Network Visibility Module Collector Release Notes
This release note provides information for the Network Visibility Module (NVM) Collector. For details about installing and configuring the Network Visibility Module Collector, including its components, set up, validation of install, collection status, and basic troubleshooting, refer to the Network Visibility Module Collector Administration Guide.
Download the Latest Version of the NVM Collector
Before you begin
To download the latest version of Network Visibility Module Collector, you must be a registered user of Cisco.com and have a valid Cisco Secure Client Premier or APEX license.
Procedure
Step 1 |
Follow this link to the Cisco Secure Client product support page: http://www.cisco.com/en/US/products/ps10884/tsd_products_support_series_home.html |
Step 2 |
Log in to Cisco.com. |
Step 3 |
Click Download Software. |
Step 4 |
Expand the Latest Release folder and click the latest release, if it is not already selected. |
Step 5 |
Find the Network Visibility Module Collector package and click Download. |
Step 6 |
Read and accept the Cisco license agreement when prompted. |
Step 7 |
Select a local directory in which to save the downloads and click Save. |
Network Visibility Module Collector Package Filename
acnvmcollector-<version>.zip: Available in Linux only
Network Visibility Module Collector, Release 5.1.7.83
This Network Visibility Module Collector 5.1.783 release includes the following new feature:
-
Support for Process Tree Hierarchy—When enabled, a separate record is sent for each process in the hierarchy. The process records have a unique identifier (PUID) that is used to link between process records and flow records. Currently, this feature is only supported in desktop platforms (Windows--only x86 and x64, macOS, and Linux), although macOS requires approval before an application can access parts of the file system. Refer to the Network Visibility Module Profile Editor for configuration details for this feature, as well as how to set full disk access if using macOS.
Network Visibility Module Collector, Release 5.1.6.103
This Network Visibility Module Collector 5.1.6.103 release includes the following new feature and its known limitations:
mDTLS for Network Visibility Module—Allows you to send data securely to the Network Visibility Module Collector. With mDTLS, the Collector can also verify the Network Visibility Module Client's identity before the connection is established and data is received. Refer to Network Visibility Module, Profile Editor for additional information. The new feature has the following known issues:
-
CSCwm48552—NVM: Observed exporter is disabled and flows are not getting collected in mTLS setup
-
CSCwm53109—mTLS/DTLS is not working when using CA signed intermediate certificates for collector
-
CSCwm60665—mTLS connection fails when there is no matching criteria configured
Network Visibility Module Collector, Release 5.1.5.54
There are no new features in this release.
Network Visibility Module Collector, Release 5.1.4.67
This Network Visibility Module Collector 5.1.4.67 release includes the following new feature, and resolves the bugs listed in Network Visibility Module Collector, Release 5.1.4.67 Resolved Caveats :
-
OSquery data configuration—Allows endpoints to configure options related to the Osquery Data Template. Network Visibility Module uses Osquery to run queries and send output in JSON format.
Network Visibility Module Collector, Release 5.1.1.32
This Network Visibility Module Collector 5.1.1.32 release includes the following enhancements and support updates, and resolves the bug listed in Network Visibility Module Collector, Release 5.1.1.32 Resolved Caveats:
-
Added HTTP Host as an additional Collection Parameter for HTTP 1.1 flows from Windows clients running Network Visibility Module.
-
Extended the Collection Parameter Module Name List to include browser plugin information (name and version) for Chrome, Firefox, and MS Edge browser flows from Windows and macOS clients.
-
Known Issue—CSCwi48979: The HTTP Host field for macOS is reported as empty instead of providing the proper destination host name for HTTP traffic.
This issue was resolved with a new release of the agent in Cisco Secure Client, Version 5.1.2.42.
-
Known Issue—CSCwi49003: Network Visibility Module is not reporting the Safari Browser plugins for macOS.
This issue was resolved with a new release of the agent in Cisco Secure Client, Version 5.1.2.42.
System Requirements for Network Visibility Module Collector
This section identifies the management and endpoint requirements for this release. For endpoint operating system support and license requirements for each Cisco Secure Client feature, see the Cisco Secure Client Features, Licenses, and OSs.
Hardware and software requirements are as follows:
-
AnyConnect Release 4.7 or later
-
Cisco Secure Client NVM Profile Editor
-
If using VPN: Cisco Secure Firewall ASA, Version 9.5.2 or later, and Cisco Adaptive Security Device Manager (ASDM), Version 7.5.1 or later
-
Any device running a supported Linux operating system to use as the NVM Collector device (Collector can run on the same server as well)
If you run Network Visibility Module Collector on a separate Linux device, you should plan for 35-40K endpoints per device, using this general scaling:
-
CPU/memory sizing can be reduced
-
Disk input/output will not be applicable since logging is only being done for the Collector and Linux
-
50GB of disk space available to run the operating system and Collector components
Supported Linux Versions
-
9.x and 8.x
Ubuntu (64-bit)
-
24.04
-
22.04
-
20.04
CentOS (64-bit)
-
7.9
Network Visibility Module Collector, Release 5.1.4.67 Resolved Caveats
The Cisco Bug Search Tool has detailed information about the following resolved caveats in this release. A Cisco account is required to access the Bug Search Tool. If you do not have one, register at https://Cisco.com.
Resolved Caveats
Identifier |
Component |
Headline |
---|---|---|
CSCwi48979 |
nvm |
NVM HTTP Host support for Mac client |
CSCwi49003 |
nvm |
NVM is not reporting the Safari Browser Plugins for Mac |
Network Visibility Module Collector, Release 5.1.1.32 Resolved Caveats
The Cisco Bug Search Tool has detailed information about the following open and resolved caveats in this release. A Cisco account is required to access the Bug Search Tool. If you do not have one, register at https://Cisco.com.
Resolved
Identifier |
Component |
Headline |
---|---|---|
CSCwh35676 |
nvm |
ENH: Show the original NVM process and destination host when AnyConnect/Secure Client + SWG are active. |
Network Visibility Module Collector Licensing
For the latest end-user license agreement, see Cisco End User License Agreement, Cisco Secure Client.
For open source licensing acknowledgments, see Open Source in Cisco Products.
NVM Collector Support Policy
Cisco only provides fixes and enhancements based on the most recent 4.10.x version. TAC support is available to any customer with an active AnyConnect 4.10 (or later) term/contract running a released version. If you experience a problem with an out-of-date software version, you may be asked to validate whether the current maintenance release resolves your issue.
Related Documentation for Network Visibility Module Collector
Refer to the following documentation for additional resources:
-
Cisco Secure Client Administrator Guide, Release 5.x, Network Visibility Module chapter —a more detailed description of the Network Visibility Module and its associated profile editor and collection parameters
-
Cisco Network Visibility Solution Community Page —a Splunk guide for those using Cisco Endpoint Security Analytics (CESA)
-
CESA Built On Splunk Quickstart POV Kit and Deployment Guide— how users of Cisco Endpoint Security Analytics (CESA) can set up a proof of value or production deployment
-
Cisco Endpoint Security Analytics (CESA) Dashboard Overview and FAQ—what CESA users need to interpret the dashboard