Documentation forSecurity Event Manager

Apply a SEM connector update package

This section describes different options for updating SEM connectors.

On the SEM Console Settings page, you can enable automatic updates for SEM connectors.

  1. Ensure that the following URL is whitelisted from the SEM server in your proxy or firewall:

    downloads.solarwinds.com

  2. On the SEM console toolbar, click Settings.

  1. On the Settings page, click the Updates tab in the left column.

  2. In the Connector Updates section, click the toggle button to allow automatic updates.

  3. Click Save.

Update SEM connectors manually using the CMC interface

Customer Support occasionally provides stand-alone connector updates to address unmatched data alerts in your environment. These need to be applied manually.

  1. Log in to the SolarWinds Customer Portal.
  2. Click Downloads > Download Product.
  3. Click the Products drop-down menu and select Security Event manager (SEM).
  4. Click the Licenses drop-down menu and select your license tier.

  5. Scroll down to Upgrade Downloads and locate Latest Connector Update Package.

  6. Click Download to download the package.

  7. When prompted, read the information in the window, and then click Finish Download.

  8. Prepare the update package:
    1. Extract the update package from the ZIP file, and then open the LEM folder.
    2. Copy the LEM folder to the root of a network share. For example: C:\share\SEM\.

  9. Open the CMC command line.

    See Log in to the SEM CMC command line interface for directions.

  10. At the cmc> prompt, enter manager.
  11. At the cmc::manager> prompt, enter sensortoolupgrade.
  12. To start the upgrade process, press Enter.
  13. To indicate that the update is located on the network, enter n.
  14. To continue, press Enter.
  15. Enter the path to the network share where the update package is located. Specify the path using the following UNC format: \\server\volume
  16. To confirm your entry, enter y.
  17. Enter the domain and user name for a user that can access the share. Use the following format: domain\user.
  18. To confirm your entry, enter y.
  19. Enter the password for the user.
    Re-enter the password to confirm your entry.

  20. To start the update, enter 1.

    The update will take several minutes.

    Verify that the configured connectors restart after they are updated by watching for InternalToolOnline alerts in the default SolarWinds Alerts filter on the SEM Console.

  21. After the update is finished, type exit twice to exit the CMC interface.

Troubleshooting SEM connector upgrades

During the update process, the update script restarts all configured SEM connectors. In most cases, restarted connectors trigger one offline and one online alert in your SEM console.

An InternalWarning alert may appear, indicating that a connector started at the beginning of the corresponding log file. This alert may be caused by:

  • An unnecessary connector. For example, you could have an NT DNS connector configured on a server that is not running the DNS service.
  • A misconfigured connector. For example, you could have a connector pointing to the wrong location for the requisite log file.
  • The device associated with the connector rotated its logs while the connector was offline.

Below is the event information for the InternalWarning alert. 

            EventInfo: -1:Start location was -1. Init set to 'newest' record, record info: 1 - 193 (101 - 293) @ -1. InsertionIP: lab-vm-exc10.lab.exc Manager: sem DetectionIP: 10.0.0.1 InsertionTime: 11:51:04 Thu Jun 16 2016 DetectionTime: 11:51:04 Thu Jun 16 2016 Severity: 2 ToolAlias: NT DNS InferenceRule: ProviderSID: FASTCenter normal error ExtraneousInfo: Component: FASTCenter:NT DNS Description: -1:Start location was -1. Init set to 'newest' record, record info: 1 - 193 (101 - 293) @ -1. Detail: StackTrace: