« previous next »
Pages: [1]

Author Topic: NetXMS 3.6 released  (Read 864 times)

Victor Kirhenshtein

  • Lead Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 7140
    • View Profile
NetXMS 3.6 released
« on: November 20, 2020, 11:06:17 am »
Hi all!

NetXMS version 3.6 is just released. We plan that it will be last release in 3.x branch, but depending on progress with 4.0 development and requests from our customers and community we may also introduce 3.7 in a month or two.
Changes since previous release:
- Object categories
- Support for externally provisioned agent certificates
- New instance discovery method "internal table"
- Added option to validate server certificate on agent
- Fixed column sorting in Web Service Definition view
- Support for IPv6 in NXSL functions AddrInSubnet and AddrInRange
- New NXSL function GetServerQueueNames
- New NXSL functions for object search: FindObjectByGUID, FindNodeByAgentId, FindNodeByIPAddress, FindNodeByMACAddress, FindNodeBySysName
- nxdbmgr option to migrate log tables in background
- Windows event log synchronization, server side parsing and agent side filtering
- Added option not to save to database Windows event log and syslog filtered by server parser
- Maximum number of client sessions can be configured
- Added support for SNMP data types FLOAT, DOUBLE, INTEGER64, UINTEGER64
- Correct decoding of values inside OPAQUE SNMP varbinds
- Added view for object tools with output executed on multiple nodes
- Added synchronous methods and completion callbacks for object creation in Java API
- Fixed nxdbmgr crash on import
- New built-in agent action Agent.RotateLog
- Server performance optimization for handling large number of agent connections
- Performance optimization of SNMPv3 processing
- NXSL performance optimization
- Improved handling of external parameter providers in agent
- Added background polling option for external tables in agent
- Authentication method for LDAP users can be changed
- Support for mobile devices with NTCB/FLEX protocol
- Geolocation control for nodes, sensors, and mobile devices
- Fixed screenshot issues on Windows 10 with DPI scaling
- Fixed errors on graph properties modification
- Fixed sorting in summary table when one column has different data types
- Fixed issues:
   NX-904 (Sensitive info should be hidden in Audit Log)
   NX-1294 (Completed Scheduled Task Re-scheduling)
   NX-1416 (NetXMS Agents shutdown does not end ExternalParametersProviders)
   NX-1823 (Using SSH login and password in object tools)
   NX-1905 (Log Parser policy in Template Agent Policies does not automatically include Events in Export Configuration Tool)
   NX-1907 (Add server configuration option to disable outdated SSL/TLS versions)
   NX-1911 (Separate object name for use on maps)
   NX-1931 ("Do not store" option for syslog)
   NX-1933 (Update descriptions and units for server configuration variables)
   NX-1951 (Moving a DCI to container deletes the DCI)
   NX-1962 (Save time of last configuration poll across server restart)

Best regards,
Victor
Logged

lindeamon

  • Hero Member
  • *****
  • Posts: 801
    • View Profile
Re: NetXMS 3.6 released
« Reply #1 on: November 21, 2020, 08:49:35 am »
thank you very much!!!
Logged

Mortymer

  • Newbie
  • *
  • Posts: 20
    • View Profile
Re: NetXMS 3.6 released
« Reply #2 on: November 23, 2020, 09:52:28 am »
Thank you very much!
Could you upload the console application for Android please?

Regards,
Mortymer
Logged

Victor Kirhenshtein

  • Lead Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 7140
    • View Profile
Re: NetXMS 3.6 released
« Reply #3 on: November 24, 2020, 11:10:03 am »
Just uploaded Android console.

Best regards,
Victor
Logged

Victor Kirhenshtein

  • Lead Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 7140
    • View Profile
Re: NetXMS 3.6 released
« Reply #4 on: November 24, 2020, 11:12:50 am »
We just found and fixed critical bug in server communication code, all users currently running server version 3.6.252 are encouraged to upgrade to 3.6.262 as soon as possible.

Best regards,
Victor
Logged

Mortymer

  • Newbie
  • *
  • Posts: 20
    • View Profile
Re: NetXMS 3.6 released
« Reply #5 on: November 24, 2020, 11:29:00 am »
Thank you Victor!
Logged

Staj

  • Jr. Member
  • **
  • Posts: 65
    • View Profile
Re: NetXMS 3.6 released
« Reply #6 on: November 26, 2020, 12:55:42 pm »
Thank you for the Windows Certificate Store (CNG) Certificate support for Agent Tunnels, this is very much appreciated for our use-case.

Can you explain how https://github.com/openssl/openssl/issues/12859 affects nxagentd and the downgrade to TLS 1.1?

Looking at the code, it will find a Certificate in the SYSTEM Personal Certificate based on matching Friendly Name, Email, Subject, Template, Common Name, Org or Device Serial (in that order)? How does one specify what the agent should consider a match?

EDIT:
Tunnel::createFromConfig and ParseTunnelList seems to have the answer:
Quote
Record format is address[:port][,certificate[,password]]
Records meaning the configured MasterServers, ControlServers and Servers. So I guess an example would be:
Code: [Select]
MasterServers = 10.0.0.1,ADCSTemplNetXMSAssuming ADCSTemplNetXMS was the name of a Certificate Template (Eg: Certificate issued by ADCS)?
« Last Edit: November 26, 2020, 01:20:47 pm by Staj »
Logged

Victor Kirhenshtein

  • Lead Developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 7140
    • View Profile
Re: NetXMS 3.6 released
« Reply #7 on: November 27, 2020, 08:18:44 pm »
Quote from: Staj on November 26, 2020, 12:55:42 pm
Can you explain how https://github.com/openssl/openssl/issues/12859 affects nxagentd and the downgrade to TLS 1.1?

If certificate has exportable private key then agent will get the private key and use standard OpenSSL mechanisms instead of CNG engine for session authentication. In that case TLS 1.3 will be used if server supports it. If private key cannot be exported then agent will switch to TLS 1.1 and use CNG engine for authentication.

Quote from: Staj on November 26, 2020, 12:55:42 pm
Looking at the code, it will find a Certificate in the SYSTEM Personal Certificate based on matching Friendly Name, Email, Subject, Template, Common Name, Org or Device Serial (in that order)? How does one specify what the agent should consider a match?

EDIT:
Tunnel::createFromConfig and ParseTunnelList seems to have the answer:
Quote
Record format is address[:port][,certificate[,password]]
Records meaning the configured MasterServers, ControlServers and Servers. So I guess an example would be:
Code: [Select]
MasterServers = 10.0.0.1,ADCSTemplNetXMSAssuming ADCSTemplNetXMS was the name of a Certificate Template (Eg: Certificate issued by ADCS)?

Not exactly. Tunnel connections configured using ServerConnection parameters, so it will be

Code: [Select]
ServerConnection = 10.0.0.1, certificate_matching_string

Certificate matching string consists of selector and value separated by :. Possible selectors are:
name - certificate's friendly name (display name) in store
email - EMail portion of certificate DN
subject - certificate's subject
template - template OID (not template name!)
cn - CN part of certificate's DN
org - ORG part of certificate's DN
deviceSerial - device serial number

so for example for certificate with friendly name "NetXMS Server" it will be
Code: [Select]
ServerConnection = 10.0.0.1, name:NetXMS Server

If you are interested, relevant code is in file src/agent/core/cng_engine.cpp, function MatchWindowsStoreCertificate.

Best regards,
Victor
Logged
Pages: [1]
« previous next »