an SD-WAN or DIA interface as follows:
- Custom date and time selection widget—(For Releases 21.2.2 and later.) A new widget for custom date and time selection has been added for dashboard and reporting screens. This widget allows you to specify a custom relative date and time range in addition to an absolute date and time range.
For example, in Director view, select Analytics > Dashboards > SD-WAN. The following screen displays:
In the main pane, select Custom Range from the second drop-down menu. The Select Custom Data/Time Range window displays: - Data plane availability report—The data plane availability report shows whether a branch has connectivity to any other remote branches other than Controller nodes. To display the data plane availability charts, select the Availability tab of a site, as shown below. A new service uptime report shows how long the device. You can use the information in this report to determine whether there were any local issues, such as service restarts and device reboots.
To display information about SD-WAN health metrics over time, drill down from the data plane statistics grid:
Information about the number of seconds all remote sites are down, and other SD-WAN path and site-related statistics is sent using an sdwanHealthLog. An example of an sdwanHealthLog is shown below. This log is sent to the Analytics node every 5 minutes.
2021-01-18T23:05:14+0000 sdwanHealthLog, applianceName=SDWAN-Controller2, tenantName=CVS, generateTime=1611011100, tenantId=7, applianceId=0, vsnId=0, duration=300000, pathsUp=0, pathsDown=0, pathsNoConf=0, rmtSitesUp=0, rmtSitesDown=0, allRmtSitesDown=0, allRmtSitesDownTime=0, svcUptime=329778, allLclCktDown=0
- Last month time selector—In the day/time selector, you can choose the last month. The last month is the previous calendar month. For example, if today is February 15, the last month report provides data for January, from January 1 through 31.
- Local collectors for allowed tenants—(For Releases 21.2.3 and later.) You can configure local collectors on Analytics nodes to accept logs only from specified tenants to ensure that only logs from these tenants are parsed and processed by the collector.
- Local collectors for syslog over TLS—(For Releases 21.2.3 and later.) You can configure local collectors on Analytics nodes to receive logs that are in syslog format over TLS transport with the following configuration. When you select TLS transport, you must specify the path to certificates in the TLS Attributes group of fields.
- LEF collector group list—Log export functionality (LEF) on VOS devices is used to send service-specific logs, such as SD-WAN, CGNAT, security, and system logs, to a destination collector. These services refer to a LEF profile, which points to a destination collector or a collector group. A LEF collector group is a container for one or more collectors that are in active-backup mode. Logs are sent to one of the active collectors in the collector group. In Release 21.2.1, you can send logs to multiple destination collectors for high availability or for serving different applications by configuring a collector group list. A LEF profile can refer to a collector, collector group, or collector group list. A collector group list is a list of collector groups. Logs are sent to the active collector of each of the collector groups in the list.
For example, the following configuration creates a collector group list containing Collector-Group1 and Collector-Group2:
[edit orgs org-services Tenant1 lef]
profiles {
profile Default-Logging-Profile {
+ collector-group-list [Collector-Group1 Collector-Group2];
}
}
- Log archive management—After logs are processed on Analytics log collector nodes, the logs are compressed and stored in gzip files in the Analytics archive directory on the node on which they were received. You can restore or delete archived logs from the Director node. You can view the dates of the oldest and newest log archive file and the number of log archive files.
To view, restore, and delete log files, go to the Analytics > Administration > Maintenance > Log Archives screen.
Select Delete Archive Logs to free disk space on log collector nodes by deleting archived files for a specific tenant or VOS device and time range.
Select Restore Archive Logs to extract the archived files for a specific tenant or VOS device and time range into a destination directory. If the destination directory is /var/tmp/log, the data is returned io the database.
Select View Archive Log Details to determine the number of archived files and the filenames of the oldest and newest files for a tenant or VOS device and for a log collector.
- Log export from Analytics reporting tool—In the Analytics reporting tool, after you generate a report containing logs, you can export the logs to a compressed file from the GUI.
For any report type containing logs, choose the number of rows and then click Add. An Export icon displays. Click to trigger the backend to export the data to a file, compress it and then make it available for download. The process may take few minutes depending on amount of data downloaded.
For example, to generate a report containing traffic logs in Versa Director:
A progress bar displays in place of the Export icon while the logs are exported. This changes to a Download icon once the export is complete. For example:
Click the download button to download a tar.gz file to your local system. You can uncompress and extract the file using any file extraction tool.
After you generate a report, you can access the exported files under Analytics > Reporting> Manage > Exported Reports. For example:
- Log collector connection eviction optimizations—The Analytics local log collector processes the logs received from client connections. By default, each local collector has a maximum connection limit set to 512. When this limit is reached, the log collector stops accepting new connections. You can increase the maximum number of connections. However, doing so can overload the log collector node, especially if all the connections are carrying active data.
To handle more connections, you add more log collectors. For example, 1024 tenants/appliances may need 2048 connections (for active-backup mode) or four log collectors to handle the processing. You can reduce the number of connections by enabling the suspend backup collector option in the collector groups on customer premises equipment (CPE). If you enable this option, only one connection is enabled during steady-state conditions. However, during some failure conditions, there may be multiple connections from the same CPE.
Releases 21.2.1 introduces connection eviction on Analytics log collector nodes. Connection eviction closes unused connections so that the Analytics log collector node can make space for active connections from CPEs. Normally, there can be multiple connections from the same CPE. However, logs are sent only on one of the connections. When you enable connection eviction, if the maximum connection limit is reached, connections may be closed. Connection eviction is done as follows:- If the number of connections from a tenant/appliance is greater than 1, evict the least used connection.
- If there is only one connection from a tenant/appliance and the connection has been idle for more than 10 minutes, evict the connection.
You can configure connection eviction as follows:
versa@SDWAN-Versa-Analytics% show collector1 { address 192.168.95.2; port 1234; max-connections 56; # By default eviction is turned on + connection-eviction true; storage { directory /var/tmp/log; format syslog; } }
You can use VTY commands to check eviction. A new table is maintained to map the tenant/appliance to connection list.
LCED-DBG> show lced connections local Local Collector : collector1(0) Tenant: Tenant1 Appliance: SDWAN-Branch3 Count: 1 FD List: 34 Tenant: provider-org Appliance: SDWAN-Branch1 Count: 1 FD List: 38 Tenant: provider-org Appliance: SDWAN-Branch4 Count: 1 FD List: 60 Tenant: Tenant6 Appliance: SDWAN-Branch4 Count: 1 FD List: 53 Tenant: Tenant7 Appliance: SDWAN-Branch1 Count: 1 FD List: 36 Tenant: Tenant10 Appliance: SDWAN-Branch2 Count: 1 FD List: 43 Tenant: Tenant1 Appliance: SDWAN-Branch2 Count: 2 FD List: 46 146 Tenant: Tenant6 Appliance: SDWAN-Branch1 Count: 1 FD List: 37 Tenant: Tenant7 Appliance: SDWAN-Branch4 Count: 1 FD List: 61 : : CPEs : 33 Conns: 34 CPEsWithRedConn: 1
To check connection evictions:
LCED-DBG> show lced stats | grep -i evict Evict Unused Connection Events : 26 Evict Unused Connection Count : 24
- Rule statistics support for DIA traffic—(For Releases 21.2.2 and later, and for Releases 21.1.3 and later.) You display DIA rule statistics as shown in the following screenshots. In earlier releases, the rule statistics on the SD-WAN site dashboard showed utilization for traffic sent on the SD-WAN overlay only.
- SD-WAN application report enhancements—The traffic type and forwarding class are new fields in logs sent from VOS devices running Releases 21.2.1 and later. The SD-WAN application drilldown displays usage per traffic type and forwarding class as shown below. Traffic type can be SD-WAN or DIA. Forwarding class can be one of the 16 forwarding classes, for example: fc_ef, fc_be, fc_nc, or fc_af.
For example, from the Analytics > Dashboard > SD-WAN > Sites screen, select SDWAN-Branch4 from the drop-down. Click the Applications tab and then click the linkedin application on the Top Applications by Bandwidth graph.
The logs corresponding to these reports are as follows:
2021-03-05T00:57:12+0000 monStatsLog, applianceName=SDWAN-Branch4, tenantName=Tenant1, mstatsTimeBlock=1614906000, tenantId=2, vsnId=0, mstatsTotSentOctets=535, mstatsTotRecvdOctets=1074, mstatsTotSessDuration=300000, mstatsTotSessCount=1, mstatsType=sdwan-acc-ckt-app-stats, appId=github, site=SDWAN-Branch4, accCkt=WAN3, siteId=106, accCktId=3, user=172.16.11.110, networkPrefix= , traffType=SDWAN, fc=fc_be, risk=2, productivity=3, family=general-internet, subFamily=web, bzTag=Business
- SD-WAN site tag enhancements—SD-WAN reports allow you to filter based on site tags to get reports for a subset of sites for a tenant. The same concept extends to generating reports for sites with matching tags.
- Secure access report enhancements—The secure access report under Analytics > Dashboard > Secure Access > Users > Registry provides details of the number of registered users per gateway, client OS, client OS version, client version, and location, as shown below.
The logs corresponding to these reports are as follows:
2021-02-23T20:01:46+0000 secAccUserRegEventLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Customer-1, vsnId=0, applianceId=1, tenantId=1, userName=abc@versa-networks.com, latitude=9.5869, longitude=76.5213, os=macos, osVersion=11.2.1, secAccClientVersion=7.2.1
- Statistics rollup—The Analytics platform receives large volumes of data every 5 minutes from VOS devices. Reports with source IP and destination IP addresses typically take up large amounts of storage and computing resources. You can configure VOS devices to send only the top-N of these types of reports to reduce the number of records sent and processed. However, there can still be a large number of unique records over an hour or a day.
Statistics rollup provides a mechanism to reduce the volume of stored data by performing aggregation and computing the top-N for the hour and day. Releases 21.2.1 and later support rollup for firewall sources and destination statistics reports. Migration cron jobs are run automatically on the Analytics nodes to migrate existing data to new roll tables.
Note that after you upgrade to Release 21.2.1 or later, you may not be able to display historical firewall source and destination statistics reports until the migration task is complete. This may take a few hours to a few days, depending on size of the existing tables.
- Synchronized charts for path status—A new synchronized chart option displays multiple time-series charts for SD-WAN path status for charts containing the same zoom level and time range. This helps in visualizing various metrics of the paths at the same time.
To view a synchronized chart, choose a from site and to site under the Analytics > Dashboards > SD-WAN > Paths> Usage tab as shown below. Metrics for all paths between the branches are displayed.
- Syslog priority values in remote templates—(For Releases 21.2.3 and later.) For remote templates, you can configure a syslog priority value. For remote template for logging to third-party collectors, set the priority type value as follows:
- System anomalies report—You can display VOS device anomalies under Analytics > Dashboard > System> Appliance Anomalies. The appliance anomalies are:
- CPU load exceeded
- Memory load exceeded
- Packet buffer depletion (running out of mbufs)
- Session load exceeded
- Service load exceeded
- Worker thread busy (LCORE detection)
Drill down to display charts showing each of the anomalies over time.
The log corresponding to these reports is as follows:
2021-03-03T17:55:03+0000 systemHealthLog, applianceName=HE-DC-Branch-1, tenantName=Corp-Inline-Provider, generateTime=1614794100, duration=300000, applianceId=0, vsnId=0, tenantId=2, numLcoreInactivity=0, numMbufDepletions=0, numSvcLoadExceeded=16, numSessLoadExceeded=0, numCpuLoadExceeded=0, numMemLoadExceeded=0
A system health log is exported from each appliance every 5 minutes to Analytics. These logs are exported in provider organization (appliance owner) context on multitenant branches.
- Tenant usage reports—(For Releases 21.2.3 and later.) At the tenant level, you can aggregate the statistics of individual appliances for a number of reports. Analytics provides report templates for the Tenant Usage for SD-WAN and Tenant Usage for DIA report types.
- Threshold-based reporting—In releases prior to Release 21.2, the Analytics reporting tool provides metrics as summaries, time series, and tables. In Releases 21.2.1 and later, you can filter based on conditions that you set per report type. Some of the examples are usage reports if bandwidth exceeds certain threshold, sites or links with low availability, and sites whose violations exceed a limit. The following screen displays an example of SD-WAN access circuit usage across all sites of a tenant with session count exceeding a certain value:
The following screen displays an example of a conditional report for sites with low availability:
- TWAMP reports—The Two-Way Active Measurement Protocol, defined in RFC 5357, is used to measure metrics such as delay, delay variation, and loss between two IP endpoints that support the TWAMP sender and receiver functionality. The metrics are exported to Analytics nodes. The Analytics > Dashboard > System > Measurements screen displays the TWAMP metrics per IP session for a tenant or VOS device.
The following metrics are collected:
- Received and transmitted packets
- Received and transmitted packet errors
- Two-way delay, forward delay, and reverse delay
- Two-way delay variation, forward delay variation, and reverse delay variation
Drill down to display metrics over time:
The logs corresponding to these reports are as follows:
2021-03-03T16:22:53+0000 twampSenderSessLog, applianceName=Branch1, tenantName=ServiceProvider, twampSrc=70.0.1.2:50000, twampDst=70.0.2.2:50000, twampVRF=ISP-A-Transport-VR, twampDSCP=32, tenantId=6, v snId=0, applianceId=1, twampPktSz=false|27, twampNumPkts=100000, twampNumPktLoss=0, twampNumTx=6488, twampNumRx=6488, twampNumTxErr=0, twampNumRxErr=1, twampFwdDelay=2307|17|80952, twampRevDelay=2390|376|31616, twamp2WayDelay=4699|417|92210, twampFwdDelayVar=2270|0|80914, twampRevDelayVar=2009|0|31240, twamp2WayDelayVar=4269|0|91793, twampStartTime=1614735029, twampEndTime=1614788573
- WiFi statistics—You can find WiFi reports under Analytics >Dashboard> System > Interfaces. For a multitenant device, these reports are part of the provider organization (appliance owner organization). The main dashboard of the WiFi Interfaces tab displays the devices and the connected clients for the specified time range.
To display information about all the clients connected to the VOS device, drill down on the VOS device:
To display information about client traffic usage and signal strength, drill down on a client in the grid:
The logs corresponding to these reports are as follows:
2021-03-04T00:05:11+0000 wifiClientStatsLog, applianceName=CSG355-Qual, tenantName=Provider-Org, generateTime=1614816300, tenantId=2, vsnId=0, applianceId=0, interfaceName=vni-0/201, macAddr=9e:23:65:d5:0b:69, ipAddr=192.168.101.4, hostname=iPhone, ssid=Adv-5G2, band=2.437 GHz, recvdOctets=268001, sentOctets=20430475, duration=300000, uptime=299, rssi=-34, snr=6
Fixed Bugs
The following are the critical and major defects fixed in Release 21.2.
Fixed Bugs in Release 21.2.1
Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11, in Release 20.2.3, and in Release 21.1.2 are available in Release 21.2.1.
Bug ID |
Summary |
---|---|
55976 | Application crash caused because of expensive queries and heap exhaustion. This issue has been fixed. Now, the maximum limit for a query is set to 200,000 records. |
57948 | Fix to secure access map icon when clustering is required. |
58311 | Versa-lced process may not start on Bionic systems when versa-confd does not fully start. This issue has been fixed. |
58314 | PDF file generated from data tables may not display all columns because of a space issue. This issue has been fixed. Now, the appropriate zoom level is used to fit all table columns. |
58743 | Add support for forwarding class and traffic type during application drilldown, for VOS devices running Release 21.2. |
58931 | If you select the site tag filter, SD-WAN Map view shows sites with matching site tags instead of all sites. This issue has been fixed. Also added support for site tag filters in the reporting tool. |
59084 | Add support for special characters in Analytics local user password. |
59150 | Add Africa to the timezone selection list. |
59887 | Add support for join queries to join two different report data. |
60255 | Remove duration column from the data tables, because it is used only for internal calculations. |
60275 | Fix for VLR score computation issue in SD-WAN TCP APM report. |
61002 | If you not configure email settings, display a warning message when you want to generate report and send report notifications using email. |
61048 | Add date time selector filter to filter by last calendar month. |
61251 | Python2 to Python3 migration for vulnerability fixes requires migration of all Python scripts. Support for the Analytics database manager script was missing, which caused problems in a fresh installation of Release 21.1.1. This issue has been fixed. |
61878 | Time series chart in dashboards now aggregate per hour for the last 7 days instead of using 5-minute or 15-minute data. |
61915 | Add support for streaming Analytics platform–generated alarms to remote collectors, including Versa Director. |
62001 | Fix start/stop option in Agents & ETL Status under Administration > System > General in Analytics GUI. |
62051 | Enable confd audit log and web GUI access log on analytics and log forwarder nodes by default |
62058 | Remote collector connection status show command and GUI are enhanced to display transport type, number of flaps, and last flapped count. |
62197 | Add support for setting banner text from Analytics GUI Administration tab. |
62280 | In the log’s hierarchy, rename SD-WAN SLA Violation to Traffic Steering. |
62308 | Log collector exporter process is in busy state when there are a large number of TACACS+ CLI accounting logs. This issue has been fixed. Now, the logs are processed in a staggered manner to avoid process overload. |
62427 | Fix to show MOS value in time series charts in correct range. In Release 21.1.1, the value shown is divided by 100. |
62569 |
Fix ETL monitoring page loading time, broken tabs, and page layout under Analytics GUI Administration > System Status in Analytics GUI. |
62610 |
Fix SD-WAN QoE chart for post SD-WAN optimization to show correct information when the site is down. |
63044 |
SD-WAN QoE chart displays 50% score when path is completely down. This issue has been fixed. |
63172 |
Add GUI support for setting TACACS+ configuration for analytics and log forwarder nodes. |
63251 |
Add GUI support for setting syslog priority field in remote collector template for syslog export. |
63264 |
Fix breadcrumb implementation in Analytics dashboard navigation to show content again when you click the breadcrumb a second time. |
63516 |
Site/link availability fixes:
|
63892 |
Allow one metric selection for summary data using pie chart in reporting and dashboard. For metrics such as Volume Tx Rx, two pie charts would display side by side, causing the labels to overlap because of lack of space. In such cases column chart or bar chart can be chosen. If pie chart is chosen, user can select only one metric. |
64047 |
Add help option in Log Collector Configuration page. |
64384 |
When tenant operator logs into analytics, administration page now hides all the tabs except for version. |
64398 |
Add vsh monit start/stop command to start or stop the versa monit service. The sudo service monit start/stop is deprecated for Bionic. |
64512 |
Enhancements to show query-related errors for each chart within the chart itself instead of on the top of the page. |
64567 |
Fix for setting the same tab position when user drills down with WAN link in SD-WAN site view. |
64985 |
After an administrator unlocks a locked user configured through TACACS+, the unlocked user should not be shown in the show system locked-users command output. This issue has been fixed. |
65715 |
When you drill down from Dashboard > System page, you are already in appliance view. This issue has been fixed. The fix disables appliance filter in the drill down page to avoid losing context. |
66028 |
Fix to not show labels as “Slice” in summary data with empty metric values. |
66297 | SD-WAN site, link availability, and QoE metrics can take up to 15 minutes for the latest time block to display accurate information, because they relies on arrival of SLA and other logs to determine the state. There could be latency during log arrival or logs could be lost. For accurate state determination, more log data over time needs to be analyzed. |
Fixed Bugs in Release 21.2.2
Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11, in Release 20.2.4, and in Release 21.1.3 are available in Release 21.2.2.
Bug ID |
Summary |
---|---|
37832 |
Ability to search on SSL log clientAddr field. |
56153 |
Availability report in PDF form is not rendered correctly. |
56635 |
ETL monitor under Administration > System Status to show one chart per row. |
63787 |
Add severity and disable options to alarm settings in log collector exporter configuration. |
65819 |
LCED UI not showing the status if the name has space in it. |
66305 |
Cannot select pie chart if two or more metrics are selected on dashboard charts. |
66497 |
Fix issue for secure access scheduled report when multiple VOS devices are selected. |
66501 |
After upgrade, firewall source and destination statistics were not showing for the last hour because of a VOS device issue. |
66622 |
Access circuit available bandwidth not showing user-friendly number on Y axis. |
66775 |
Remote export of logs not working if storage is disabled for flow in local collector configuration. |
66787 |
Show system package info command to display operating system version. |
66837 |
Wheen upgrading to Release 21.2.1, NTP server configuration was overwritten. |
66914 |
SLA metrics data for Release 21.1.1 and earlier VOS devices not displaying in UI. |
67123 |
Display user-readable metric names in reports. |
67279 |
Datatables not populated for tenantSuperAdmin users because of some API restrictions. |
67323 |
Datatables search issue when there is more than one table with search option. |
67454 |
Application startup issue after upgrading because of multiple tomcat versions. |
67903 |
Use common widget for tenant/appliance/site drop-down in dashboard and reporting. |
68026 |
In the Ubuntu Bionic Analytics image, cpu/memory/disk resource utilization for Analytics nodes was not working. |
68061 |
Display appropriate error message if connectivity to search engine fails. |
68642 |
Support for Layer 2 SD-WAN rule statistics report per tenant/site. |
68687 |
Fix for preventing flooding of alarms from LCED alarm infrastructure on console with Ubuntu Bionic image. |
68921 |
Under Administration > System Status, last analytics data cleanup was not shown correctly. |
69280 |
ETL stats not seen in UI although received from API response. |
69434 |
For tenantOperator role, add SD-WAN feature by default under Administration > Configuration > Settings > Authentication > Roles Configuration. |
69601 |
Analytics appliance context in Director shows "Disk Space is Critically Low" when disk space is healthy. |
69796 |
Support for timezone in scheduled report display under reporting. |
69985 |
Fix to allow user with tenant operator role to edit scheduled report. |
70026 |
Analytics report graph selection is not clear for different chart types, such as pie chart and bar chart. |
70043 |
In system interface utilization time series chart, Y axis labels were incorrect when TX and RX utilization was selected. |
70229 |
Breadcrumb support for showing filter path when a different site is selected under site dashboard. |
70280 |
If application restarts when user is accessing the UI, redirection should take place immediately instead of showing an error message. |
70288 |
Fix to report QoS interface statistics per device instead of for all devices. |
70321 |
Extra widget shown in content removal page if we delete any data in content removal. |
70355 |
SLA logs from Release 16.1R2 device will not have new fields. Treat them as 0. |
70360 |
SLA metrics in hourly time series go over 100%. |
70396 |
Modify alarms severity text font colors for easy reading. |
70487 |
Read-only users should not have access to edit data in Administration tab. |
70580 |
In some browsers, when certain invalid characters are entered in the URL for accessing the Analytics standalone GUI, the version of web server used by the Analytics node is visible. |
70706 |
Javascript file hosted in Analytics portal exposes an internal IP address |
70736 |
If Controller access for a user role is disabled, hide showing the data in search queries. |
70916 |
Fix for site list drop down not showing all sites in scaled environment. |
70919 |
Fix for UI display issues in reporting schedule option. |
70972 |
Support in reporting tool to add multiple filters of same type for a query. |
71188 |
Settings screen showing [object Object] message instead of showing proper error message. |
71310 |
Fix for LCED VMEM_ID_LCED_STOR_BUF showing negative value for used bytes. |
71373 |
Fix for SLA metrics time series charts showing invalid values and labels for certain time ranges. |
71399 |
QoE chart to user 5% as threshold instead of 4% to determine if status is poor or fair. |
71726 |
When multiple metrics are selected for summary data and if pie chart is the chart type, data can overlap. Prevent such selection and display an error message. |
71781 |
After upgrade, search data configuration in the UI is shown as disabled even though it is not saved. Fix to show the correct state of the configuration in the UI. |
72061 |
Fix for data plane and QoE report saving error |
72074 |
Removed unsupported metrics in URL filtering report generation. |
72296 |
Fix for trend line showing negative values in some scenarios. |
72298 |
Trend line settings should get reset when navigating to other charts. Also chart type should not change when trend line setting are done. |
72426 |
Secure access users map not showing all sites/traffic activity when a user is associated with more than one gateway. |
Fixed Bugs in Release 21.2.3
Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11, in Release 20.2.4, and in Release 21.1.3 are available in Release 21.2.3.
Bug ID | Summary |
---|---|
72274 |
Fix for page refreshing continuously when the Enter key is clicked while saving a report. |
73423 |
Fix for Versa Director not initiating connection to Analytics because of too many close_wait state to analytics IP:Port. |
74324 |
Fix to prevent tenant operators from being able to change or save settings on the Administration page. |
75558 |
Availability reports to include up to 2 decimal digits. For example, 99.99%, 99.9% if it is 99.90%, and 99% if it is 99.00%. |
76488 |
Fix to SD-WAN for QoE score degradation after enabling FEC. QoE computation has been enhanced to include the reverse loss obtained from SLA metrics. |
76726 |
SSL log enhancements to include additional match filters and operations, such as not equal to. |
77477 |
Fix to show Analytics cluster CPU/memory for all instances. |
77869 |
Under Administration > Data Configuration > Search data retention settings, resetting log daily limit gives an error. |
78900 |
Fix for autorefresh not working on the Analytics dashboard. |
78960 |
Fix for APM metrics for tcpReXmitFwd, tcpReXmitRev shown as 0% because of incorrect conversion. |
79487 |
Fix for TWAMP delay/delay variation metrics represented in msec. |
80492 |
Fix for Analytics report after page reload getting stuck and adding & at the end of the URL. |
80691 |
Total Sites"in SD-WAN dashboard is not drillable. Avoid showing hyperlink. |
80782 |
Fix for QoE report in last 30 days not showing any data. |
81109 |
Scalability and performance improvements by implementing new tables with partition keys. |
81700 |
Fix to show the alarms received in the same second in the order of generation by sorting on both the sequence number and the receive time. |
81707 |
Remove deleted tags Analytics in a short interval so that user cannot login again. |
82211 |
Remove displaying internal field 'at' in raw logs because it is not significant to the user. |
82296 | Fix to log archive script which was not archiving all the files under heavy load. |
82752 |
Fix to prevent time selector drop-down going behind the map widget. |
83144 |
Remove CGNAT VSN usage report because it is deprecated. |
Behavior Changes
The following are the behavior changes in Release 21.2:
-
Starting with Release 21.2.x, the Analytics software checks the the number of Apache ZooKeeper servers in the vansetup.conf script before running the script. (ZooKeeper performs internode communication among the nodes in an Analytics cluster.) If the number is even, the Analytics software changes it to an odd number. Using an odd number of ZooKeeper servers instead of an even number optimizes the internode communication. For example, if the vansetup.conf script has four ZooKeeper servers, the Analytics software changes the number to three. For the changed configuration to take effect, you must execute the vansetup.py script on each Analytics node.
Known Issues
The following are the known issues in Release 21.2.
Known Issues in Release 21.2.1
Bug ID |
Summary |
---|---|
41534 |
Custom role creation view box and log filter drop box close automatically if you click outside the box. |
42468 |
Search collection creation fails during installation if the hostname is not bound to the IP address on which the search node is listening, which is the interconnect IP address. As a workaround, have the search node’s interconnect IP address be the first IP address in the /etc/hosts file. |
42469 |
If you select an appliance is selected in map filter, to change the appliance name, you must first delete the existing name and then choose another appliance name. |
42555 |
Standby Director may not responding to REST API calls, so the standby Director cannot be registered until a failover is performed. |
46001 |
Maintaining accounting records might stop working and then start working again after you reset auditd. |
54713 |
Users maps on the secure access dashboard works only if you select Google maps as the map provider under Administrator > Settings > Display Settings. |
58931 |
User map site tag feature is supported only for Google maps. |
59517 |
As part of statistics rollup infrastructure changes for Releases 21.2, after you upgrade to Release 21.2.1, there is a delay in populating historical firewall source and destination statistics reports on UI. A daily cron job migrates the historical firewall source and destination data to the new rollup infrastructure. There is no impact on new data post upgrade |
60658 |
Use sudo to run the cluster installation script from a Versa Director running a Bionic image. |
66214 |
When you access the Analytics GUI through a Director node, the landing dashboard charts might shift from right to left. |
Known Issues in Release 21.2.2
Bug ID |
Summary |
---|---|
41534 |
Custom role creation view box and log filter drop box closes automatically if clicked outside of the box. |
42468 |
Search collection creation failure during installation if hostname is not bound to the IP on which Search node is listening (interconnect IP). Workaround is to use the Search node’s interconnect IP as the first IP in the /etc/hosts. |
42469 |
If an appliance is selected in map filter, to change the appliance name, it needs to be erased to choose another appliance name. |
42555 |
Standby Director not responding to REST API calls. We won’t be able to register Standby Director until a failover is performed |
46001 |
Maintaining Accounting records stopped working and it started working after auditd restart. |
54713 |
Secure access dashboard has “Users Map” which works only if Google map is selected as the map provider under Administrator> Settings> Display Settings>. Support for Open Street Map will be available in future releases. |
58931 |
Site tag feature in maps is only supported for Google maps |
59517 |
As part of Statistics Rollup Infrastructure changes for 21.2, post upgrade there will be a delay in populating historical firewall source and destination statistics reports on UI. There will be a daily cron job that takes care of migration of historical firewall source and destination data to new rollup infrastructure. There will be no impact to new data post upgrade. The historical data will be migrated over time. |
66214 |
Analytics GUI landing dashboard charts shifts from right to left in few scenarios when accessed through Director. |
Known Issues in Release 21.2.3
Bug ID | Summary |
---|---|
41534 |
Custom role creation view box and log filter drop box closes automatically if clicked outside of the box. |
42468 |
Search collection creation fails during installation if the hostname is not bound to the IP address on which Search node is listening (interconnect IP). As a workaround, list the Search node’s interconnect IP address as the first IP address in the /etc/hosts. |
42469 |
When you select an appliance in map filter, to rename the appliance name, you must first erase the existing appliance and then create an appliance that has a different name. |
42555 |
Standby Director not responding to REST API calls. The standby Director cannot register until a failover is performed. |
46001 |
Maintaining accounting records stops working, and it starts working again only after you restart auditd. |
54713 |
Secure access dashboard has Users Map, which works only if Google map is selected as the map provider under Administrator > Settings > Display Settings. |
58931 |
Site tag feature in maps is supported only for Google maps. |
59517 |
As part of the statistics rollup Infrastructure changes for Releases 21.2, after the upgrade there is delay in populating historical firewall source and destination statistics reports on UI. A daily cron job takes care of migrating historical firewall source and destination data to the new rollup infrastructure. After the upgrade, there is no impact to new data. Historical data is migrated over time. |
66214 |
Analytics GUI landing dashboard charts shift from right to left in few scenarios when accessed through Director. |
72972 |
Under Reporting, when Analytics loads a report for a tenant, when you click Save, a dialog displays with copy settings option where it displays a drop-down with the appliances for selected tenant. However, the list does not show the correct appliances for the selected tenants. The behavior is not seen during initial creation of the report. |
Request Technical Support
To request technical support, visit http://support.versa-networks.com. If you are contacting support for the first time, register and create an account. You can also send email to support@versa-networks.com or contact your Versa Networks sales account team.
Revision History
Revision 1—Release 21.2.1, March 19, 2021
Revision 2—Release 21.2.2, September 12, 2021
Revision 3—Release 21.2.3, August 2, 2022