CISCO v7.3.2 Stealth Watch Flow Collector sFlow User Guide

Stealthwatch Flow Collector sFlow
Update Patch v7.3.2

This document provides a description of the patch and installation procedure for the Stealthwatch Flow Collector sFlow appliance v7.3.2.
**** There are no prerequisites for this patch, but make sure you review Before You Begin before you get started.

Patch Description

This patch, patch-fcsf-ROLLUP010-7.3.2-01.swu, includes the following fix:

**** Previous fixes included in this patch are described in Previous Fixes.

Before You Begin

When the v7.3.2 FCSF Rollup005 patch was created, it included SWD-15921, which affected the persistent-ids.conf file.
For v7.3.2 FCSF rollup patches beginning with Rollup005 through Rollup008, we’re recommending that you create the .persistent-id-cleared file to avoid rebuilding the persistent-ids.conf file unnecessarily. Rebuilding the persistent-ids.conf file, and the query it generates, can be particularly time-consuming. It can take up to 60 minutes of downtime while the system rebuilds the persistent-ids.conf file.
Determine the last patch installed
To determine the last rollup patch installed, do the following:

1. Log in to the appliance console as root.
2. Type the following command: cat /lancope/info/patch
3. Press Enter to view the last rollup patch installed on the appliance.

If the last rollup patch you installed on the appliance was patch-fcsf- ROLLUP0047.3.2-01.swu or earlier, you can proceed with downloading and installing the latest patch, patch-fcsf-ROLLUP010-7.3.2-01.swu. Continue to Download and Installation.
Create the .persistent-id-cleared file
If the last rollup patch you installed was any shown in this table:
Patch Filename
patch-fcsf-ROLLUP005-7.3.2-01.swu
patch-fcsf-ROLLUP006-7.3.2-01.swu
patch-fcsf-ROLLUP007-7.3.2-01.swu
patch-fcsf-ROLLUP008-7.3.2-01.swu
then, do the following:

1. Log in to the appliance console as root (if not already logged in).
2. Type the following command: touch /lancope/var/sw/.persistent-id-cleared
3. Press Enter.
4. Continue to Download and Installation.

**** The touch command only creates the .persistent-id-cleared file if the file doesn’t already exist.

Download and Installation

Download
To download the patch update file, complete the following steps:

1. Log in to Cisco Software Central, https://software.cisco.com.
2. In the Download and Upgrade area, choose Access downloads.
3. Type Secure Network Analytics in the Select a Product search box.
4. Choose the appliance model from the drop-down list, then press Enter.
5. Under Select a Software Type, choose Secure Network Analytics Patches.
6. Choose 7.3.2 from the Latest Releases area to locate the patch.
7. Download the patch update file, patch-fcsf-ROLLUP010-7.3.2-01.swu, and save it to your preferred location.

Installation
To install the patch update file, complete the following steps:

1. Log in to the Manager.
2. Click the (Global Settings) icon, then choose Central Management.
3. Click Update Manager.
4. On the Update Manager page, click Upload, and then open the saved patch update file, patch-fcsf-ROLLUP010-7.3.2-01.swu.
5. Choose the Actions menu for the appliance, then choose Install Update.

**** The patch stops the Flow Collector engine, then restarts the appliance.

Previous Fixes

The following items are previous defect fixes included in this patch:

mishandled.
LVA-2683| Fixed an issue where single quotes in agent version were mishandled.
LVA-2811| Updated Apache Log4J 2 to v2.15.
SWD-15921| Fixed an issue where RFD of FC was causing duplicate flow ID and security event IDs in CDS.
SWD-16314| Fixed an issue where Flow Search for sFlow at the exporter level wasn’t returning any results. (LSQ-5508)
SWD-16368| Fixed an issue where CDS needed to support the Interface Service Traffic.
SWD-16378| Fixed an issue where System Alarms for DNode(s) on Dashboard and Reports did not reflect the real issue.
SWD-16576| Fixed an issue where a default Top Conversations query on CDS was failing for order-by flows.
SWD-16828| Fixed an issue where Interface Top Reports were showing incorrect results. Rows (all data) were missing when searching for specific hosts or hostgroups, and client or server.
SWD-17143| Fixed an issue where the flow query’s unidirectional filter SQL was incorrect.
SWD-17409| Fixed an issue where the Follow Collector agent (fc-core) could have hung when it sent the unsupported messages to the engine.
SWD-17555| Fixed an issue where the Follow Collector patch installation required to reset persistent-ids.conf just one time.
SWONE-14903| Fixed an issue by increasing the default memory allocation for svc-db-ingest to 128 MB.
SWONE-17176| Fixed an issue where alarms should not be sent for grouppair baseline and host_baseline skew.

Contacting Support

If you need technical support, please do one of the following:

• Contact your local Cisco Partner
• Contact Cisco Support
  • To open a case by web: http://www.cisco.com/c/en/us/support/index.html
  • To open a case by email: tac@cisco.com
  • For phone support: 1-800-553-2447 (U.S.)
  • For worldwide support numbers: www.cisco.com/en/US/partner/support/tsd_cisco_worldwide_contacts.html

Copyright Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third- party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 2022 Cisco Systems, Inc. and/or its affiliates.
All rights reserved.

References

• Support - Cisco Support and Downloads – Documentation, Tools, Cases - Cisco
• Cisco
• Cisco
• Cisco Software Central
• Cisco Software Central
• Cisco Trademarks - Cisco

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>