Page tree
Skip to end of metadata
Go to start of metadata

All updates for Lumeta 3.3.1

KeySummaryDescription
PO-8260A second attempt to upgrade from 3.2.7 to 3.3 does not exit the upgrade properlyA customer had a failure when starting webapp after upgrading from 3.2.7 to 3.3. They attempted the upgrade again and it didn't exit after detecting it wasn't a valid upgrade. It caused issues with file missing in /var/log/performance-data. It should exit immediately after it knows it is an invalid upgrade.

Here are the messages in the log.

Successfully upgraded from 3.2.7.10623 to 3.3.0.11410 at Mon May 21 16:18:57 EDT 2018, hash 528519886346426575590b8890960dead54b607d201722cb93a9a58a93ac06989b1398ec85755287b3d88184d6a5f426057755d2d8ae8689a675155fc913a20e.
Mon May 21 16:18:57 EDT 2018
Done.
Mon May 21 17:06:24 EDT 2018
ERROR: Can only upgrade from 3.2.7 Version is 3.3.0.11410. Exiting upgrade.
rebooting in 30 seconds
Beginning upgrade from 3.3.0.11410 to 3.3.0.11410 at Mon May 21 17:06:54 EDT 2018, hash 528519886346426575590b8890960dead54b607d201722cb93a9a58a93ac06989b1398ec85755287b3d88184d6a5f426057755d2d8ae8689a675155fc913a20e.
Mon May 21 17:06:54 EDT 2018
Saving important files to restore later
Saving file /usr/local/lumeta/discovery-agent/discovery-agent.properties
Saving file /etc/sysconfig/iptables
Saving file /etc/httpd/modsecurity.d/whitelist.conf
Saving file /etc/pam.d/login
Saving file /etc/pam.d/login.observer
Saving file /etc/pam.d/sshd.observer
Saving directory tree /etc/snmp :
tar: Removing leading `/' from member names
/etc/snmp/
/etc/snmp/snmpd.conf
/etc/snmp/snmptrapd.conf
Saving directory tree /var/lib/net-snmp :
tar: Removing leading `/' from member names
/var/lib/net-snmp/
saving /var/log/performance-data/java.txt to /var/log/performance-data/java.txt-OLD_FORMAT
saving /var/log/performance-data/zonePublishingIn.txt to /var/log/performance-data/zonePublishingIn.txt-OLD_FORMAT
saving /var/log/performance-data/zonePublishingOut.txt to /var/log/performance-data/zonePublishingOut.txt-OLD_FORMAT
Mon May 21 17:06:55 EDT 2018
Cleaning up yum DBs
Mon May 21 17:06:55 EDT 2018
Loaded plugins: fastestmirror, tmprepo
Cleaning repos: lmbase lmupdates base extras lmextra local lumeta updates
Cleaning up Everything
Cleaning up list of fastest mirrors
Mon May 21 17:07:00 EDT 2018
Use of uninitialized value in string ne at ./patterns line 42.
Use of uninitialized value in concatenation (.) or string at ./patterns line 42.
Use of uninitialized value in concatenation (.) or string at ./patterns line 42.
:
Mon May 21 17:07:01 EDT 2018
Stopping x15-server:
instrumentation: unrecognized service
Stopping Lumeta Discovery Agent. [ OK ]
Stopping Lumeta Discovery Agent - File Monitor.[ OK ]
Mon May 21 17:07:07 EDT 2018
Updating packages...
Mon May 21 17:07:07 EDT 2018
error: package apr-util-ldap is not installed
error: package httpd is not installed
error: package httpd-tools is not installed
error: package instrumentation is not installed
error: package mod_ssl is not installed
error: package php is not installed
error: package php-cli is not installed
error: package php-common is not installed
Mon May 21 17:07:07 EDT 2018
Loaded plugins: fastestmirror, tmprepo
Setting up Group Process
Determining fastest mirrors
Package kernel-2.6.32-696.20.1.el6.x86_64 already installed and latest version
Package x15-tools-4.2.0-1.x86_64 already installed and latest version
Package esi-release-3.3.0-11410.24.x86_64 already installed and latest version
Package lumeta-pam-3.3.0-9852.x86_64 already installed and latest version
Package lumeta-diagnostics-3.3.0-11180.x86_64 already installed and latest version
Package lumeta-lib-3.3.0-11177.x86_64 already installed and latest version
Package x15-backend-3.3.0-10885.x86_64 already installed and latest version
Package postgresql-libs-8.4.20-8.el6_9.x86_64 already installed and latest version
Package lumeta-api-3.3.0-11409.x86_64 already installed and latest version
Package lumeta-console-3.3.0-11289.x86_64 already installed and latest version
Package perf-2.6.32-696.20.1.el6.x86_64 already installed and latest version
Package postgresql96-libs-9.6.6-5PGDG.rhel6.x86_64 already installed and latest version
Package lumeta-cisco-ise-pxgrid-3.3.0-10752.x86_64 already installed and latest version
Package lumeta-webapp-3.3.0-11147.x86_64 already installed and latest version
Package lumeta-jaas-3.3.0-9852.x86_64 already installed and latest version
Package libcgroup-0.40.rc1-24.el6_9.x86_64 already installed and latest version
Package rawio-3.3.0-8288.x86_64 already installed and latest version
Package lumeta-tfa-3.3.0-10659.x86_64 already installed and latest version
Package postgresql96-server-9.6.6-5PGDG.rhel6.x86_64 already installed and latest version
Package lumeta-dxl-3.3.0-10781.x86_64 already installed and latest version
Package x15-flume-ng-plugin-4.2.0-1.x86_64 already installed and latest version
Package x15-clusteradmin-4.2.0-1.x86_64 already installed and latest version
Package mod_security-2.9.2-3.x86_64 already installed and latest version
Package lumeta-visio-3.3.0-11410.x86_64 already installed and latest version
Package postgresql96-9.6.6-5PGDG.rhel6.x86_64 already installed and latest version
Package kernel-firmware-2.6.32-696.20.1.el6.noarch already installed and latest version
Package jre1.8-1.8.0_161-fcs.x86_64 already installed and latest version
Package lumeta-ips-import-3.3.0-6550.x86_64 already installed and latest version
Package kernel-headers-2.6.32-696.20.1.el6.x86_64 already installed and latest version
Package 12:dhclient-4.1.1-53.P1.el6.centos.3.x86_64 already installed and latest version
Package lumeta-discovery-agent-3.3.0-11160.x86_64 already installed and latest version
Package ip4r96-2.2-1.rhel6.x86_64 already installed and latest version
Package postgresql96-contrib-9.6.6-5PGDG.rhel6.x86_64 already installed and latest version
Package 12:dhcp-common-4.1.1-53.P1.el6.centos.3.x86_64 already installed and latest version
Package krb5-libs-1.10.3-65.el6.x86_64 already installed and latest version
Package lumeta-api-client-3.3.0-10821.x86_64 already installed and latest version
Package lumeta-ui-3.3.0-11371.x86_64 already installed and latest version
Package lumeta-ireg-3.3.0-6550.x86_64 already installed and latest version
Package lumeta-tools-3.3.0-10695.x86_64 already installed and latest version
Package logbase-ui-3.3.0-8462.x86_64 already installed and latest version
Package x15-server-4.2.0-1.x86_64 already installed and latest version
Package lumeta-install-3.3.0-11367.x86_64 already installed and latest version
Warning: Group esi_updates does not have any packages.
Package lumeta-diagnostics-3.3.0-11180.x86_64 already installed and latest version
Package lumeta-console-3.3.0-11289.x86_64 already installed and latest version
Package x15-clusteradmin-4.2.0-1.x86_64 already installed and latest version
Package lumeta-discovery-agent-3.3.0-11160.x86_64 already installed and latest version
Package lumeta-install-3.3.0-11367.x86_64 already installed and latest version
Package x15-tools-4.2.0-1.x86_64 already installed and latest version
Package lumeta-cisco-ise-pxgrid-3.3.0-10752.x86_64 already installed and latest version
Package lumeta-api-client-3.3.0-10821.x86_64 already installed and latest version
Package lumeta-ui-3.3.0-11371.x86_64 already installed and latest version
Package lumeta-ireg-3.3.0-6550.x86_64 already installed and latest version
Package esi-release-3.3.0-11410.24.x86_64 already installed and latest version
Package lumeta-pam-3.3.0-9852.x86_64 already installed and latest version
Package logbase-ui-3.3.0-8462.x86_64 already installed and latest version
Package lumeta-api-3.3.0-11409.x86_64 already installed and latest version
Package x15-server-4.2.0-1.x86_64 already installed and latest version
Package lumeta-lib-3.3.0-11177.x86_64 already installed and latest version
Package x15-flume-ng-plugin-4.2.0-1.x86_64 already installed and latest version
Warning: Group lumeta_updates does not have any packages.
No packages in any requested group available to install or update
Mon May 21 17:07:08 EDT 2018
Loaded plugins: fastestmirror, tmprepo
Setting up Install Process
Examining RPMS/cryptsetup-luks-1.2.0-11.el6.x86_64.rpm: cryptsetup-luks-1.2.0-11.el6.x86_64
RPMS/cryptsetup-luks-1.2.0-11.el6.x86_64.rpm: does not update installed package.
Examining RPMS/cryptsetup-luks-libs-1.2.0-11.el6.x86_64.rpm: cryptsetup-luks-libs-1.2.0-11.el6.x86_64
RPMS/cryptsetup-luks-libs-1.2.0-11.el6.x86_64.rpm: does not update installed package.
Examining RPMS/cyrus-sasl-2.1.23-15.el6_6.2.x86_64.rpm: cyrus-sasl-2.1.23-15.el6_6.2.x86_64
RPMS/cyrus-sasl-2.1.23-15.el6_6.2.x86_64.rpm: does not update installed package.
Examining RPMS/expat-devel-2.0.1-13.el6_8.x86_64.rpm: expat-devel-2.0.1-13.el6_8.x86_64
RPMS/expat-devel-2.0.1-13.el6_8.x86_64.rpm: does not update installed package.
Examining RPMS/keyutils-libs-devel-1.4-5.el6.x86_64.rpm: keyutils-libs-devel-1.4-5.el6.x86_64
RPMS/keyutils-libs-devel-1.4-5.el6.x86_64.rpm: does not update installed package.
Examining RPMS/krb5-devel-1.10.3-65.el6.x86_64.rpm: krb5-devel-1.10.3-65.el6.x86_64
RPMS/krb5-devel-1.10.3-65.el6.x86_64.rpm: does not update installed package.
Examining RPMS/libcom_err-devel-1.41.12-22.el6.x86_64.rpm: libcom_err-devel-1.41.12-22.el6.x86_64
RPMS/libcom_err-devel-1.41.12-22.el6.x86_64.rpm: does not update installed package.
Examining RPMS/libkadm5-1.10.3-65.el6.x86_64.rpm: libkadm5-1.10.3-65.el6.x86_64
RPMS/libkadm5-1.10.3-65.el6.x86_64.rpm: does not update installed package.
Examining RPMS/libselinux-devel-2.0.94-7.el6.x86_64.rpm: libselinux-devel-2.0.94-7.el6.x86_64
RPMS/libselinux-devel-2.0.94-7.el6.x86_64.rpm: does not update installed package.
Examining RPMS/libsepol-devel-2.0.41-4.el6.x86_64.rpm: libsepol-devel-2.0.41-4.el6.x86_64
RPMS/libsepol-devel-2.0.41-4.el6.x86_64.rpm: does not update installed package.
Examining RPMS/microcode_ctl-1.17-25.4.el6_9.x86_64.rpm: 1:microcode_ctl-1.17-25.4.el6_9.x86_64
RPMS/microcode_ctl-1.17-25.4.el6_9.x86_64.rpm: does not update installed package.
Examining RPMS/mysql-libs-5.1.73-8.el6_8.x86_64.rpm: mysql-libs-5.1.73-8.el6_8.x86_64
RPMS/mysql-libs-5.1.73-8.el6_8.x86_64.rpm: does not update installed package.
Examining RPMS/php54-2.0-1.el6.x86_64.rpm: php54-2.0-1.el6.x86_64
RPMS/php54-2.0-1.el6.x86_64.rpm: does not update installed package.
Examining RPMS/php54-php-cli-5.4.40-4.el6.x86_64.rpm: php54-php-cli-5.4.40-4.el6.x86_64
RPMS/php54-php-cli-5.4.40-4.el6.x86_64.rpm: does not update installed package.
Examining RPMS/php54-php-common-5.4.40-4.el6.x86_64.rpm: php54-php-common-5.4.40-4.el6.x86_64
RPMS/php54-php-common-5.4.40-4.el6.x86_64.rpm: does not update installed package.
Examining RPMS/php54-php-pear-1.9.4-10.sc1.el6.noarch.rpm: 1:php54-php-pear-1.9.4-10.sc1.el6.noarch
RPMS/php54-php-pear-1.9.4-10.sc1.el6.noarch.rpm: does not update installed package.
Examining RPMS/php54-php-process-5.4.40-4.el6.x86_64.rpm: php54-php-process-5.4.40-4.el6.x86_64
RPMS/php54-php-process-5.4.40-4.el6.x86_64.rpm: does not update installed package.
Examining RPMS/php54-php-xml-5.4.40-4.el6.x86_64.rpm: php54-php-xml-5.4.40-4.el6.x86_64
RPMS/php54-php-xml-5.4.40-4.el6.x86_64.rpm: does not update installed package.
Examining RPMS/php54-runtime-2.0-1.el6.x86_64.rpm: php54-runtime-2.0-1.el6.x86_64
RPMS/php54-runtime-2.0-1.el6.x86_64.rpm: does not update installed package.
Examining RPMS/postfix-2.6.6-8.el6.x86_64.rpm: 2:postfix-2.6.6-8.el6.x86_64
RPMS/postfix-2.6.6-8.el6.x86_64.rpm: does not update installed package.
Error: Nothing to do
Mon May 21 17:07:08 EDT 2018
Preparing... ##################################################
x15-migration-scripts ##################################################
Mon May 21 17:07:10 EDT 2018
Upgrading postgres with pg_upgrade
Mon May 21 17:07:10 EDT 2018
Mon May 21 17:07:10 EDT 2018
grep: /var/lib/pgsql/9.4/data/postgresql.conf: No such file or directory
grep: /var/lib/pgsql/9.4/data/postgresql.conf: No such file or directory
Mon May 21 17:07:10 EDT 2018
Stopping postgres.
PO-8231 Edit- Real Time Notifications should validate the email address before saving Real Time Notifications:

Device Notifications==> Edit.
There is no validation for recipient field.
For example : I Edited the recipient field with invalid email address say "test" and clicked on save changes. It silently updated the record with the new details and no warning messages is displayed.
PO-8222 With PKI Enabled a login screen is still displayed On 3.2.7 if you had PKI enabled but no certificates or CAC card not connected you would receive a screen "You are accessing a restricted resource. Please contact your system administrator if you have any questions or encounter any problems." This worked according to the requirements. If PKI is enabled you never see a login screen.
 
On 3.3 if PKI is enabled and there is no CAC Card connected or Certs installed you receive the login screen. If you try to login you get "Error invalid username or password" BUt still point is you receive a login screen.

If PKI is enabled a user should not receive a login screen. I know this is a bare bones test, but a user receives a login screen with PKI enabled.

If system requirements have changed please update JIRA pointing to the 3.3 system requirement spec on PKI
PO-8205 IPAddress (at least for IPv6) toString produces invalid addresses Attempting to add a valid IPv6 address can result in invalid output when sent back out to a string:

"1200:0000:ab00:1234:0000:2552:7777:1314" produces
"1200::ab00:1234::2552:7777:1314/128" which is invalid (can't have more than one set of double colons)

This is similar to but not the same as PO-8140

Assert.assertEquals(new IPAddress("1200:0000:ab00:1234:0000:2552:7777:1314").toCIDR(true), "1200::ab00:1234:0:2552:7777:1314/128");
PO-8203 CLI certificate commands still lack custom ports The commands to install a license, CA, server cert, user cert, crl and ssh cert are all missing the ability to specify a customer SSH port.

syntax should be:
certificate { ca | crl | Lumeta } install user@host:path/to/file [ port ]
certificate { user | ssh } install user@host:path/to/file [ port ] username
certificate server install user@host:path/to/file [ port ] friendlyName password
PO-8202 API call to configure email server should not permit non-superuser access It was found in PO-8198 that manager with viewer role could configure email server from link on Real-Time Notifications when email server isn't configured.
The link will be removed however the api should still prevent unauthorized use.
PO-8198 User with Manager /viewer role is able to access & configure 'email server configuration' via Real time Notifications and Schedule Report User with Manager /viewer role is able to access & configure 'email server configuration' via Real time Notifications

As per the ESI role matrix, manager cannot access / configure email server configuration, please confirm.

Since Real time Notifications is new feature in 3.3.1. email server configuration can be restricted from this page.

Screen shots attached.
PO-8197 Dashboard --> Most Recent Activities, Export to csv shows "failed - server problem", refresh widget shows "undefined" Dashboard --> Most Recent Activities, Export to csv shows "failed - server problem", refresh widget shows "undefined"

Upgraded to 3.3.1, Enabled full scan and clicked on Most Recent Activities dashboard, DB widgets loads continuously and after some time it throws udefined error, dev tools show error as "ERR_INCOMPLETE_CHUNKED_ENCODING", when widget is loaded completely exporting to csv throws failed - server problem,

CC: https://10.9.0.173
Note: Most Recent Activities records grid data is 1000+

Screen shots attached.
PO-8196 Portal GUI: Editing password of default admin is removing the Settings tab after relogin Test Steps:

1. Login to portal
2. Go to Settings==> Users ==> Edit password of default admin user
3. Logout and login with the new password.
4. Settings is not seen.

Also please test a change in the username since that too was causing the same issue .

ver 3.3.1.0 / build 11699

Thanks,
Usha
PO-8186 Real time notifications (Devices) , All notifications are not displayed until we refresh the Device notifications tab Real time notifications (Devices) , All notifications are not displayed until we refresh the Device notifications tab

Build Details - ver 3.3.1.0 / build 11675
Steps:
1. Created more than 10 device notifications which includes for default and newly created zones.
2.All the Devices notifications are displayed
3.Navigated to Notification Subscriptions page
4.Now clicked on Real Time Notifications
5.Only few device notifications are displayed (Around 3 records)
6.Clicked on device notifications tab, after the grid refresh all the records are displayed (More than 10)

Screen shots attached.
PO-8185 CC GUI: Non superuser not able to see Real Time Notifications tab from Settings==>Zone page Test Steps:

1.created a new user from admin with all permissions
2. login to that user
3. From Default Dasboards page ,click on Settings and in the dropdown we will see the real time notifications tab.
4. Now click on settings==> Zones
5. Now in the dropdown we will not see the real time notifications tab

Screenshots attached

Build Details - ver 3.3.1.0 / build 11675

Thanks,
Usha
PO-8183 zonedata/devices API call fails with detail.Profile (modsec) When I call the zonedata/devices API with details.Profile it gets denied by modsec

--ad7e4f71-H--
Message: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS_NAMES:detail.Profile. [file "/etc/httpd/crs/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "108"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS_NAMES:detail.Profile: detail.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 65.246.244.83] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS_NAMES:detail.Profile. [file "/etc/httpd/crs/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "108"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS_NAMES:detail.Profile: detail.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "6hour"] [uri "/api/rest/zonedata/devices"] [unique_id "WvhuT2WraWWRO2MROPY6wgAAAAQ"]
Action: Intercepted (phase 2)
Apache-Handler: proxy-server
Stopwatch: 1526230607304584 2274 (- - -)
Stopwatch2: 1526230607304584 2274; combined=1530, p1=658, p2=804, p3=0, p4=0, p5=67, sr=127, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.2; OWASP_CRS/3.0.2.
Server: Apache
Engine-Mode: "ENABLED"

--ad7e4f71-Z--
PO-8176 Dojo Dashboard Menu Different Than Angular Show nn the attached screen shots, Angular appears to not truncate the Dashboards drop down menu and use the window's scroll bar. Dojo does appear to truncate this menu and put a scroll bar inside the drop down.
PO-8173 Merge into trunk (as appropriate)
PO-8169 CC GUI: Banner with >5000 characters getting uploaded without any error but is not displayed when login In GUI,Banner file with more than 5000 characters is getting uploaded without throwing any error.
Enabling the banner and login back, displays the previous loaded banner only.

Whereas In CLI ,it displays an error msg
admin@QA-CC-TESTBOX> system banner file /home/admin/bannertest2.txt
Retrieving file...
File retrieved.
ERROR: Prelogin banner text must be less than or equal 5000 characters

It would be good if the same error msg is displayed in GUI as well.
PO-8168 Upgrade of Portal from 3.3 to 3.3.1 via GUI is doing nothing A box that was upgrade from 3.2.7 to 3.3 and then upgraded to 3.3.1 with
spectre_update-3.3.1-20180508.tgz does nothing after selecting the file and clicking "Lumeta Portal Upgrade"

There is no messages in any log files and the esi_upgrade.log is never updated.

This was also observed for an upgrade from netbooted 3.3 to 3.3.1
PO-8165 copy_zone_tables stored procedure fails if there are no zones function copy_zone_tables works only if there is at least one table. We discovered this while working on upgrade issue for Germany. At Germany customer upgrade, system contained only one zone which was alphanumeric. Zone was deleted as it contained a lot of orphan entries in interface_host for devices that did not exist in device table. After that, when webapp was restarted and database_update_60 was run, it called for copy_zone_tables for snmpalias table. Function failed as there were no zones and hence it did not complete database updates.

Modify function to take care of case where there are no zones in the system
PO-8159 Pre-Upgrade Script for Orphaned files and SNMP responses Customers upgrading will need to correct the Zone_ID and snmp common responses before upgrade will success
PO-8158 Retain backwards compatibility with scouts with old version numbering
PO-8156 Integrations - add to target list
PO-8152 Real time notifications - Delete Icon tool tip is different for System & Device Notification(s) Real time notifications - Delete Icon tool tip is different for System & Device Notification(s)

It would be good if we have same tool tip for both System & Device Notification(s)

ver 3.3.1.0 / build 11624

Screen shots attached.
PO-8151 Real time notifications (Devices) , For Newly created Zones - Priority(s) are not displayed Real time notifications (System) , For Newly created Zones - Priority(s) are not displayed even-though we have notifications for new zone under notifications-->Device tab

Expecting same behavior for newly created zone which worked for default zone.

Screen shots attached.
PO-8150 Real time notifications (System & Device) - Notification(s) Uncheck all option enables "Get Filtered Data" button, Which is incorrect ? Real time notifications (System & Device) - Notification(s) Uncheck all option enables "Get Filtered Data" button, Which is incorrect ?

This should be restricted as we are able to proceed to further window, which is invalid and also save button enabled.

ver 3.3.1.0 / build 11624

Screen shots attached.
PO-8149 Real time notifications (System & Device) Recipients email addresses overridden with actions column icons Real time notifications (System & Device) Recipients email addresses overridden with actions column icons

This was observed in Chrome & Mozilla

ver 3.3.1.0 / build 11624

Screen shots attached.
PO-8148 Real time notifications record is not updated with new subscribed notification priority type system:10.9.0.123

Steps:

1. Created 2 zones: zone1 and TestZone with Device_Discovered notification with priority "INFO";
2. Create real time notification for both the zones on Device_Discovered ,INFO priority.
3. Now, go to settings-->Notifications-->edit device_discovered notification priority to "ALERT" from "INFO" for zone "TestZone"
4. Go to real time notifications page.

TestZone real time notification is deleted. I do not see new record being created with new priority type.

employee
PO-8147 Real time Notifications: Edit of Device/System notification receipt does not delete the record from page unless refreshed system:10.9.0.123

Real time Notifications: Edit of Device notification (removing the recpient) receipt does not delete the record from page unless refreshed. The same is true for System Notifications as well.

Attached is the screenshot

employee
PO-8144 Bug Report: SNMP v3 The configuration seems to take, but when I run queries from an external system, I get “unknown user”:
-bash-4.1$ snmpget -v3 -l authPriv -u testsnmp -a SHA -A <password> -x AES -X <password> 10.252.246.44 SNMPv2-MIB::sysDescr.0
No log handling enabled - turning on stderr logging
snmpget: Unknown user name

After googling around, I found that the user should be listed in /var/lib/net-snmp/snmpd.conf when v3 is configured, but it’s not in there. I stopped the snmpd service from a bash shell and used snmp utils to add the user:
net-snmp-create-v3-user -A <password> -a SHA -x AES -X <password> testsnmp

That command adds a usmUser line into the aforementioned config file. After I started the service back up, queries worked fine (please see attached screenshot).
PO-8142 Edit User (Enable API Key) UI is disturbed in Mozilla and also throws "Failed to generate api key" message Edit User (Enable API Key) UI is disturbed in Mozilla and also throws "Failed to generate api key" message

Screen shots attached.

These issues was observed in Mozilla Browser - Firefox Quantum (59.0.3 (64-bit))

Observations :

1. Add new user shows "Enable API Key" section and disappears aftersometime
2. In Edit user UI is disturbed for "Enable API Key" section (Screen shot attached)
3.In Edit user, Click on regenerate API key throws "Failed to generate api key" message (Screen shot attached)
PO-8141 SQL Error Editing CIDR There is currently an issue around deleting zones, adding zones, and editing those zone's CIDRs. The issue seems to manifest itself when a zone is deleted, attributes about the zone are modified, and the zone is recreated. Once the zone is recreated and CIDRs are being deleted, exceptions are thrown in the log such as the following:

com.lumeta.api.dao.PostgreSQLExceptionMapping$NoSuchTableException: ConnectionCallback; bad SQL grammar []; nested exception is org.postgresql.util.PSQLException: ERROR: relation "zone_XXX.target" does not exist

The operation does not complete successfully as this schema does not exist.

There is another Jira floating around (PO-8092), but this issue appears to be independent of that issue and seems to most manifest when deleting CIDRs.
PO-8140 Bad IPV4 and IPV6 address are converted to valid ones If a bad IPV4 or IPV6 address is sent to the esi it gets converted to a valid one.
Looks like it happens in the constructor of the IPAddress class.
For example if 10.9.257.254 is input it becomes 10.10.1.254 in the IPAddress object.
If 1200::AB00:1234::2552:7777:1313 is input it is stored as 1200::2552:7777:1313

An invalid IP address should be rejected to protect the database integrity.
PO-8139 Users: Edit Mode - cant create API Key using IE browser
PO-8138 System and Device Notification event Emails: email server warning isn't showing when server isn't configured When email server hasn't been configured a warning message should be displayed on the top right side of the web page. There is also a link that can take the user to the page where the email server is configured.

The PLUS sign to add configuration records should also not be visible.
PO-8135 Change dashboard names for integration dashboards Below dashboards names need to be changed.

Endpoint Managements – Change to Carbon Black Management

ePO Management – Change to McAfee ePO Management

IP Address Management – Change to Infoblox Management

Network Modeling Statistics – Change to RedSeal Management
PO-8134 Adding new user is not getting created When trying to create a new user,
Setting=> Users=>Add User ,it doesn't get created.
It is not getting created even after refresh nor throws any error.

Thanks,
Usha
PO-8132 Lumeta version shows release 0 Specte systems:
Lumeta version: 3.3.1 (release 0)
PO-8121 Implement Changes from ED Young on suggestions from employee about Real Time Email Notifications 1. Rename menu item "Notifications" to "Notification Subscriptions"
2. Replace tooltip over Remove button with: remove email notifications
3. Rename column header "Action" to "Actions"
PO-8120 Device Notification Filtering Criteria: if user changes textarea content then Update and Reset buttons are still disabled
PO-8118 Notifications: Device Criteria Filtering needs scrollbar when content is out of viewport Namarata had mentioned this issue to me recently.
PO-8110 API Key GUI is missing! The UI changes to allow the user to create an API Key is missing from Lumeta 3.3. We need to get that functionality back.
PO-8104 Printer Serial Number Skipped - Add OIDs Most of the printers that are scanned with SNMP respond to a given community string. It appears that we are getting model and other information back from the printers, but serial number seems to be omitted.

The devices are marked as snmpaccessible, and in some instances, we even see all the interfaces on their network cards, but still serial number is not being collected.

We see the same behavior using esi-internal and our teambob-lp printer.

Questions:

What information are we asking for and what is being returned?

Are we getting serial number and discarding?

A customer has asked that we add Serial Number OID for HP, Lexmark, Xerox and Ricoh
PO-8097 EMAIL report only contains 1,000 records I tested on employee's system 10.9.0.101.
He had a zone (non resp zone id=6) that had 3198 devices.
Set up email server to send me a report for all devices for this zone.

The emailed report only had 1,000 entries. Looking at past JIRAs, there has been issues with this 1,000 record cap with exporting, UI,etc. But none of those JIRAs addressed the email reports.
PO-8093 Build fails in multiple places every time we build a new branch Here are some known issues:

lumeta-jaas fails to build. Must build outside chroot
mod_security fails to biuld. Need to add some args to configure line in spec file
lumeta-api fails to build because of aspose error
PO-8088 Lumeta-webapp and discovery-agent don't honor log rotation If the volume of logging on a system causes logs to rotate midday, the lumeta-webapp and discovery-agent go on writing to the rotated log instead of logging into the new file. This is only rectified when the processes are restarted.

There are two impacts of this issue:

1) If the system is running the Splunk agent. Splunk may miss logs that are being written to the rotated log file, if it is watching the *.out file for changes.
2) The date ranges on the rotated log files are invalid, since the files may contain log entries beyond the timestamps appended to the file by logrotate.

I suggest a trigger is added to lumeta-webapp and discovery-agent that can be called from the 'postrotate' section of /etc/logrotate.d/lumeta-webapp and /etc/logrotate.d/discovery-agent to inform the processes that the logs have been rotated.

In the case of /etc/logrotate.d/discovery-agent it appears this was attempted with a USR1 signal sent via kill, however, it doesn't appear that the process is responding to the signal.

From /etc/logrotate.d/discovery-agent:
postrotate
touch /var/log/discovery-agent.out
chown webapp /var/log/discovery-agent*
kill -USR1 `cat /var/run/discovery-agent.pid`
endscript
PO-8083 Port to trunk
PO-8078 Integrations - add to Eligible We have IP Addresses we do not know about (Unmanaged) in almost all of the integrations. Can we provide the user the ability to click an IP and add it to the Eligible list?

- Add option "Add IP to Eligible list" to the context menu which appears on reports and dashboards
PO-8077 Change Aspose Maven URL Aspose has changed their repository URL from http://maven.aspose.com/artifactory/simple/ext-release-local/ to http://artifact.aspose.com/repo/. On current builds, this works okay because their is a cached copy in the .m2 directory. For new builds, this fails.

Update the URL in the API pom.xml to reflect this new change.
PO-8076 Evaluate dependency for artifact itext and remove if not needed This issue is created to evaluate if itext artifact referenced in api pom.xml
 <artifactId>itext</artifactId>
is being used by any code. If not, we need to remove this artifact from pom.xml
PO-8072 Changing priority of a notification creates a new priority in the database and user sees the notification twice Changing priority of a notification creates a new priority in the database and user sees the notification twice.
Steps:
Create a zone (do not enable its collector)
Go to Settings > Notifications
Change the priority of that zone's notification DEVICE_DISCOVERED from Info to Warn
Save
Enable collector
Go to Most Recent Activities dashboard
You will see two DEVICE_DISCOVERED notifications per device. One with default priority INFO and one with WARN.

Investigation:
I saw under system.notificationpolicy table two entries for DEVICE_DISCOVERED.
I also saw under system.notificationsubscription, two entries for Device Discovered.

Screen shots attached.

To fix it, here is what I did:

observer=# delete from system.notificationsubscription where zone_id=5;
DELETE 2

observer=# delete from system.notificationpolicy where id=36;
DELETE 1

observer=# delete from system.notificationpolicy where id=37;
DELETE 1

observer=# update system.notificationpolicy set priority='WARN' where id=9;
UPDATE 1
PO-8070 By default mvn install should not run test cases for lumeta-api Currently, by default test suite gets run when you run mvn install on lumeta-api. We should not be running it by default.
PO-8067 pgSQL where function also listed in addition to the Standard Error message when attempting to delete a local system from itself At the CLI attempt to delete the local system.
Obviously this can't be allowed and you receive and ERROR
ERROR: local system cannot be deleted
But after that ERROR message there is another line of text
Where: PL/pgSQL function system.trg_system_validator() line 13 at RAISE
PO-8062 DEvice Search Dialog allows spaces in search When using the "Device", under the "Search" menu, the form allows one to enter an IP addresses with a space at the end. If an IP with a space at the end is searched for, no results are returned making it look like the device doesn't exist. This is commonly happens when copying and pasting IPs out of emails and documents, leading to false negatives. It would be nice if Lumeta would strip an extraneous spaces from the search criteria.
PO-8061 Error on CLI when Enabling SNMPD: no access control information configured At CLI type system snmpd enable true.
Including screenshot of error.
snnpd[9059]: Wanring: no access control information configured. It's unlikely this agent can server any useful purpose in this stat
PO-8060 CVE-2018-1272/1273 Spring MVC Multipart bug Spring Framework versions 5.0 to 5.0.4, 4.3 to 4.3.14, and older unsupported versions provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

In order for the attacker to succeed, they would have to be able to guess the multipart boundary value chosen by server A for the multipart request to server B, which requires the attacker to also have control of the server or the ability to see the HTTP log of server A through a separate attack vector.

We are at Spring MVC 4.1.4, and we do use MultiPartFile and MultiPartHttpServletRequest.
PO-8059 Change RedSeal integration code to accept array or one element for Groups While RedSeal was testing Lumeta - RedSeal integrations at their lab, it failed with below exception:

Apr 03 2018 17:43:37.067 [A seMaintainer] INFO (DatabaseMaintainerImpl ) - DatabaseMaintainerImpl: Checking for expired routes

Apr 03 2018 17:58:37.072 [A seMaintainer] INFO (DatabaseMaintainerImpl ) - DatabaseMaintainerImpl: Checking for expired routes

Apr 03 2018 18:13:37.067 [A seMaintainer] INFO (DatabaseMaintainerImpl ) - DatabaseMaintainerImpl: Checking for expired routes

Apr 03 2018 18:17:35.726 [A 484171695-14] INFO (SessionServiceImpl ) - System session authenticated

Apr 03 2018 18:28:37.073 [A seMaintainer] INFO (DatabaseMaintainerImpl ) - DatabaseMaintainerImpl: Checking for expired routes

Apr 03 2018 18:30:37.496 [A l-5-thread-4] INFO (DownloadFactory ) - returning downloader for RedSealFeedDownloader :::RedSeal

Apr 03 2018 18:30:37.497 [A l-5-thread-4] INFO (RedSealFeedDownloader ) - feedUrl for RedSeal:: https://redseal-1.lab.redseal.net/data/group/Primary+Capability

Apr 03 2018 18:30:37.499 [A l-5-thread-4] INFO (RestApiClientFeed ) - headerOptions is not null

Apr 03 2018 18:30:37.624 [A l-5-thread-4] INFO (RestApiClientFeed ) - RestApiClientFeed->getContentStream: GET returned 200

org.json.JSONException: JSONObject["Group"] is not a JSONObject.

        at org.json.JSONObject.getJSONObject(JSONObject.java:596)

        at com.lumeta.api.impl.RedSealFeedDownloader.getURLs(RedSealFeedDownloader.java:150)

        at com.lumeta.api.impl.RedSealFeedDownloader.getRedSealData(RedSealFeedDownloader.java:103)

        at com.lumeta.api.impl.RedSealFeedDownloader.download(RedSealFeedDownloader.java:62)

        at com.lumeta.api.impl.FeedMaintainerImpl$FeedProcessor._run(FeedMaintainerImpl.java:167)

        at com.lumeta.api.impl.FeedMaintainerImpl$FeedProcessor.run(FeedMaintainerImpl.java:120)

        at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

        at java.util.concurrent.FutureTask.runAndReset(Unknown Source)

        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown Source)

        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

        at java.lang.Thread.run(Unknown Source)

Apr 03 2018 18:30:37.627 [A l-5-thread-4] WARN (FeedMaintainerImpl ) - java.lang.NullPointerException: URI template of the newly created target must not be null.

Apr 03 2018 18:42:47.633 [A 484171695-20] INFO (DownloadFactory ) - returning downloader for RedSealFeedDownloader :::RedSeal

Apr 03 2018 18:42:47.635 [A 484171695-20] INFO (RedSealFeedDownloader ) - feedUrl for RedSeal:: https://redseal-1.lab.redseal.net/data/group/Primary+Capability

Apr 03 2018 18:43:37.067 [A seMaintainer] INFO (DatabaseMaintainerImpl ) - DatabaseMaintainerImpl: Checking for expired routes

Apr 03 2018 18:57:01.852 [A 484171695-19] INFO (SessionServiceImpl ) - System session authenticated

 While inspecting output of called API ( https://redseal-1.lab.redseal.net/data/group/Primary+Capability), What we are experiencing is that the object model in response differs with one group vs. multiple groups. If there is only one group, we are getting JSON response for Group as an object, however if there are multiple groups, we are getting JSO response for Group as an array:

"Group" : {
               "Path" : "/Primary+Capability/Firewall/",
               "PolicyIcon" : {
                  "Image" : "GENERAL_1"
               },
               "URL" : "https://172.16.42.11/data/group/Primary+Capability/Firewall/",
               "Name" : "Firewall"
            }
vs.

"Group": [
                    {
                        "Name": "Host",
                        "URL": "https://redseal-1.lab.redseal.net/data/group/Primary+Capability/Host/",
                        "Path": "/Primary+Capability/Host/",
                        "PolicyIcon": {
                            "Image": "GENERAL_1"
                        }
                    },

It would be great if RedSeal API can return an array for either of these scenarios (either with 1 or more elements). That way we can always expect an array regardless of how many groups there are. I have shared that with Eddy and he has taken it back to their API team. In the mean time, we will add a fix that should accept an array or an object as API response.
PO-8058 We're inappropriately avoiding packets At a client we're avoiding sending packets.

After turning up logging to debug for discovery we're seeing messages like this:

Avoided sending packet IPV4:TTL=255,DST=REDACTED_IP,TCP:SRCPORT=36271,DSTPORT=445,SEQ=36271,WINDOW=1000,FLAGS=SYN;; from collector REDACTED_COLLECTOR_NAME

We are targeting X.X.16.0/20 but avoiding the majority of that CIDR.

We're avoiding the following numbers of IPs in each constituent /24:

 256 X.X.17
 256 X.X.18
 256 X.X.19
 256 X.X.20
 256 X.X.21

The underlying issue turned out to be that we had a piece of code that incorrectly comparing CIDRs in lexicographic order rather than in actual numeric order causing a search through a list of them to fail sporadically.

("REDACTED" and "X" are used to redact actual client IP addresses and/or Collector Names)

Reference: AN-180008
PO-8056 Correct ManagementImpl to pass along SSL Util error message related to non-matching License customer names Note, this code appears to be related:

String.format("Certificate organizations do not match (my organization \"%s\" != \"%s\" remote organization)",myOrg, rmtOrg));
PO-8054 Scheduled Report Generation Still Not Working (Add/update) According to the "Fixed Issues" in the 3.2.6 Release Notes: "Report schedules work correctly regardless of whether the report name matches the query name."

I was not able to get this to work in 3.2.7. I have attached a word document showing how to recreate the issue.

This problem exists for both add and update.
PO-8051 Add ports that are used in IPSonar but not in Lumeta to the default list While looking at customer data dump from Lumeta 3.3, it was discovered that there are few ports that are being scanned as default in IPSonar but they are not included in either vulnerable or infectious ports for Lumeta. These ports were added to customer as custom port lists and data was collected. This defect is created to

1. Analyze customer's data from 4/3 to identify how many of these ports resulted in returning banner and identify list of ports that we should add to Lumeta default port list
2. Add a new category common ports (similar to vulnerable and infectious) to store these ports
3. Add changes to UI to show common port list as well as a checkbox for users to select common port list
4. Add changes to discovery agent to use these ports in scanning
PO-8047 Device Profile Patterns - user-provided="false" Device Profile Patterns - "user-provided" flag set to "false" even after user imported changes.
Steps:
1. Download Sample File
2. Change some attributes
3. Import file with your changes
4. Export file
Exported file contains you changes but it has user-provided="false" (file attached)
It should be true
PO-8044 Need queries to test Profile Expressions Is the list below the complete list of available sources for device patterns? (i.e "<source>profile_sysDescr</source>")
If not, what are the other sources and how do I use them?
============
certificate
macvendor
profile_cifs
profile_http
profile_sysDescr
profile_sysObjectID
profile_tcp
services


What should I set '<pattern priority="##">' to for new patterns I create?

Since Lumeta lacks functionality similar to IPSonar for building and testing profiles, I need database queries to evaluate new expressions.
For each source in the list, I need a query that, given an expression, searches the database table/column associated with that source.
It must return any devices that match the given expression with columns for:
• zone name,
• Device ID,
• IP,
• reference IP,
• the raw data that was matched by the expression,
• Profile attributes currently applied to the device (OS, vendor, etc..)
• Confidence % for the attribute
• Which pattern was used to determine the attribute's current value
• (Do patterns have ID numbers internally? If so, that would be helpful for sorting)
PO-8041 Upgrade jackson-databind and jackson-core to version 2.9.5 As jackson-databind 2.9.5 is released, we need to upgrade to 2.9.5 as it contains fix for a CVE and has also been requested by a customer
PO-8040 Get Device query always fetching sysDescr and sysName attributes While looking at 3.3 performance for snmpDiscovery, it was observed that zoneStoreDao.getDevice always contained left join with attributes to get serial number and sysname even when it was not present in the request. Snippet of log:

Apr 02 2018 15:29:29.909 [A her-device-1] DEBUG (ZoneStoreDaoImplPG ) - Query [ZoneStoreDao.device.get] ([zoneSchema=zone_0001, ip=10.9.0.95, zoneId=1])
--------------------------------------------------------------------------------
with idlist as (
        select d.id as device_id
        from zone_0001.device d
        where 1=1 and ipaddress ( ip ) = ?::ipaddress and meta = false
        group by d.id )
select d.id, d.ip as ip_address, d.mac as mac_address, d.identity, d.lastupdate, d.active ,d.device_id as context_deviceid, d.meta as context_meta, d.iftable_id as context_iftableid ,asn.attribute as context_serialnumber, ass.attribute as context_services
from zone_0001.device d
join idlist on idlist.device_id = d.id
left join (
        select da.device_id, attr.attribute as attribute, att.type
        from idlist idl
        join zone_0001.device_attribute da on da.device_id = idl.device_id
        join zone_0001.attribute attr on attr.id = da.attribute_id
        join system.attributetype att on att.id = da.attributetype_id and att.id = attr.attributetype_id and att.type = 'SerialNumber'
        group by da.device_id, attr.attribute, att.type
) asn on asn.device_id = d.device_id
left join (
        select da.device_id, attr.attribute as attribute, att.type
        from idlist idl
        join zone_0001.device_attribute da on da.device_id = idl.device_id
        join zone_0001.attribute attr on attr.id = da.attribute_id
        join system.attributetype att on att.id = da.attributetype_id and att.id = attr.attributetype_id and att.type = 'sysServices'
        group by da.device_id, attr.attribute, att.type
) ass on ass.device_id = d.device_id
group by d.id, d.ip, d.mac, d.identity, d.lastupdate, d.active ,d.device_id, d.meta, d.iftable_id , asn.attribute, ass.attribute

Running same query with and without left join is showing significant difference in timing for a database containing 89K devices.

observer=# \i dev2.sql --> Query without left join to fetch attributes
Time: 0.601 ms
observer=# \i dev.sql --> Query with left join to fetch attributes
Time: 2.667 ms

Same queries on box with customer data (1.5 million devices) gave us difference of 33 vs. 701 ms

observer=# \i dev2.sql
   id | ip_address | mac_address | identity | lastupdate | active | context_deviceid | context_meta | context_iftableid
---------+-------------+-------------+----------+------------+--------+------------------+--------------+-------------------
 4911905 | 7.37.55.217 | | | ip | t | | f |
(1 row)

Time: 33.228 ms
observer=# \i dev.sql
   id | ip_address | mac_address | identity | lastupdate | active | context_deviceid | context_meta | context_iftableid | context_serialnumber | context_servi
ces
---------+-------------+-------------------+----------+------------+--------+------------------+--------------+-------------------+----------------------+--------------
----
 3198114 | 7.89.30.159 | dc:ce:c1:f1:48:02 | | snmp-macip | t | | f | | |
(1 row)

Time: 701.216 ms

We need to take a look at it and fix it so that we don't always perform these two extra left joins
PO-8037 Edit Advanced Query screen contains a button "Edit Query" and should be "Save" After PO-8014 was fixed, the edit Advanced Query screen has a 'Cancel' button and 'Edit Query' button. The user is already editing the query. The button should be 'Save'.
PO-8027 License Generator: Get Root PAsswords do no match error when passwords match Trying to create license.
For test used (732)357-3500 for Root password
Get Passwords Do not match error.
Thinking that maybe since I tried the default admin that is why I got this error. So I also tried (732)357-350 and still get same error.
I tried a different alphanumeric pwd "Lum3t@300!" and that was successful
PO-8025 Grid Column Headers and Details are not properly aligned All Angular grid columns (using ag-grid) are showing symptoms similar to the attachment in that column headers are not aligned with their respective data and appear to be slightly to the right of the data they relate to.
PO-8012 Implement proper control of Query timing logging and ability to configure
PO-8004 We are still pushing "Lumeta ESI" as the Site name to Infoblox (we should push Lumeta) We are still pushing "Lumeta ESI" as the Site name to Infoblox (we should push Lumeta).

I know it is a small issue, but when we are presenting our product to Customers, the first question they ask is: Why is this Lumeta ESI and not Lumeta?
PO-7987 Browse Real-Time Reports - some page layout issues 1. Report selection list (at left)
    a) is missing its left-most margin of 15px
    b) left border isn't visible
    c) Resizing screen with less height than previous removes the vert scrollbars bottom arrow for Reports by Name
    d) container changes size and position when switching between Treeview of Tags and Reports By Name

2. Report Display (at right)
    a) is missing left and right borders
    b) pager control happens to be covered by the icon displays for "Info" thru "Export"
PO-7976 Not gathering Layer 3 interface addresses We are apparently not gathering Layer 3 interface addresses via SNMP on certain devices at customer.
PO-7971 Not gathering Layer2 host (MAC) addresses Hi customer, one mystery getting closer to being solved (I'll follow up with a list of tickets that we're working to make sure that we're not missing anything in all the findings last night / morning).

We use vmVlan (1.3.6.1.4.1.9.9.68.1.2.2.1.2), a Cisco proprietary OID from their CISCO-VLAN-MEMBERSHIP MIB to get a list of VLANs on the system.

We use this to validate that this is a Cisco device (because this is an enterprises.cisco (1.3.6.1.4.1.9) OID) to ensure that VLAN indexing (where we use a community string like <community string>@<vlan>) is appropriate.

Because we're not getting a list of VLANs, we're not using VLAN indexing and won't be very successful at getting layer-2 information.

I'm going to open up a ticket for this particular set of findings and will then look and work on why we're not getting Layer 3 interface addresses.

10.252.160.1 doesn't respond appropriately:

22:49:44.676492 IP 10.252.246.44.43089 > 10.252.160.1.161: C="REDACTED" GetBulk(33) N=0 M=20 .vmVlan-60

22:49:44.679278 IP 10.252.160.1.161 > 10.252.246.44.43089: C="REDACTED" GetResponse(1348) .vmPortStatus-59.439468032=2 .vmPortStatus-59.439472128=2 .vmPortStatus-59.439476224=2 .vmPortStatus-59.439480320=2
...

A more expected response would be like:
15:25:16.085700 IP 65.246.241.134.43041 > 10.201.0.7.161: GetBulk(33) N=0 M=20 .vmVlan-60

15:25:16.094012 IP 10.201.0.7.161 > 65.246.241.134.43041: GetResponse(476) .vmVlan-60.10001=200 .vmVlan-60.10002=200 .vmVlan-60.10003=200 .vmVlan-60.10004=200 .vmVlan-60.10005=200
...

The MIB information for that OID is as follows (from the attached)
vmVlan OBJECT-TYPE
    SYNTAX INTEGER (0..4095)
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "The VLAN id of the VLAN the port is assigned to
        when vmVlanType is set to static or dynamic.
        This object is not instantiated if not applicable.

        The value may be 0 if the port is not assigned
        to a VLAN.

        If vmVlanType is static, the port is always
        assigned to a VLAN and the object may not be
        set to 0.

        If vmVlanType is dynamic the object's value is
        0 if the port is currently not assigned to a VLAN.
        In addition, the object may be set to 0 only."
    ::= { vmMembershipEntry 2 }
PO-7964 Pattern Standardization Effort The current patterns.xml file is inconsistent/inaccurate in several places. For example the version attribute is populated with the type of OS in numerous places.
This bug is designed to track the changes made to the pattern.xml file to remove inaccuracies and redunemployeecy.
PO-7963 PHASE 2:Subscribed notifications will be able to sent via Email - GUI focus PO-6636 created the ability to email notifications.

Implementation Document:
https://docs.google.com/document/d/1P7BNQJc4BOUVy_5tIV9H8f7zhgZax6Vi0fe-KTkbt5Y/edit

GUI Document: http://jira/confluence/display/EN/Configuring+Email+Recipients+for+System+and+Device+Notifications

We need to create UI functionality for users to configure.
PO-7962 Query to save interface table data gets called even when bridge address or content hash has not changed While debugging for snmp mac ip pair ingestion, I see that code that compares bridge address that is in the database vs. what is in device always gets evaluated to true causing query to save this data in database to be invoked even when there is no change.

This is due to the fact that the bridge address coming in the response is all upper case while data that we get back from the database is in lower case. We would need to convert both to lower case and compare or compare case insensitive while comparing bridgeAddress to avoid calling this query each time we process device interface table data
PO-7961 HTTP Security Headers I no longer see X-XSS-Protection and X-Content-Type-Options flags that we had after the hotfix you provided. There are also a couple of other of other flags that Qualys is looking for, Content-Security-Policy and Strict-Transport-Security. These second set of flags, I think were what was causing Qualys to still hit on this vulnerability. We have to have all of these flags for it to be cleared. Here is what Qualys is looking for:

X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSS-Protection: 0; disables this functionality.

 

X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIME-type.

 

Content-Security-Policy: This HTTP header helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS), packet sniffing attacks and data injection attacks.

 

Strict-Transport-Security: The HTTP Strict-Transport-Security response header (HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.

Pat - We will need to update the script originally provided to include Content-Security-Policy and Strict-Transport-Security in addition to the 3 original reported missing headers.
PO-7956 Column width for Device response Dashboard Screenshot with description attached.

Needed for Lumeta 3.3
PO-7943 Gather Diagnostics Bundles Ed has suggested that different numbered diagnostic bundles be added to gather_diagnostics. This would allow the customer to be provided a single value that would determine what is included in the diagnostics bundle. This could potentially be implemented by using one-hot binary.

This would also include options to exclude portions of the database to make it smaller. Care will have to be taken to ensure that these exports are still importable.

E.x.
gather_diagnostics 0 -> bundle with no heap, no db
gather_diagnostics 1 -> bundle with heap, no db
gather_diagnostics 2 -> bundle with no heap, db
gather_diagnostics 3 -> bundle with heap, db
etc.
PO-7939 Allow hotfixes to be applied using the upgrade facility, including to remote scouts. The upgrade facility of the Lumeta UI should be improved to enable it to be used to apply hotfix packages to the local Command Center as well as remote Scouts.
PO-7906 Re licensing system gives an error message Re licensing system gives an error message (screenshot)
But new license applied.
PO-7901 Add Command to gather_diagnostics DB Dump To Exclude Events gather_diagnostics has the ability to export database dumps. Currently, it gets the entire database schema.

pg_dump, which is what gather_diagnostics calls under the covers, has the ability to exclude certain schemas.

Currently, customer has over 40GB of notifications included in their database dumps, which is making the dump hard for them to transfer and upload and is causing the same issue on our side.

Talking with employee, it does not seem to be quite as easy as just excluding certain schemas, there would need to be some work done on the import side as well.
PO-7873 Print option on reports does not display whole widget Print option on reports does not display whole widget
Pie-chart - cut (file attached)
Tables have only 2-3 columns (same on dashboard) (file attached)

NOTE: Pie-chart widgets print on dashboard looks good.
PO-7847 Cleanup Logrotate Configurations Standardize and correct logrotate configurations.

Some logrotate entries have a size, some do not. Some have a compression option, others do not. Some have a compression algorithm, but do not have compressed enabled.

It would be preferable to have all logs using a similar or at least correct rotate configuration.
PO-7839 Database Session Source Null It appears as if every time a user logs into the GUI, a session with a null source is getting created in addition to the session that has a source. Not sure yet if this relates to the login problems that we are having, but it is plausible.

Need to send three new headers when calling /api/rest/authenticate - ClientAddress, SystemAddress, or Source

@HeaderParam("x-client-address") String clientAddress - ip address of client sending request
@HeaderParam("x-system-address") String systemAddress - window.location.host OR in the case of CBA/read-only this is the CC IP address
@HeaderParam("x-source") Session.SessionSource source
PO-7748 IE11 and Edge: Download SNMP credentials does not work IE11 and Edge: Download SNMP credentials does not work
Go to zones - collector- SNMP credentials - click download - nothing happens
PO-7746 To improve Scalability: Don't populate local storage with CC data that isn't required (i.e. DisplayInfo.icon) I am raising this issue because I have heard about a recent case in which a customer (Orlen) ran out of local storage space. That would totally break Portal.
I'm not saying ESI was the cause, but as a contributing factor its worth keeping local storage down to whats needed and not more.
PO-7729 Create a 3.3 release candidate Tag the release candidate based on trunk.
Create a netboot target.
PO-7473 PKI enabled CC/Portal : Login screen is displayed with masked characters in password field. After a couple of seconds the user is redirected to the default Dashboard page. PKI enabled CC : Login screen is displayed with masked characters in password field. After a couple of seconds the user is redirected to the default Dashboard page.
CC System - Build # 10737 : 10.9.0.126.
Steps:
1. Login to the above system with admin / admin.
2. Install CA, User and Browser certs.
3. Enable PKI.
4. Accept the certs and access the system.
5. Login screen is displayed with masked characters in password field.
6. Do nothing, after a couple of seconds the user is redirected to the default Dashboard page.

Screenshot : "PKI - Login Screen.PNG"
PO-7460 CLI:"log show" throws ERROR Cannot connect.500 read timeout at /usr/local/lumeta/bin/log_config line 358. log show o/p throws ERROR messages on CC
===================================
admin@QA-CC-TESTBOX> log show 2
Use of uninitialized value in division (/) at /usr/local/lumeta/bin/log_config line 370.
Use of uninitialized value in division (/) at /usr/local/lumeta/bin/log_config line 370.
Dec 31 1969 19:00:00 ERROR discovery-agent (WSApiClient ) connectRequest and wssession are null ------> ERRORS
Dec 31 1969 19:00:00 ERROR discovery-agent (WSApiClient ) Trying to connect

On the latest 3.3 esi-current (build 11097),it throws the below error

admin@QA-CC-TESTBOX> log show 2
Cannot connect.500 read timeout at /usr/local/lumeta/bin/log_config line 358.

It waits for longtime after executing the cmd and throws this error.
PO-7416 Apache HTTP update to v2.4 Uptick to httpd-2.4 and associated config changes.
PO-7126 Update CVE Radar
PO-7125 Post CVEs Fixed
PO-7050 Pass up User creation and update error messages to GUI message US customer puts stricter requirements onto Lumeta for password controls. Tod was trying to add a user and gets the generic message "Error Adding User". Looking into lumeta-webapp.log the actual error is shown to be:

Sep 26 2017 18:41:24.952 [U 94247762-331] INFO (ServletApiClient ) - Call to addUser FAILED: Could not change password: BAD PASSWORD: it is too simplistic/systematic

We need to display these type of details in the GUI error message so clients have information about why a user command is failing.
PO-6897 Deleting User-defined Device Profile Patterns is not deleting user defined patterns Deleting User-defined Device Profile Patterns is not deleting user defined patterns.
Steps:

Upload a user-defined pattern file (attached to this bug).
Verify that it has been uploaded by going to Reports=>Pattern Summary => profile sysObjectId and check for user defined patterns.

Now go to Settings=> Device Profile Patterns and click on Delete.

Recheck the Pattern Summary Report and you will see see user defined patterns under profile sysObjectId.

Also when you delete, F12 shows the following error:


developerMessage
:
"org.springframework.jdbc.UncategorizedSQLException: ConnectionCallback; uncategorized SQLException for SQL []; SQL state [0A000]; error code [0]; ERROR: WITH query "delpat" does not have a RETURNING clause↵ Position: 931; nested exception is org.postgresql.util.PSQLException: ERROR: WITH query "delpat" does not have a RETURNING clause↵ Position: 931↵ at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:84)↵ at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)↵ at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)↵ at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:357)↵ at com.lumeta.api.dao.base.BaseDao$QueryRunner.update(BaseDao.java:612)↵ at com.lumeta.api.dao.PatternDaoImpl.deleteUserPatterns(PatternDaoImpl.java:198)↵ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)↵ at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)↵ at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)↵ at java.lang.reflect.Method.invoke(Unknown Source)↵ at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)↵ at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)↵ at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)↵ at com.lumeta.api.config.DatasourceConfig$1.invoke(DatasourceConfig.java:251)↵ at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)↵ at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)↵ at com.sun.proxy.$Proxy34.deleteUserPatterns(Unknown Source)↵ at com.lumeta.api.impl.ConfigManagementImpl.deleteUserPatterns(ConfigManagementImpl.java:589)↵ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)↵ at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)↵ at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)↵ at java.lang.reflect.Method.invoke(Unknown Source)↵ at com.lumeta.api.core.client.ServletApiClient$ClassLoaderProxy.invoke(ServletApiClient.java:205)↵ at com.sun.proxy.$Proxy129.deleteUserPatterns(Unknown Source)↵ at com.lumeta.observer.web.providers.impl.ManagementDataProviderImpl.deleteUserPatterns(ManagementDataProviderImpl.java:710)↵ at com.lumeta.observer.web.controllers.ConfigController.deleteUserPatterns(ConfigController.java:122)↵ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)↵ at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)↵ at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)↵ at java.lang.reflect.Method.invoke(Unknown Source)↵ at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)↵ at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)↵ at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)↵ at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:777)↵ at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:706)↵ at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)↵ at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943)↵ at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:877)↵ at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)↵ at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:879)↵ at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)↵ at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)↵ at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)↵ at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845)↵ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1689)↵ at org.springframework.web.filter.ShallowEtagHeaderFilter.doFilterInternal(ShallowEtagHeaderFilter.java:82)↵ at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)↵ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)↵ at com.lumeta.observer.web.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:100)↵ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1676)↵ at org.springframework.mobile.device.DeviceResolverRequestFilter.doFilterInternal(DeviceResolverRequestFilter.java:59)↵ at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)↵ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)↵ at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)↵ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)↵ at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)↵ at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)↵ at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1160)↵ at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)↵ at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)↵ at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1092)↵ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)↵ at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)↵ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)↵ at org.eclipse.jetty.server.Server.handle(Server.java:518)↵ at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:308)↵ at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:244)↵ at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)↵ at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)↵ at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)↵ at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:246)↵ at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:156)↵ at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)↵ at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)↵ at java.lang.Thread.run(Unknown Source)↵Caused by: org.postgresql.util.PSQLException: ERROR: WITH query "delpat" does not have a RETURNING clause↵ Position: 931↵ at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2270)↵ at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1998)↵ at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:255)↵ at org.postgresql.jdbc3.AbstractJdbc3Statement.getParameterMetaData(AbstractJdbc3Statement.java:412)↵ at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.getParameterMetaData(NewProxyPreparedStatement.java:573)↵ at com.lumeta.api.dao.base.BaseDao$QueryRunner$2.doInConnection(BaseDao.java:578)↵ at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:350)↵ ... 71 more↵"
errorType
:
4
httpStatusCode
:
420
message
:
"ConnectionCallback; uncategorized SQLException for SQL []; SQL state [0A000]; error code [0]; ERROR: WITH query "delpat" does not have a RETURNING clause↵ Position: 931; nested exception is org.postgresql.util.PSQLException: ERROR: WITH query "delpat" does not have a RETURNING clause↵ Position: 931"
userMessage
:
"ConnectionCallback; uncategorized SQLException for SQL []; SQL state [0A000]; error code [0]; ERROR: WITH query "delpat" does not have a RETURNING clause↵ Position: 931; nested exception is org.postgresql.util.PSQLException: ERROR: WITH query "delpat" does not have a RETURNING clause↵ Position: 931"
PO-6890 Add Share Mounting Tools To ESI Investigate adding SMB utilities to ESI. The reason for this is we are starting to use the hyper-v share, which is a Windows server, so it does not support SCP natively. This would allow us to mount the hyper-v share on ESI systems.

Here are the packages that would be useful:
samba-client, samba-common, cifs-utils
PO-6756 Multiple CC sessions We want to be able to support the use case of a portal user managing multiple CCs. Currently this doesn't work because we only store one instance of the portal IP/CC IP in localstorage.

To address this limitation:
1. Store a key/value structure similar to sessions in localstorage
2. The key would be the IP of the portal
3. The value would be the key of the CC

In order to do this, both Angular and Dojo would have to use localstorage instead of cookies for this part
- Replace every instance of localStorage.getItem("portalCC") with ProxyCCLookup.getCBACCIP()
- Can we just use getIPFromURL() here?

- What needs to change for cookies?
- How can we handle identity when tabs share the same cookies?

- Could we use window messages (https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) to handle change in identity? For example, when the tab is focused, you become that user and we send a message to all other tabs to update their information.
PO-6601 Implement support for AES 256 for SNMP credentials privacy Implement AES 256 support for SNMP v3 privacy. This requirement is the same as the AES 256 related requirement implemented in IPsonar 6.5A
PO-6573 Return cookie domain and path not updated when WebSockets is proxied This ticket is to record an issue with Reverse Proxy cookie translation for WebSocket connections.

The issue is that cookie domain and path are not updated to point to the back end server as the Apache directives in the proxy server request.

In the attached image, the domain should have been updated to the IP address of the back end server and the path to /proxy/<IP Back end server>/api

At this time, WebSocket connections work and there seems to be no deleterious effects due to the lack of translation. The cookie is used to return a session ID and the Domain and path are ignored. Hence the low priority of this issue at this time.
PO-6559 CC Upgrade: Custom Notifications are not displayed post up-gradation from ESI 3.2.4 to 3.2.5. CC Upgrade:
1. Custom Notifications are not displayed post up-gradation from ESI 3.2.4 to 3.2.5.
2. Default "Device Activity" notification is not displayed in a 3.2.4 box.
3. Observed duplicate default "Device Discovered" notifications in a 3.2.4 box.
PO-6469 CC - CLI and GUI: Unable to delete an Organization and Zone with special characters. CC - CLI and GUI: Unable to delete an Organization and Zone with special characters.
Zones:
1. Create a zone : To_Test_zone_\!@\#\$%^\&*123_[]{}::\;
2. Try to delete the above zone.
>>admin@VTX-CC-325-USHA:zone> delete
   To_Test_zone_\!@\#\$%^\&*123_[]{}::\;
   grep: missing terminating ] for character class
   No such zone
3. Please note that there is no issue in deleting a zone like the above thru GUI.

Organizations:
1. Create an organization To_Test_Org_!\@\#\$%^\&\*123_[]{}::123.
2. Try to delete the above organization thru CLI.
>> admin@VTX-CC-325-USHA> organization delete To_Test_Org_!\@\#\$%^\&\*123_[]{}::123
Internal Server Error
3. Try to delete the above organization thru GUI. Its saying : Error removing item.

Screenshots attached.

Tested at CC 3.2.5 - Build # 9609 : 10.9.0.173.
PO-6232 Dashboard Widget Expansion Bug When trying to make a widget larger, the table within the widget reaches a maximum horizontal size and cannot be expanded further, however the bounding box for the widget itself can grow further. This results in the table inside the widget requiring horizontal scrolling. See attached video for more information.
PO-6168 Creating Widget with autorefresh fails... Widget just displays "Resolving" spin https://c.na2.content.force.com/servlet/servlet.FileDownload?file=00P4000000tUHwV

Let me know if you can't access the link.

But to recreate. Add Widget.
Widget Type Chart with Auto-Refresh option
Select Saved query as source and I chose all devices by zones
Select zonename and integer then accept. The widget never populates.
Just has a "resolving" spinning circle
PO-6128 Issues when creating new queries (cannot expand record[0]/[1], cannot run table visualization Issues when creating new queries (cannot expand record[0]/[1], cannot run table visualization.
Steps:
create a query
we see record[0] or record[1] for array fields. we cannot expand it.
then we tried to display visualization and used table widget.
query hung.

screen shot is attached
PO-5598 Reports - Schedule: The 'Edit Report Schedule' pop up is not retaining the Zone name which is selected while Adding/Creating a new Schedule. Reports - Schedule: The 'Edit Report Schedule' pop up is not retaining the Zone name which is selected while Adding/Creating a new Schedule.

Observed in ESI CC: 10.9.0.83
PO-5252 Do not see any openport discovered notifications generated Steps:
Create a zone with Port Discovery enabled (do not enable collector yet)
Add Notification of type OPENPORT_DISCOVERED and subscribe to it.
Enable collector
wait for at least one rescan interval
verify that you find open ports on that zone by running query:
SELECT
"device_ip",
"deviceopenports"
FROM "devicemodel"
WHERE (
  array_length("deviceopenports") <> 0
)

Go to Reports for that zone and see if you can find any OPENPORT_DISCOVERED notification.

(i found none)
PO-4798 Settings=>ESI Systems=>License ==> when user re-licenses a box, EULA shows up, but license modal does not Settings=>ESI Systems=>License ==> when user re-licenses a box, EULA shows up, but license modal does not.

Happening on firefox and IE.
PO-4405 Cannot Disable SQL Logging It appears as if there are still SQL queries that are getting placed into the log file after disabling logging. This bug could also effect more that just the com.lumeta.api.sql sub-service, so it might be nice to test on some of the other sub-services as well.
PO-4276 Report schedules: not getting report email if we enter multiple email address system details: CC:10.9.0.120

i configured email server and while creating report schedule , i entered 2 email addresses separated by comma and new line.

scenario 1:

1.rkodur@lumeta.com,fabbasi@lumeta.com
2. rkodur@lumeta.com
    fabbasi@lumeta.com

in this case, only one got report schedule emails

scenario 2 :
if i enter only one email address(rkodur@lumeta.com), i see report schedule emails.

employee

PO-2379 Adding NOTIFICATIONs of same event type results in NO NOTIFICATIONS Adding NOTIFICATIONs of same event type results in NO NOTIFICATIONS
System: 10.9.0.214
Zone: TestNotifications

I added the following notifications:
Event type: Device Discovered
Name: DD
Filter: 10.8.0.0/24

Event type: Device Discovered
Name: IPv6
Filter: 2610:18:10c:c000::c1

Only three notifications were enabled. One Device Discovered for all devices, one DD and one IPv6.

Result:
NO NOTIFICATIONS were seen for device discovered.


107 issues Refresh




  • No labels