1.5.10. Release 1.2.2-10

Release date: 20.12.2022

This are the development and documentation release notes for version 1.2.2-10.

1.5.10.1. Development

The new development changes in this release are the following:

1.5.10.1.1. ON Core

  • New documentation linked to the administrator portal. Due to a new documentation structure, all the links from the administrator portal have been modified to point to the corresponding section of the documentation.

  • Removed the MAC field in the opennac-macport.log logs. In the /var/log/opennac/opennac-macport.log log, the MAC field has been removed as it was empty.

  • New informational message for the use of variables when creating policies. When configuring the Custom params and the Extra Radius params in a policy in ON NAC -> Policies, the following information message appears:

    The variables are obtained from the session and must be used in the format %VARS%. Variables must be written in uppercase. Example of variables: MAC, IP, VLAN, USERID, DATE, SWITCHIP.

  • The main dashboard has been modified so that only 30 days are displayed. The main dashboard that opens when accessing the administration portal now shows information only for the last 30 days.

  • Default OSQuery to retrieve ARP. New ARP entity to be able to obtain information on the ARP events obtained by the multiplatform agent.

  • The Extra Radius params and Security profiles are used to determine whether to toggle on a false retest. When an event checks if a retest is needed, it also checks if a retest should be tested by a toggle disconnect. Now the current VLAN ID is compared with a false VLAN ID evaluation result. In some cases, the security profile and radio parameters should also be checked if VLAN ID is the same, since those parameters need a toggle disconnect to apply a new polarity.

  • Database replication script improvements. Modifications and improvements at the performance level of the database replication script in /usr/share/opennac/utils/scripts/db_replication.sh.

  • Creating Custom params with the same name is no longer allowed. Creating custom params from now on prevents the user from creating two parameters with the same name, regardless of limits.

    An example is the variable “hostname”; if created, the variables “hostName” or “HOSTNAME” should not be allowed.

  • Improvements in the healthcheck. The healthcheck.php script has been modified to avoid some errors that it showed. Note that now the output returns it as an array.

  • The Nxlog-ce packages have been updated to the last version. Nxlog-ce version 2.11.2190 has been upgraded to version 3.1.2319. A script to install it has also been added to /usr/share/opennac/utils/nxlog/install_nxlog.sh

  • New API call to get the core version. Added a new API call that returns the core version. The call is as follows:

https://{core_ip_or_domain}/api/info

1.5.10.1.2. ON Analytics

  • Network devices events recollection through syslog. A new logstash pipeline has been added that allows collecting all event logs from network devices and storing them in a new Elasticsearch index called external_syslog-*. A new dashboard has been created to visualize this index located in Analytics -> Use Cases -> Network Devices syslog.

  • The number of file descriptors opened by Elasticsearch has been increased. The Elasticsearch service allows having 131070 file descriptors open simultaneously. The LimitNOFILE variable has been set in the /etc/systemd/system/multi-user.target.wants/elasticsearch.service file.

  • The MACs column has been removed from the Network Device Compliance dashboard. In the Analytics -> Use Cases -> Network Device Compliance dashboard, the MACs column has been deleted from the table because it never appeared in the captured logs.

  • Modifying elasticsearch values. Changed the number of indices.query.bool.max_clause_count has been increased to 4096. This value refers to the maximum number of clauses that a Lucene BooleanQuery can contain. The value of index.maping.total_fields.limit has also been changed to 4000. This value refers to the maximum number of fields in an index.

  • Changes in ipv6 and ARP logs in the bro index. The ip_version named field will indicate whether you are using ipv4 or ipv6. There is a conditional that can be set in /etc/default/opennac that can enable or disable ipv6. The variable to configure is called BRO_IPV6. In /etc/default/opennac there is another variable called ARP_COMPLETE_LOGS that will turn logging for ARP::Unsolicited_Reply and ARP::Cache_Inconsistency on or off. If we are in a large environment, the number of records increases with this option enabled.

  • Geolocation has been enabled in the opennac-* and opennac_ud indices. In the opennac-* and opennac_ud indexes, geolocation has been activated for public IPs.

1.5.10.1.3. Captive Portal

  • New option to change the language in the workflows. In ON Captive -> Captive workflows, the option to configure the workflow in several languages called Available languages has been added. The workflows contain a new translations section where you can put the manual translation of the description and the name of said workflow in the different selected languages.

  • New option to change the language in the captive instance. In ON Captive -> Captive instances there is an option called Enable language selector that allows you to show and hide the different possible languages in the captive portal through a selector in the upper right corner.

  • New option to change the language in the subjects of the emails. In ON Captive -> Captive workflows, in the new translations section, it is also possible to translate all the variables related to emails, both by identification themes and by notification themes.

  • Added the username in the information poleval. Running an INFO poleval after completing a webauth registered users”* workflow adds the user entered in the credentials to the poleval.

  • The ONC_WEBAUTH_DENIED tag is added if the captive portal ends up on a non-serving VLAN. The ONC_WEBAUTH_APPROVED tag is always added to the User Device, as well as ONC_TIMEOUT_WEBAUTH_.*, CWT_… and others. This causes the analytics to be unable to detect which users have not successfully terminated the workflow because there is no difference between users ending up on a SERVICE or QUARANTINE VLAN. These tags should not be stored on users if they don’t have network access (because the tag name indicates otherwise if they don’t have access). The ONC_WEBAUTH_DENIED tag has been implemented to solve this.

1.5.10.1.4. Agent

  • Improvements in ON Agent stability.

1.5.10.2. Documentation

The new documentation changes in this release are the following:

1.5.10.2.1. General

  • Third party integration: Sending logs to Siem. Two types: via syslog and via nxlog.

  • Steps to facilitate the user configuration of each use case. In every use case, the are the steps to follow in order and the optional steps.

  • Replace ELK images to new version. Previously, the ELK version was 7.2.0, now, the version is 7.17.6. The kibana frontend has been changed so all the images of kibana has been changed.

  • A redirect to the documentation principal page has been added when a path does not exist.

  • Permit to report a comment with the feedback to Google Analytics.

  • New use case: Captive Portal with Microsoft 365 Authentication.

  • Cisco WLC Controller Configuration for Captive Portal Use Case using: MAB && CoA Technology

  • Cisco WLC Controller Configuration for Captive Portal Use Case using: POST + 802.1x User

  • Process for upgrading php to 7.4.

  • Explanation of /etc/default/opennac for logstash.

  • ManageTagSync plugin.

1.5.10.2.2. Development Issues documented

1.5.10.2.2.1. ON Core

  • Removed the MAC field in the opennac-macport.log logs.

  • New informational message for the use of variables when creating policies.

  • The main dashboard has been modified so that only 30 days are displayed.

1.5.10.2.2.2. ON Analytics

  • Event monitoring of network devices through syslog.

  • The MACs column has been removed from the Network Device Compliance dashboard

  • Changes in ipv6 and ARP logs in the bro-* index.

1.5.10.2.2.3. Captive Portal

  • New option to change the language in the workflows.

  • New option to change the language in the captive instance.

  • New option to change the language in the subjects of the emails.