What are the release notes for Security Reporting Center 2.1?


This article applies to:

  • Security Reporting Center 2.1

Question:

What are the release notes for Security Reporting Center 2.1?

Information:

This version of the Security Reporting Center product (Security Reporting Center) provides several new features. This version also improves usability and extends several capabilities. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.

This document outlines why you should install this version, provides additions to the documentation, and identifies any known issues. We assume you are familiar with previous versions of this product under the name Firewall Reporting Center. For more information about installing Security Reporting Center, see the Security Reporting Center User Guide.


Why Install This Version?

Security Reporting Center provides comprehensive reporting on security and Internet usage in your network. This highly flexible and scalable solution can help you understand security and bandwidth baselines, forecast and plan for firewall and bandwidth requirements, summarize critical and non-critical events on your network, manage employee Internet usage, and assess the activity that passes through your firewall. The following sections outline the key features and functions provided by this version.

Reduction in Memory Usage
Customers with large installations will find in version 2.1, the Proxy Reporting module uses far less memory. This improvement in memory usage should be especially helpful to enterprises experiencing virus attacks and port scans.

Support for New Firewalls
With version 2.1, Security Reporting Center adds support for Clavister Firewall and Neoteris IVE.

Express Interface for Quick Report Access
A new Express interface makes report generation simple for new users. Event status panels now auto-refresh for convenient information updates. Icon legends provide a quick reference for navigating list panels. A unified tri-pane Help system adds a complete online table of contents for the User Guide and Firewall Configuration Guide plus indexing and full-text searching capability.



Upgrading from Previous Versions

To upgrade from previous versions, install the new version over an existing version. You do not need to uninstall your existing version.

If you have profiles that rely on a Check Point LEA connection, the lea.conf file must include an IP address. If the lea.conf file does not contain an IP address, we suggest deleting the LEA connection after upgrading and recreating it manually.

If you used custom images in your reports, upgrading to version 2.1 removes them from your reports. To restore the images, create a custom report style that uses the report images. For more information about report styles, see "Understanding Report Styles" in the User Guide for Security Reporting Center.

Upgrading from Version 2.x
To upgrade from version 2.x to 2.1, install Security Reporting Center over your existing installation.

Upgrading from Version 1.0b
To upgrade from version 1.0b, first upgrade to version 1.1, then to version 2.0c. When you upgrade from version 1.0b to version 1.1, all FastTrends and Content databases are deleted. However, the upgrade preserves all profiles, events, users, teams, and other configuration settings.

You cannot upgrade from a version earlier than version 1.0b. If you are using an earlier version of Firewall Reporting Center, you must uninstall it before installing Security Reporting Center.

Warning!
Use the same database user name and password, and the same User Interface login name and password to install the newer version that you used to install the earlier version. If you use a new user name and password, the databases will not be accessible and a clean installation will need to be performed.

Backing up Databases
We recommend backing up your databases before you attempt to upgrade from Firewall Reporting Center version 1.1 to Security Reporting Center version 2.0. Backing up the databases secures your data in case of a system failure during the upgrade. For example, if you lose power during an upgrade, your databases may be corrupted. To secure your data, copy it to a directory outside the installation directory.

Note: The following procedure has not been tested with versions earlier than version 1.1. 

To back up databases before upgrading to version 2.1:

  1. Stop all Firewall or Security Reporting Center program services.

  2. Copy the InstallDir/common/mysql/data directory to a location outside the installation directory.

  3. Install the new version of Security Reporting Center.

Warning!
Use the same database user name and password, and the same User Interface login name and password to install the newer version that you used to install the earlier version. If you use a new user name and password, the databases will not be accessible and a clean installation will need to be performed.

To restore databases and upgrade to version 2.1 after a failure during upgrade:

  1. Uninstall Security Reporting Center 2.1.

  2. Reinstall the earlier version (Firewall Reporting Center 1.1 or Security Reporting Center 2.x).

    Warning! Use the same database user name and password, and the same User Interface login name and password to install the newer version that you used to install the earlier version. If you use a new user name and password, the databases will not be accessible and a clean installation will need to be performed.

  3. Stop all Firewall or Security Reporting Center program services.

  4. Delete the InstallDir/common/mysql/data directory.

  5. Copy the saved data folder from the folder where you installed it to the InstallDir/common/mysql directory.

  6. Restart the Firewall or Security Reporting Center program services.

  7. Install Security Reporting Center version 2.1.

Upgrading User-Defined Databases from version 2.0a
If you are upgrading from version 2.0a, and you created a Content Database in the Proxy Reporting module using any location or settings other than the defaults, you need a special script to upgrade your MySQL database.

To upgrade the database, run the following script:

InstallDir/common/sql_scripts/MySQL/Content/PXUpgrade/Update20ato20b.bat

Use the following syntax on the command line:

Upgrade20ato20b.bat username password dbname server

Where:
username is the username for the database
password is the password for the username
dbname is the name of the database
server is the name of the server where the database is saved



Additions to Documentation

Viewing Documentation Files
The installation kit provides some documentation in PDF files. To view these documentation files, you need Adobe Acrobat or Adobe Acrobat Reader installed. You can download Adobe Acrobat Reader from the Adobe Web site (http://www.adobe.com/).



General Notes

Marshal strives to ensure our products provide quality solutions for your firewall security needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support (support@marshal.com).

Data Strings Truncated After 255 Characters
When data strings are identical up to 255 characters but become unique after 255 characters, Security Reporting Center truncates them before storing them in the Content database. Under these conditions, Proxy reports may contain inaccurate counts if they use data from the following Content database tables: CorePage, Download, FileExtension, GenPage, Page, and SearchKeyword.

Upgrades to LEA Connections
When you upgrade to version 2.1 from 2.0a or earlier, Security Reporting Center runs a script that populates the Check Point LEA Connections panel with your existing connections. If the lea.conf file created for the earlier installation does not contain the IP address of the Check Point Management Server, or if the lea.conf file uses an unfamiliar format, the upgrade substitutes a placeholder connection that does not work. Delete and recreate the connection manually to connect to the Check Point Management Server. This issue primarily affects connections for Check Point 4.x firewalls.

Number of Tasks Reset During Upgrade
When you upgrade to a new version, Security Reporting Center resets the number of concurrent tasks each agent can handle to the default, two tasks. If you used the Agent Settings panel to set the number of concurrent tasks to a value other than two, you must set it again after you upgrade.

Workaround for Gauntlet Date Logging
Because the year is not logged inside a Gauntlet log file, Security Reporting Center parses the year based on the name of the file. By default, Gauntlet uses one of the following date formats to name log files:

messages.mm.dd.yyyy
messages.dd.mm.yy

We strongly recommend that you use the default file names for your logs. If you use a file name other than the default, Security Reporting Center determines the year based on the current system date. This can lead to reporting errors.

Two MySQL Services
The current version of MySQL installs two services when you install the Security Reporting Center MySQL database on a Windows computer: the MySQL service and the NetIQ-MySQL service. Only the NetIQ-MySQL service is required to run Security Reporting Center. We recommend using the Services panel to set the Startup Type for the MySQL service to Disabled.

Mapped Drives Not Supported for Windows XP
If you have installed Security Reporting Center on Windows XP, and you need to specify a network drive for a log file path or a destination directory, do not use a mapped drive. Use the full UNC path to specify a network drive.

Cisco PIX 6.1/6.2 DNS Port Logging Issue
Because an issue in Cisco PIX 6.1/6.2 causes it to log the DSN ID instead of the port number when logging the DNS source and destination port, Security Reporting Center sees an invalid value for the protocol and will consume large amounts of memory during log data analysis and export. To fix this problem, either upgrade to Cisco PIX 6.2.2 or use a Security Reporting Center Exclude filter to exclude traffic from your DNS servers.

Check Point NG with OPSEC LEA Requires File Changes
If you plan to collect Check Point NG logs using OPSEC LEA, and you previously used OPSEC LEA with Firewall Suite or Firewall Reporting Center, you must comment out modifications to the fwopsec.conf file. The fwopsec.conf file resides in the winnt\FW1\NG\conf directory. Comment out all lines in fwopsec.conf.



Configuration Hints

Configuring Distributed Installations

If you plan to install components of Security Reporting Center on multiple computers, then the Database component must be installed before all other components.

You must install the Database Server, the User Interface Server, and the Reporting agents in the same network environment. Each computer where a Security Reporting Center component is installed must be able to connect to the Database server.

For Security Reporting Center to work correctly on multiple computers, you must configure each component with the correct connection information when you install it. Install the Database server before you install any other components. When you install the Database server, you provide the host name, port number, user name, and password information for both the Database server and the User Interface server. Write this information down and provide the same information when you install components on other computers.

Configuring Program Services

If you intend to use network drives to store resources such as log files, or if you have installed Security Reporting Center on multiple computers, you must manually configure Security Reporting Center services to access resources across the network. These services include the NetIQ Scheduler Agent, the NetIQ LEA Service, and the NetIQ Syslog Service.

You need to configure services if you will use a network location for any of the following purposes:

  • Retrieving log files
  • Storing the FTP cache
  • Storing uncompressed files
  • Storing log files collected using Check Point with OPSEC LEA
  • Storing log files collected using the NetIQ Syslog Service
  • Storing static HTML or Word reports
  • Storing FastTrends databases.

To ensure that product services can access network drives, first configure them to log on under an account with access rights to the drives you want to access. By default, product services log on using the system account. To access mapped drives, you should typically configure the services to log on under a user account. This involves two steps: selecting an account to use for each service, and giving that account the appropriate rights.

Configuring Services and User Rights
Please refer to the following knowledge base article for further details.

https://support.trustwave.com/kb/article.aspx?id=10289

Notes:

Information about system requirements can be found in the following knowledge base article:

https://support.trustwave.com/kb/article.aspx?id=10842

This article was previously published as:
NETIQKB38167

Last Modified 6/25/2008.
https://support.trustwave.com/kb/KnowledgebaseArticle10835.aspx