Our latest release includes several updates to enhance your DDoS cover. We’ve added options for future TLS support for FastNetMon Flow, improved debugging with more detailed logs, and added logic to reconnect TCP flow forwarding sockets. We’ve also enabled IPv6 for Web_api_host and Web_api_ssl_host, and added a per hostgroup dashboard for Clickhouse. Full release notes below
Changes:
Changes:
- Added options tera_flow_tls_certificate_path and tera_flow_tls_private_key_path for future TLS support for FastNetMon Flow
- We require SSE42 for all new installations. Clickhouse is a mandatory part of stack now
- Added logic to retry bind attempt for TCP socket in FastNetMon Flow logic when it’s already in use as we have it normally very often
- Added logic to check that certificates were generated before enabling SSL for Grafana and Nginx
- Added logic to reconnect TCP flow forwarding sockets
- Automatically crop long process names to 15 symbols
- Added flag MSG_NOSIGNAL to avoid calls of SIGPIPE when remote flow forwarder TCP socket was closed for some reasons
- We switched from write() to send() as it allows use to use flags argument when we need it
- Disabled export of InfluxDB and Clickhouse metrics to system_counters if they are not enabled in configuration
- Removed configuration option netflow_custom_sampling_ratio_enable as we never checked it and used netflow_sampling_ratio unconditionally
- Added logic to print recalculate_speed_timeout and average_calculation_time to log file for clarity and easier debugging
- Added better logic to handle empty password for MongoDB
- Addressed Cannot get CPU flags
- Added timeout for send operation for Flow Forwarder
- Added new options flow_forwarder and flow_forwarder_remote_addresses
- Added logic to read FastNetMon Flow messages when it spans over multiple recv() calls
- Allowed IPv6 for Web_api_host and Web_api_ssl_host
- Unconditionally enabled IPv6 for tera flow for traffic_db logic
- Added new options to setup FastNetMon Flow to listen addresses explicit way: tera_flow_local_addresses
- Added logic to install certbot for Let’s encrypt
- Added check that port 443 is available
- Added per protocol total traffic counters export to InfluxDB
- Added per protocol total counters exposed via API
- Unified traffic calculation logic for total counters
- Eliminated instant speed array for total traffic counters
- Added logic to free up memory in sFlow socket init logic
- Fixed bug in host_counters_per_hostgroup_v4 and host_counters_per_hostgroup_v6 API call
- Reworked fcli and internal API to use unified enum sorters
- New commands sudo fcli show host_counters_per_hostgroup_v4 and host_counters_per_hostgroup_v6 to return top talkers per total hostgroup
- Behaviour change. We flipped incoming and outgoing for per ASN traffic reports
- Added logic to generate default configuration for GoBGP even when we do not have any BGP peers provided in configuration
- Added per hostgroup dashboard for Clickhouse
- Enabled total hostgroups logic by default enable_total_hostgroup_counters
- Added fill_dictionaries to cron on RedHat based distros
- Added automatic run of fill_dictionaries command during installation and every day via cron
- Split Grafana data source provision to use fastnetmon-clickhouse.yaml and fastnetmon.yaml
- Added ASN number after ASN name for Clickhouse ASN dashboard
- Replaced ASN description parsing logic by download from our site
- Removed BGP table processing logic and removed dependency on libbgpdump
- Added logic to download prefix to ASN dictionaries instead of processing whole dataset directly. fill_dictionaries is x100 times faster now
- Added r8152 for automatic offload configuration