sFlowTrend release notes
Released 22-Feb-2017The main focus of this release is to provide visibility into tunneled traffic by adding support for the decode and analysis of encapsulated packets.
- Added decode and analysis of IEEE 802.1ah (PBB/MAC-in-MAC) traffic. For example you can create a Report using Advanced settings or a Network > Top N custom chart by selecting IEEE 802.1ah related key fields listed in the help. The sFlowTrend tips and tricks blog gives an example of PBB analysis.
- Added decode and analysis of L3/4 tunneled traffic (Geneve, GRE, NVGRE, VXLAN). This includes analysis of the fields in encapsulated packets. For example you can create a Report using Advanced settings or a Network > Top N custom chart by selecting layer 3/4 encapsulations related key fields listed in the help. The sFlowTrend tips and tricks blog gives an example of VXLAN analysis.
- Added additional IEEE 802.1ad (Q-in-Q) VLAN fields (vlanstack, cVLAN, sVLAN, cPriority, sPriority).
- Improved responsiveness of web client when removing agents.
- Increased the default memory for Linux, MacOS, and Windows 64 bit installations. Decreased the default memory for Windows 32 bit installations.
- Corrected a problem with the Linux packages, which could cause a crash when installing.
- Network > Circles tab
- When clustering by switch, switches are labelled using the switch naming policy configured in user preferences.
- Added background shading to clusters (web client).
- Added an option to allow a user to remain logged in when the connection to the sFlowTrend server is lost or when the browser is closed and restarted.
- Converted XML configuration files to JSON format.
- Updated Japanese localisation.
- The installer will not allow you to choose the same directory for the sFlowTrend home directory and the installation directory. If you have previously used the same directory for the home directory and the installation directory, you will need to change one of the directories when you upgrade to this version.
- Official release of the sFlowTrend web client. The web client is now the recommended client and the Java client is deprecated.
- The following changes were made to the web client:
- Added context sensitive, local help.
- Added the ability to import and export report definitions.
- Changes to allow the web client to work properly via a reverse proxy.
- Improved web client behaviour after client system sleep.
- Improved reporting of low memory conditions.
- Various bug fixes.
- Added Reports tab in the web client. This tab provides the same reporting functionality as the Java client.
- Improved the Root cause analysis in the web client. This includes the ability to drilldown to break out top contributors in more detail.
- Added Don't tell me again option to new releases notification dialog.
- Apple Mac installer is now signed with an official Apple certificate.
- Various other bug fixes.
- Corrected a potential corruption of a database file used to store data for switch interfaces, including configured thresholds. The effect of this problem is loss of configured thresholds.
- Added a Root cause analysis tab under the Network tab in the web client. This tab identifies the major contributors (source and destination subnets, addresses, and ports) to the network traffic.
- Removed sFlowTrend server system default proxy configuration for Linux (some Linux installations do not have a system default proxy, which causes JVM stability problems). If a proxy is required, use the manual configuration option.
- sFlowTrend is now installed using a traditional installer (installation using Java Web Start has been discontinued).
- Java 7.0 or later is now required.
- Added web client (see Introducing sFlowTrend-Pro v6.0 web client).
- Added support for client/server communication over SSL.
- Fixed bug with decode of IPv6 packets with nextHeader=59 (no next header).
- The Java Web Start client is now deprecated and will be removed in the next release.
- With the introduction of the web client, the Java Web Start installation of sFlowTrend (free) will be deprecated and replaced with a traditional installer in the next release.
- Removed the client webserver.
- Updated the GeoIP country database, and added IPv6 address to country resolution.
- Corrected a problem where actions on threshold events of severity level Severe would fire, even if the event was not Severe.
- Improved the robustness of determining the local hostname for situations where the host is not available in DNS
- Improved the robustness of the sFlow decoder, to allow additional sFlow fields at the end of a record.
- Corrected a bug which could cause a crash if a switch has a vertical bar character in the ifName or ifAlias of an interface.
- Further updates for the latest version of Java Web Start.
- Minor updates to allow operation with latest version of Java Web Start.
- Fixed a problem with installing the license in a new installation of sFlowTrend-Pro.
- Improved the performance of the Thresholds tab.
- Added the ability to view traffic flows by BGP attributes (for example top BGP AS paths) by including decode and analysis of the sFlow extended gateway structure exported by some sFlow enabled BGP routers.
- Fixed a problem, introduced in v5.1.02, which prevented actions on events from working.
- Removed delay when connecting from sFlowTrend-Pro client to sFlowTrend-Pro server.
- Various minor bug fixes.
- Added ifName and ifAlias to actions on threshold events. For example, emailed interface threshold events now show the interface using the ifIndex, ifName and ifAlias.
- Reduced the number of events warning of low memory on large memory systems.
- Improved handling of situations where access to configuration files (eg bookmarks, custom top n) is denied.
- Improved accuracy of scaling of sFlow data in corner case conditions.
- Various bug fixes.
Released 05-Dec-2012This release of sFlowTrend includes the following features:
- A new custom top-n view, which works like the standard top-n (eg top sources), but allows you to customise the fields that are included in the query. This is useful if you have specific needs for finding traffic, or need to select fields that are not included in the standard views.
- Added support for extended tunnel information, which will work with sFlow sources that support it - for example, the sFlow extension for Microsoft Windows 2012 Hyper-V.
- Added Japanese localisation for features added in v5.0.
- Improved robustness of license management
- Various bug fixes and minor enhancements.
Released 05-Oct-2012This is a major new release of sFlowTrend which includes the following features:
- Support for sFlow for HTTP. The new Services tab displays HTTP performance data providing visibility into the behaviour and usage of web servers including top virtual hosts, URIs, user agents. The Reports tab has also been enhanced to allow reporting on HTTP performance.
- Restructured user interface:
- Rearranged the tabs so that network related data are now accessed from sub-tabs under the new Network tab. The Charts tab has been divided into two new sub-tabs: Counters and Top N. The Wireless charts are now included in the Counters and Top N sub-tabs.
- sFlowTrend now uses the native system look and feel by default. If you prefer to use the old or Nimbus cross-platform look and feel, please see the sFlowTrend Help
- The database functions wifiCiperSuiteFormatted, wifiCipherSuiteName, and wifiVersionName have been removed. Any reports using these functions should be edited to use the new database key fields for flows: wifiCipherFormatted, wifiCipherName, wifiVersion respecitively. See the sFlowTrend Help. With this change, it is now possible to filter on these attributes.
- Various bug fixes and minor enhancements.
- Provided Mac OS X installer for sFlowTrend-Pro service and client
- Corrected an issue introduced in version 4.4.02, where very large and erroneous traffic spikes could occasionally be seen with certain sFlow implementations.
- Fixed several minor bugs with SNMP introduced in the previous release.
- Updated certificates used for signing sFlowTrend code, to avoid a certificate expiry issue.
- Changes to the SNMP library to improve robustness. Also added support for AES encryption for SNMPv3 privacy.
- For a virtual switch, added the ability to label an interface with the name of an attached virtual machine.
- Added event features. sFlowTrend now raises events when traffic levels cross defined thresholds and when various conditions in the operation of sFlowTrend are detected. Events are displayed in the Events Tab. In addition it is possible to configure notification of events via Email or syslog. For more details, see the sFlowTrend Help
- Fixed bug that caused sFlowTrend to stop receiving sFlow from switches that were configured using SNMP, to send sFlow.
- Corrected bug associated with including "/" in a subnet name.
- Fixed bugs with SNMP v3 which affected configuration of sFlow via SNMP.
- Fixed bug where charts and queries would fail when using Custom time periods of a month or more.
- Fixed bug when changing Options, if the user did not have admin permission.
- Fixed problem with filter generated when clicking on legend items in Top wireless versions, Top SSIDs, and Top channels charts
- Corrected problem with deleting agents.
- Updated the host look up RADB URL.
- Updated Japanese localisation bundle.
- Corrected an issue where the history back and forward menu items may not have worked correctly.
- Corrected a problem with reports, where it was possible to construct a query with inconsistent settings, which would then cause the query to fail.
- Several other minor bugs fixed, most of which would not be visible to users.
- Added the ability to bookmark favourite tabs and their settings so that you can easily return to the same tab, configured with settings, at a later time.
- Added support for importing and exporting reports.
- Improved the formatting and presentation of reports.
- Various bug fixes and minor enhancements
- Added Japanese localisation.
- Added support for Host sFlow, including a new Host statistics tab. The Host statistics tab displays host performance metrics in tabular format and charts which trend performance metrics for hosts.
- sFlowTrend (free) now allows data collection from a maximum of 5 switch or host sFlow agents.
- Improved the host information lookup to display the end host location using the switch and interface naming conventions configured in Options.
- Improved the behaviour of the time selector, including fixing a bug so that the end time cannot be before the start time.
- Improved the function editor in Reports.
- Provided additional downloads for sFlowTrend-Pro (client/server):
- Installer for 64-bit Windows with 64-bit JREs (for 64-bit Windows with 32-bit JREs, use the regular Windows installer)
- RPM package
- .deb file (for Debian-based distributions)
Released 29-Apr-2010This release of sFlowTrend includes the following enhancements:
- Host location (switch port connecting the host to the network).
- Host information (MAC, MAC vendor, IP, country location).
- New clustering options for the Circles charts (country and switch).
- Added Japanese localisation.
- Fixed problem with downloading CSV data from tables in reports.
Released 05-Dec-2009This is a major new release of sFlowTrend, which includes these enhancements:
- A reporting package. Reports can be created, run, and results viewed in sFlowTrend, and via a browser, or as a PDF. The raw data from a report is accessible.
- A new Circles chart, which helps visualize flow of traffic between subnets.
- Many other bug fixes, and performance and feature enhancements.
- Fixed problems that prevented non-global SNMP settings to be configured for switches which had initially been conconfigured to use global SNMP settings.
- Fixed bug in decoding of exported 802.11 packet headers.
- Fixed bug with interpreting strings in sFlow extended fields.
- Corrected a problem in handling multi-byte characters when communicating between the client and server.
- Fixed a defect where a chart would not be updated at the end of the day, when viewing data for "today".
- Corrected an issue where, if the default duration of data retained is increased beyond a certain amount, then no data beyond the current hour would be retained.
- Corrected a problem which meant that if the sFlow port to use was changed, the service or application would need to be restarted to resume data collection.
- Added the ability to show traffic trend charts for all switches, or all wireless access points. This applies to sFlowTrend-Pro only.
- Global SNMP settings can be defined. If the global SNMP settings are changed, the new settings will be changed for all switches that use the global settings.
- Added support for SNMPv3.
- SNMP data from the ifTable and sFlow MIB is automatically refreshed periodically.
- Released sFlowTrend-Pro service for Linux.
- Added support for running sFlowTrend behind a web proxy server. If running sFlowTrend as an application,the proxy can be configured in Tools>Options>Advanced. If running sFlowTrend-Pro as a service, the proxy for the server is configured during installation of the server, and the client is configured through Tools>Options>Advanced.
This is a major release of sFlowTrend, introducing the option of running sFlowTrend-Pro as a service. When running sFlowTrend-Pro as a service, the server runs continually in the background and the sFlowTrend-Pro local or remote client is used as the GUI to access the collected data.
The free version of sFlowTrend can be only be run as an application.
Other new features in sFlowTrend v3.0 include:
- User access control.
- History navigator that allows you to move backwards and forwards through recently viewed screens, in a similar way to a browser's history navigator.
- Introduced support for sFlow for wireless.
- Resolved an issue where multicast or broadcast traffic discarded by a switch or router could cause sFlowTrend to stop receiving further samples.
- Resolved an issue with determing correct link speed with higher rate links. This could have impacted enabling of sFlow through SNMP on these links, as well as reporting the speed incorrectly.
- Release of sFlowTrend v2.0.
- Added on-line help.
- Fixed an issue with enabling sFlow through SNMP on certain switches.
- Fixed an issue where the built-in web server did not work correctly.
- Improved the charting for flows that are routed across a switch being monitored.
- Resolved an issue where the 'all interfaces' view displayed no data on some manufacturer's switches.
- The Thresholds tab now includes automatic root cause analysis of threshold. This helps you to quickly determine the cause of unusual network traffic patterns.
- The Chart tab includes a progress indicator when a new chart is loaded or a chart is updated. This indicator allows the loading of a chart to be cancelled.
- Switches can now be enabled and disabled from the control bar in the Chart and tab.
- Resolved a problem with ethertype being set incorrectly in layer 2 flows.
- Resolved a problem with the incorrect scale factor being used for frames/s charts for interval sizes > 1 minute.
- Legend items in top n charts are now clickable, allowing drilldown on selected addresses and ports etc.
- The legend in the Counters chart is now selectable. Clicking on a legend entry causes only that statistic to be displayed.
- Drill-down from the dashboard and thresholds now selects the appropriate statistics in the Counters chart.
- IP addresses for sources and destinations shown in charts can be optionally resolved back to hostnames. If this causes excessive delay in creating a chart, the feature can be turned off using Tools > Options > Advanced: "Resolve IP addresses to hostnames in charts".
- The currently selected time in all charts is now retained when creating a new chart.
- Corrected an issue where the first switch to be added would not be enabled correctly through SNMP.
This is a major new release of sFlowTrend, incorporating several new features:
- A new dashboard, which allow you to find quickly to top contributors to network traffic or errors, and drill down to the relevant chart.
- Configurable thresholds, which help you find network problems quickly by specifying custom bounds for network performance per interface. The top-level threshold status is also shown on the dashboard.
- A threshold tab, which allows you to view and configure the thresholds for any interface.
- Also incldued are many internal enhancements, particularly for performance and memory utilization.
- An integration interface is offered, to allow custom integration between sFlowTrend and other applications, such as switch device managers. sFlowTrend can be controlled by a web interface, available at http://localhost:8087. Please see Integrating sFlowTrend-Pro with other applications for more details.
- Additional charts are now available:
- Top source VLANs.
- Top destination VLANs.
- Top inter-VLAN pairs.
- Improved startup performance.
- Resolved a minor problem with IPv6 protocol decodes.
- Several new charts are now available, including three which are security
oriented. The new charts are:
- Top source-destination pairs (top communicating source address/destination address pairs).
- Top connections (similar to top source-destination flows, but includes both directions of a connection).
- Top servers.
- Top clients.
- Top protocols.
- Most connected sources (top sources by the number of destinations connected to. This is a security oriented chart, also refered to as 'fan-out', and can be used to find hosts exhibiting scanning behaviour).
- Most connected destinations (top destinations by the number of sources that have connected. This is a security oriented chart, also refered to as 'fan-in', and can be used to find hosts that might be victims of distributed denial-of-service attacks).
- Most popular protocols (top destination protocols by number of source-destination pairs. This is a security oriented chart, which can be used to find quickly protocols that are suspected of being used in scanning behaviour).
- Charts can now be generated for all the interfaces on a switch, as well as specific interfaces. Select 'all' in the interface list for this.
- Activity 'LED', which shows incoming sFlow samples by flashing. This quickly indicates if sFlow is being received by sFlowTrend. If the LED is not flashing, then a firewall might be blocking the sFlow port (UDP:6343).
- Hovering the mouse over the activity LED shows the current incoming sample rate.
- Improved handling of multicast traffic.
- Improved accuracy of charts.
- Resolved an issue where IPv6 addresses were not processed correctly.
- Performance and memory usage enhancements.
- Initial release