Juniper STRM 2008.2 - RELEASE NOTES 10-2008, STRM 2008.2 Release Note

STRM RELEASE NOTES

RELEASE 2008.2

OCTOBER 2008--REVISION 2

Juniper Networks is pleased to introduce STRM 2008.2 R2. This release provides
you with several resolved issues.

This document includes:

• Technical Documentation

• Contacting Customer Support

• Supported Devices and OS Versions

• Supported Java and Browser Software

• Resolved Issues

• Known Issues and Limitations

Technical
Documentation

Contacting
Customer Support

You can access technical documentation, technical notes, and release notes
directly from the Juniper Customer Support web site at
https://www.juniper.net/suport. Once you access the Technical support web site,
locate the product and software release for which you require documentation.

Your comments are important to us. Please send your e-mail comments about this
guide or any of the Juniper Networks documentation to:

techpubs-comments@juniper.net. <mailto: techpubs-comments@juniper.net>

Include the following information with your comments:

• Document title

• Page number

To help you resolve any issues that you may encounter when installing or
maintaining STRM, you can contact Customer Support as follows:

• Open a support case using the Case Management link at
http://www.juniper.net/support

• Call 1-888-314-JTAC (from the United States, Canada, or Mexico)
or1-408-745-9500 (from elsewhere)

530-027292-01

2 STRM Release Notes

Supported Devices
and OS Versions

STRM 2008.2 R2 supports platforms from multiple vendors. Table 1-1 lists Juniper
Networks device families and operating systems that support NSM. The table
shows whether a device requires STRM to forward logs through NSM.

Table 1-1 Supported Juniper Networks Devices and OS Versions

Logs Sent

Logs Sent Directly to

Device Family OS

ISG with IDP 6.0, 6.1.0r2 No Yes

Firewall/VPN 6.0, 6.1.0r2 Yes Yes

Standalone IDP 4.1 Yes Yes

J-series 8.5, 9.0, 9.1,

9.2r1.10

Secure Access (SA) 6.2 Yes No

Infranet Controller
(IC)

EX-Series 9.1R2.10 Yes No

2.2 Yes No

STRM from Device

Yes No

Through NSM to
STRM

Note: For STRM to correctly process logs from SA and IC, the logs should be sent
from the devices in WELF format. To enable WELF format on the device: Under
System > Logs > Events > Settings, select the WELF filter for the syslog (STRM)
server entry in this table.

To parse logs from IC devices, the IC device needs to be manually added under
Sensor Devices.

Supported Java

STRM supports the following versions of Java and browsers:

and Browser
Software

• Java version 1.5 and later

• Internet Explorer version 7

• Firefox version 2.0

Resolved Issues This section describes the resolved issues in STRM 2008.2 R2:

Offense Now Includes Associated Events

Previously, if an event associated with an offense included a destination IP
address of 0.0.0.0, the event did not appear in the Offense interface summary or
Events list. This no longer occurs.

STRM Now Reports DDOS Attacks Correctly in the Interface

Previously, after the upgrade process, STRM failed to report DDOS attacks
accurately. This resulted in a significant increase in the number of recorded
offenses. This no longer occurs and the DDOS attacks are reported appropriately.

530-027292-01

Resolved Issues 3

Tomcat Server Now Restarts Properly After Upgrade Process

Previously, after upgrading your STRM system, the Tomcat server failed to restart.
This was due to a missing file for the netVigilance Secure Scout scanner in the
upgrade. This no longer occurs and the Tomcat server restarts properly.

NTP Settings Now Persisted After Upgrade

Previously, after you upgraded your STRM system, the NTP settings were not
persisted. This required you to reset your NTP settings using the web-based
system administration interface. This no longer occurs and NTP settings are
persisted after the upgrade process.

Identity Table Now Updated After Upgrade

Previously, after the upgrade process, the identity table was no longer updated.
This may have caused DSMs to no longer function. This no longer occurs and the
identity table is updated after the upgrade process.

Upgrade Process No Longer Fails for Deployments with Encrypted Tunnels

Previously, if your deployment included encryption tunnels, the upgrade process
failed. This no longer occurs.

STRM No Longer Displays FlowViews Error After Upgrade

Previously, after the upgrade process, the following error appeared:

initializing FlowViews

. This error was caused by an additional line in the

Error

application configuration file that resulted in the FlowViews not being initialized.
This no longer occurs.

Applying Multiple Patches No Longer Corrupts Configuration File

Previously, if you installed multiple patches and enforced the changes (Host
Context component should restart automatically), the STRM configuration file was
corrupted. This caused a disruption in service. This no longer occurs and installing
multiple patches no longer corrupts the system.

STRM Now Able To Effectively Process Events for Large Number of Sensor
Devices.

Previously, if your deployment consisted of a large number of Sensor Devices,
your STRM system experienced reduced performance when events were
processed. This no longer occurs.

During a Restart, an Error No Longer Appears Regarding the Tomcat Server

Any changes to STRM using the web-based system administration interface
requires the Tomcat server to restart. This server may take 1 to 2 minutes to
restart. Previously, if you attempted to access the STRM interface during the
restart, a fatal error message appeared. This no longer occurs.

530-027292-01