Reporter for SonicWall Release Notes

Reporter for SonicWall 2.0.1.58 (2022-02-18)

Security fix: Added extra mitigations to prevent javascript embedded in log data (such as script tags in URL query strings) from executing when viewing the log data within Fastvue Reporter’s web interface.

Reporter for SonicWall 2.0.1.57 (2021-12-22)

Added mitigations for log4j “Log4Shell” vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-44228). Fastvue Reporter now starts Elasticsearch with the JVM property that mitigates the vulnerability in Elasticsearch 5.6.14 (the version that Fastvue Reporter uses).

Unfortunately, we cannot easily update Elasticsearch or its Log4j version at this time, so Fastvue Reporter may still trigger vulnerability scanners.

Please see our article on further mitigation steps and latest updates: How to mitigate the Log4j vulnerability on your Fastvue Reporter server.
Fixed issue introduced in v2.0.1.56 (2021-11-24) where the Action for a majority of data was set to ‘Other’ instead of ‘Allowed’.
Fixed Security Group filtering for users with a different sAMAccountName to the user portion of their User Principal Name in Active Directory (e.g. sAMAccountName = testuser but UPN = testuser2@domain.com)
Fixed issue where the YouTube Videos widget showed a blank row with ‘unknown video’ thumbnail image when exported to PDF.
Adjusted the SMA 1000 series parser to allow ‘username’ to be used as a session ID if a session ID is not logged.

Reporter for SonicWall 2.0.1.56 (2021-11-24)

Added support for new Message IDs added in SonicOS 7. The Event Message, Event Message Detail, and Event Category fields are now populated appropriately based on the Message ID in the logs as per SonicWall’s Log Event Reference Guide.
Fixed the ‘Test YouTube Integration’ feature in Settings | YouTube to test a range of video IDs in case a test video is removed. This fixes the ‘Object reference not set to an instance of an object’ error that you may have seen if you used the Test YouTube Integration feature.
Added a success message to the main Settings | YouTube page if the integration is working.
Charts updated to include two more colours (yellow and purple) also moved orange and light blue around in the order.

Reporter for SonicWall 2.0.1.55 (2021-10-21)

Fixed issues receiving syslog when using IPv6 addresses.
Reduced extra CPU and RAM usage introduced in 2.0.1.54 when improving the performance of loading UI resources and API requests.

Reporter for SonicWall 2.0.1.54 (2021-10-13)

The YouTube Videos section in reports now links to the video’s watch URL in the Video Thumbnails and Video Title columns.
Exporting the YouTube Videos section to CSV now includes the video’s watch URL and excludes the Thumbnail.
Improved the performance of loading UI resources and API requests.
Removed ‘SSO Probe Failed’ events from appearing in the Failed VPN Logins widget.

Reporter for SonicWall 2.0.1.53 (2021-09-28)

Fixed a rare deadlock issue that may cause the Fastvue Reporter service to lockup, and the front-end user interface to load very slowly or timeout.
Fixed issues where the data outside of the retention policy may not be deleted.
Folder paths added to the Windows registry are now quote qualified, resolving ‘unquoted service path enumeration vulnerability’ issues.
Removed the ability to change the Data Storage path in Settings | Data Storage, as doing so would cause the user interface to be unresponsive until all data had moved to the new location. This was a poor user experience and had the potential to cause further issues if the server is rebooted during the data move, potentially corrupting data. You can still change the Data Storage location, but this must be done manually. See our knowledge base article: Changing Fastvue Reporter’s Data Location.

Reporter for SonicWall 2.0.1.52 (2021-09-14)

Added YouTube integration. When configured, all YouTube URLs detected during import will be looked up using the YouTube API to retrieve the video title, category, channel and thumbnail image. This information is then presented in the Safeguarding | YouTube Videos section within Overview Reports. A Google API key is required. See our article Configuring YouTube integration to retrieve video titles, categories and channels.

VPN widgets now populate when running in ‘Demo Mode’
Improved search term extraction to exclude non-search data from certain domains.
Historical log import and file system sources have better exception handling for non-supported zip file formats.

Reporter for SonicWall 2.0.1.51 (2021-08-17)

Fixed issue introduced in build 2.0.1.49 where users only get associated with one Security Group, causing issues filtering reports by Security Groups.
You can now add LDAP and Email servers with no authentication details (fixes issue introduced in build 2.0.0.50)
Fixed issue in Settings | Sources where the issue “Unable to read data from the transport connection” could repeatedly appear.
Improved the display of expired license keys in Settings | Licensing.

Reporter for SonicWall 2.0.1.50 (2021-07-26)

Fixed a critical security vulnerability where anyone with access to the Fastvue Reporter site could potentially exfiltrate the credentials specified for connecting to your email server, LDAP server, or proxy server.

Please update your Fastvue Reporter software immediately, and change the password associated with the credentials specified in Settings | Email, Settings | Proxy Server and any specified LDAP server in Settings | Directory / LDAP (you’re not affected if you’re using the ‘Default Domain Controller’ option).

Also, make sure authentication and authorization is configured for the Fastvue Reporter site so that only the required people have access to the site. To do this, see our KB article: How do I secure the Fastvue Reporter interface with login credentials.

Thank you to security researcher, Sina Kheirkhah (LinkedIn, Twitter), for reporting the vulnerability.
Improved memory usage
Fixed issue extracting VPN start events from SonicWall SMA 1000 series log data.
Fastvue Reporter now merges VPN sessions for the same user where the start time is +- 1 minute from each other. This is in an effort to remove duplicated VPN sessions where SonicWall sends more than one VPN disconnection event with the second event having a slightly different duration.
When the Memory Settings in Settings | Diagnostic | Database are set to ‘Automatic’, the JVM Xms (initial heap size) now scales from 256MB to 2GB depending on total physical RAM.
Fixed issue preventing the ‘no syslog data received’ alert from triggering. To configure this alert see our KB article: How to setup email notifications when syslog data is not received.

Reporter for SonicWall 2.0.1.49 (2021-06-22)

Reduced the impact of syslog data import on system performance.
Improved the raw loading speed of log data into the Elasticsearch database.
Now shows VPN sessions from the SonicWall SMA 100 series when a NetExtender disconnection occurs without an explicit logout event.
Improved search term extraction.