3.4 Release notes

What's new in this release?

Unomaly 3.4 was released on May 22, 2019. Last updated on June 13, 2019.

Explore Workflows in your data

This release brings you Workflows, a new page where you can explore log events that frequently happen in a sequence. These sequences may help you to understand what your systems are regularly doing and give more context to investigate anomalies.

To access the Workflows page, enable the feature in Settings > Experimental. See more in "Exploring system activities".

Compare systems

Compare systems allows users to visually compare the profiles between two systems, A (purple) and B (green).

Check the boxes or click the parts of the Venn diagram to select the different combinations to show. The default result set is the union of the log events happening on A and B. You can also use free text search and select different time ranges to narrow the result set further. See more in "Exploring system activities".

Exclude for all filtering options

This release expands the capabilities of exclude filtering to all filtering option types (in a 3.3.7, exclude was only available for systems). This means that when you select "exclude" from the filtering options on Situations, Anomalies, and Event profiles, you can then apply it to the relevant filters for the page. See more in "Filter and create views to save workflows".

Adjust threshold for merging events

Because the tokenizer is aggressive in splitting the types of log events, it may produce a large number of tokens. This means that for certain types of environments, Unomaly can be slow to merge event types into profiles during learning.

In this release, you can adjust the sensitivity for merging similar events by choosing from thresholds: Low, Medium, or High in Settings > General > Sensitivity. By lowering the sensitivity threshold, you may reduce the number of parameter anomalies that Unomaly detects, but improve Unomaly's anomaly detection and performance speed.

System settings and profiles

Systems components have a different look in this release. Systems in lists are represented by dark grey boxes when they are active. If you select to show disabled systems in the lists, they will appear as light grey split boxes.

Also, hovering over a system will display the system menu.

  • Add to Search to add the selected system to current search parameters.
  • View Profiles to see the event profiles for the selected system. This action will take you to the Explore > Event profiles page.
  • Edit... to edit the settings for the selected system.

Important changes to network settings

We made the following changes to the network and communication settings in Unomaly:

  • The internal firewall (ufw) has been disabled. We recommend that you protect your instances with an external firewall from now on.
  • The internal proxy running on the Unomaly instance has moved into a container. To configure a custom client certificate for your instance, follow the steps in this article "Using a custom web server certificate" in the Unomaly Knowledgebase.
Open ports on a Unomaly installation
Protocol/Port Service
TCP/22 SSH
TCP/80 HTTP
TCP/443 HTTPS
TCP/514 Syslog
TCP/5514 Syslog-forwarder

Changelogs

These are the fixes and updates to Unomaly 3.4 versions.

3.4.5

June 13, 2019

Unomaly 3.4.5 includes the following changes:

  • Fix issue when downloading an upgrade could cause a connection aborted error.
  • Fix issue where a fresh installation can fail because of an invalid version.
  • Fix issue where the console setup could not read the license IP.

3.4.4

June 12, 2019

Unomaly 3.4.4 includes the following changes:

  • Added a page to list existing Transforms, which users can access using the top-right menu. When creating transforms, you can name the transform and add a description. The order in which you choose anchors and merge points when creating transforms has been swapped. See "Experimental transforms".
  • Ingestion API now validates log messages sent to it via the HTTP API. Invalid messages will be rejected with HTTP 400 and will not be analyzed by Unomaly. Customers using the Unomaly plugins for Logstash and Fluentd to forward logs to Unomaly are required to update these plugins. The version to use for the Unomaly Logstash plugin is 0.1.4 and the version to use for the Unomaly Graylog plugin is 0.1.8. See Unomaly plugin for Logstash and Unomaly plugin for Fluentd.

Additional changes:

  • Fixed issue where user plugins couldn't be tested.
  • Fail installation when upgrading from an unsupported older version.
  • Old license versions containing static IP information will pass validation even if it does not match host IP.
  • It is now visualized if anomalies were affected by transforms.
  • Fix problem ingesting syslog messages via udp.
  • Layout fix on Workflows page in Firefox.
  • LDAP authentication: added configuration tip to default role field.
  • Selecting text on an anomaly/situation list would expand/collapse the row, which caused unpredictable behaviour. Therefore, adding a check if text was selected and not expand/collapse rows.

3.4.3

June 5, 2019

Unomaly 3.4.3 includes the following changes:

  • Fixed issue where removing temporary systemd units could fail.
  • Updated system components and system menu to add system to current to search parameters.
  • Disabled the internal firewall (ufw).
  • Fixed bug preventing backup restore from working.
  • Fixed issue where credentials were shown in clear-text for LDAP authentication when using tracing.
  • Fixed issues with usernames having duplicated domain in web interface for LDAP accounts.
  • Limit the maximum number of workflows to 100 for the workflow view.
  • Removed showing knowns from the workflow page due to performance reasons.
  • Added new diagnose service for creating techdumps.

3.4

May 22, 2019

Unomaly 3.4 includes the following changes:

  • Filtering conditions now persist when you switch between pages that have the filter bar (Situations, Anomalies, and Event profiles).
  • syslog-ng config has moved inside the container it's running from and changing the configuration now requires you to edit the files in the volume instead of on the host.
  • Database migration that adds column for future system compare feature.
  • Abbreviate the occurrence count of profiles in the events profile page because they were sometimes cut off.
  • Fixed handling of features toggles so that the setting in the UI correctly overrides manual settings in the .env files.
  • Prep work to allow transforms to be applied multiple times to the same log event.
  • Changed LDAP to reduce noise in the logs.