SEM 6.7.1 Release Notes
Release date: May 23, 2019
This document summarizes new features, improvements, and fixed issues in Security Event Manager (SEM) 6.7 (formerly Log and Event Manager), additional features, and upgrade notes and workarounds for known issues.
New in SEM 6.7
SEM continues the transition from Flash-based software to HTML5 by adding the following features to the SEM Events Console:
- Configure File Integrity Monitoring (FIM) to monitor files, folders, and registry keys
- Create custom rules
- Add and remove agents from connector profiles
- Filter and export search results to a CSV file
- Log in using the Setup Wizard
- Manage SEM licenses
Configure FIM to monitor files, folders, and registry keys
In the SEM Events Console, you can add a FIM connector to a node, and then add registry, file, and directory conditions to help detect changes to critical files and ensure systems have not been compromised.
Create custom rules
With SEM 6.7, you can establish rule conditions and actions to quickly identify and respond to key events and activity in your network environment. On the Rules tab, select and drag one or more default values into the rule definition builder, select operators and conditions, and then apply pre-defined actions to react when existing rule conditions are met.
Add and remove agents from connector profiles
Use a connector profile to group agents that share the same connector configuration. You can use the profile to configure a set of standardized connector settings, and then apply those settings to all agents assigned to that profile. Once applied, every agent in the profile will have the same connector settings. To add or remove an agent from a connector profile, navigate to the Manage Nodes page in the SEM Events Console.
Filter and export search results to a CSV file
Filter and export your search results to a CSV file from the SEM Events Console. Use CSV files to attach search results to a help ticket, share with members of your team, archive data for historical reference, and more.
Log in using the Setup Wizard
The SEM Setup Wizard provides a convenient way to get started once SEM is installed and configured in your environment. Upon initial login, the wizard prompts you to add your user information, accept the licensing agreement, and then enter and confirm your contact information.
Manage SEM licenses
On the SEM Events Console Settings page, administrators can view, upgrade, activate, and deactivate a SEM license.
Deploy SEM to Amazon Web Services (AWS)
With version 6.7 and later, you can deploy SEM to Amazon Web Services (AWS). To get started, contact your SolarWinds Sales or Customer Support representative to request access to SEM on AWS.
Additional features and improvements
Remote database (L4) configuration
Configuring the SEM Events Console with a remote database limits available console functionality. You can still search, filter, and monitor live events, but historical records and event details are not accessible. In this instance, a remote database notification appears in the top-right of the console reminding you of the limited functionality.
SEM Debian version upgrade
Debian version 9.5 (codename stretch) is currently installed on SEM 6.4 and later. This version eliminates the 2TB data storage restriction applicable to previous SEM releases, and significantly reduces potential security risks and vulnerabilities.
Exceeding the previous 2TB limit requires a fresh deployment based off the new OVA template. Please contact SolarWinds support for assistance with migrating your data and settings.
SEM SMB version support
SEM 6.7 currently supports all versions of Microsoft Windows SMB.
End of life, end of support, and deprecation notices
End of life
|Eol effective dates|
|6.3.1||May 23, 2019: End-of-Life (EoL) announcement – Customers on SEM version 6.3.1 should begin transitioning to the latest version of SEM.||August 21, 2019: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 6.3.1 will no longer be actively supported by SolarWinds.||August 21, 2020: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 6.3.1.|
End of support
SEM 6.7 is the last version that will support Adobe Air. Customers using Adobe Air should transition to the SEM web console before the next release.
New customer installation
For information about installing SEM, see the SolarWinds Security Event Manager Installation Guide and the SolarWinds Security Event Manager Getting Started Guide.
How to upgrade
If you are upgrading from a previous version, use the following resources to plan and implement your upgrade:
Use the SEM Upgrade Guide to help you plan and execute your upgrade.
Download the upgrade package from the SolarWinds Customer Portal.
SEM agent versions 6.7 and newer no longer include Java Virtual Machine (JVM) or Oracle Java Runtime Environment (JRE). If needed, install Oracle JRE when installing agents in your network environment. SEM still includes OpenJDK JRE.
In SEM 6.7, FIM is not fully compatible with previous SEM agent versions (6.6 and older). SolarWinds recommends that you upgrade agents to version 6.7.
In new installations of SEM (6.7 and newer), corresponding agent versions communicate by default using a secure certificate, which no longer requires TLS 1.0, 3DES, or anonymous cipher. If you need to connect to earlier agent versions, navigate to the LEM Events Console security tab (Settings > Security), and switch the toggle button to enable lower security settings.
If you are using multimanager, SEM Managers are disconnected after the upgrade to 6.4 and newer. To reconnect, set multimanagerconfig to True (enabled). Clear your Flex cache (F12 hotkey) to see the change.
File system consistency check (fsck)
During your upgrade, the system may run a fsck check during reboot. This can last 30 or more minutes depending on the quantity of data in the data partition. With the Debian version upgrade, the file system is configured to initiate the check when certain conditions are met:
- 21 mounts since the last check (during the 22nd reboot)
- Six months since the last check
Oracle Solaris Agent upgrades
Beginning with version 6.3, SEM supports the 64-bit Java 8 Runtime Environment (JRE). Since Oracle did not release a 32-bit version of Java for Solaris, you must manually upgrade the agents running on these systems.
To upgrade your 32-bit Solaris SPARC and Solaris Intel agents, download the Solaris SPARC Agent and Solaris Intel Agent installers from the Customer Portal and run these installers on your Solaris systems. In a future release, the SEM console will support updates for 64-bit Solaris agents when they are available.
SEM Agent installers
Oracle intends to discontinue support for their 32-bit Java Runtime Environment (JRE). Therefore, SolarWinds will no longer provide 32-bit SEM Agent installers for future SEM releases. Since IBM and HP provide their own customized Java implementations, this may impact their JRE support as well.
Find SEM connector information on Thwack.
SEM 6.7 fixes the following issues:
|N/A||Admin user can't enable/disable the legacy TLS1.0/3DES/anonymous cipher.|
|N/A||There is no default filter for the InternalNewToolData event.|
|N/A||SEM is running out of direct memory on LEM manager when there are lot of agents.|
|N/A||The Emergency Threat certificate is not updated.|
|N/A||cli-client.log contains DEBUG logging which may contain sensitive data.|
|N/A||LEM port 37890 is using an anonymous cipher with 3DES which doesn't contain server side authentication (certificate).|
|N/A||The Scan for New Nodes feature is returning false positives.|
|N/A||Agent is not Connected but the FIM Driver status is still in running status.|
|N/A||Agent updated from 6.6 stays in installed programs on Windows after uninstall.|
|N/A||When creating a template with the name Default monitor, the name does not display in the UI.|
|N/A||Cannot change operand via drag and drop when creating filters.|
|N/A||Open on new tab (middle mouse button) is not working on menu or in settings links to AdminUI.|
|N/A||If session expires, the user is always re-logged in to monitor instead of last page visited.|
|N/A||MSSQL Profiler template for SQL 2016 is only showing up as a 2014 template.|
|N/A||When a connector is deleted and then edited, there is a Save button available which causes an exception if clicked.|
|N/A||When a user adds a connector and the connection with agent timeouts, the connector is saved to the database anyway. A user then can click the Add button again and action fails with existing connector error.|
|N/A||When running the CMC command exportcert, the wrong cert is returned when other than a self-signed cert is used.|
|N/A||Reload button on error page does not reload data.|
|N/A||Changing timezone using the Blue screen doesn't restart services.|
|N/A||It is possible to run commands on a deleted node.|
|N/A||Nodes: IP address sort does not sort correctly.|
Additional known issues
Issue: After creating new rules with the SEM console Add Rules wizard, some rules (typically incomplete rules) are not enabled by default.
Workaround: Review your rules created by the wizard to identify disabled rules, and then manually enable the rule. If this fails, edit and save the rule, and then manually enable the rule.
This only applies to rules created in the Flash-based SEM console, not the HTML5 SEM Events Console.
Issue: After upgrading SEM 6.3.1.hf7 to 184.108.40.2060, the blue screen incorrectly indicates that no IP address is assigned when connected directly from a Hyper-V or vSphere window.
Workaround: To find the IP address:
- Open your hypervisor and connect to the SEM VM:
- For VMware vSphere, click the Console tab, select Advanced Configuration on the main console screen, and then press Enter to access the command prompt.
- For Hyper-V, click Action > Connect, and then click the Console tab.
- Use the arrow keys to navigate to Advanced Configuration, and then press Enter.
The CMC menu appears with a cmc> prompt.
- If the machine has an assigned IP address, you can find it in the menu next to the admin option.
Issue: When users log in to SEM using HTTPS in Google Chrome or Mozilla Firefox, and then open a new browser tab and attempt to log in via HTTP, the login fails.
Workaround: None. This a known issue with the latest SEM console version and only occurs per browser session.
Issue: A new default filter, New Unmatched Connector Data, is included with this release to watch the to watch for InternalNewToolData events. This is only available for a newly created user.
Workaround: Current users can create a new filter to watch for InternalNewToolData events.
Issue: Agent service is not started when the Linux agent (SolarWinds-SEM-6.7.0-Agent-LinuxInstaller-NoVM.bin) is installed with system Java (this happens only for No-VM installers).
Workaround: Start the SEM agent manually after installation.
Issue: The agent installer does not support Windows 2019.
Workaround: Use the remote agent installer.
© 2019 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.