Documentation forSecurity Event Manager

LEM 6.3.0 release notes

These release notes describe the new features, improvements, and fixed issues in this release. They also provide information about upgrades and describe work-arounds for known issues.

New features and improvements

Read this section for descriptions of the new features and improvements LEM offers in this release.

Single sign-on

Single sign-on (SSO) allows you to enforce user access to the LEM appliance using one set of credentials. When you set up SSO in your deployment, you can enable the LEM appliance to use Lightweight Directory Access Protocol (LDAP) Kerberos-based authentication credentials to access your Microsoft Active Directory database and control user access to LEM roles and database reports.

Admin user interface

The new Admin user interface assists you with configuring your SSO and LDAP configuration settings on your LEM appliance. You can configure and manage your SSO connection, set up a new LDAP configuration, enable or disable user access to the console, and download your keytab file to the LEM Manager.

You can also access the user interface from the admin menu in the CMC management console. This interface uses a text browser to help you set up your SSO configuration.

Updated CMC management console

The CMC Management Console includes an updated top-level menu with a new look and feel and new commands that help you enhance your LEM deployment.

Open the Admin UI in a text browser

The new admin command in the main menu opens the Admin user interface in a text browser. This process allows you to configure your SSO and LDAP configuration without a web browser.

Import a keytab file

The new import command in the main menu lets you import a keytab file into the manager if you are setting up SSO through the cmc. After the import you can then use that reference that file when setting up SSO through the cmc.

Set up SNMP monitoring on the Orion Web Console

The service menu now includes the snmp command to enable the SNMP Request Service on the LEM appliance. You can configure SNMP version 3 on your LEM appliance to communicate with SolarWinds Network Performance Monitor (NPM) through ports 161 and 162. This configuration allows you to monitor CPU, memory, and other critical components from the SolarWinds Orion Web Console.

After you enable the service, you can set up a managed SNMP node on your Orion Web Console to monitor your LEM appliance using an SNMP polling method you configure in the Orion Web Console.

Create a disk usage warning when reaching certain set values

The appliance menu now includes the diskusageconfig command. Use this command to set up an event in the Monitor view that warns you when the partition reaches a predetermined use limit.

Below is an example of the diskusageconfig command.

cmc::appliance > diskusageconfig
Current Disk Usage Configuration:
# | Partition (filesystem) | Configured limit
================================================
1 |LEM (/user/local)  |90%
2 |OS (/)|90%
3 |Logs/Data (/var/) |10G 
4 |Temp (/tmp)|90%
------------------------------------------------
You can define your disk use limit by the percentage of unavailable disk space (such as 75%) or the amount of free disk space (such as 58G). Enter the partition number you want to change (enter'exit' and press <Enter> to quit:

The disk use limit can be set a percentage of unavailable disk space (such as 75%) or the amount of free disk space (such as 58G). When the limit is reached, an InternalWarning event displays in the Monitor view.

For example, when you set the OS disk partition limit to 40%, an event displays in the All Events grid and SolarWinds Alerts when the limit is reached.

ManageMonitor Warning! Disk Usage: The OS filesystem is over 40% full!

If you set the OS disk partition limit to 2GB, an event displays in the All Events grid and SolarWinds alerts when the limit is reached.

ManageMonitor Warning! Disk Usage: The OS filesystem has under 2G left!

When you set the Logs/Data partition (3), a message displays prompting you to consider changing the database disk configuration using the dbdiskconfig command. SolarWinds recommends setting the Logs/Data partition and the database disk configuration to the same value.

Monitor multiple managers in the console

The multimanagerconfig command enables the multimanager so you can connect to multiple managers in the console.

If you enable multimanager, some security scanners may generate security warnings about your appliance for crossdomain. If this feature is not required, keep it disabled.

Other improvements

  • "What's New" widget in the Ops Center describes new features and improvements in this release.
  • Oracle Java version 8 provides security enhancements and improved agent integration with systems running Microsoft® Windows® 10.

New customer installation

For information about installing LEM, see the SolarWinds Log & Event Manager 6.3.0 Quick Start and Deployment Guide.

How to upgrade

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade:

  • Use the LEM Upgrade Guide to help you plan and execute your upgrade.
  • When you are ready, download the upgrade package from the SolarWinds Customer Portal.

If you are using multimanager, LEM Managers are disconnected after the upgrade to 6.3.0. To reconnect, setcrossdomainconfig to True (enabled). Your Flex cache must be cleared (F12 hotkey) to see the change.

Fixed issues

LEM 6.3.0 fixes the following issues:

case number Description
840408
839963
864103
880401
The Event Details pane in the Monitor view now displays accurate information in the InsertionIP and DetectionIP fields to improve search results.
756763
785994
875682
877194
886729
LEM is now running Apache Tomcat® version 8 for improved security.
744453 Running BlazeDS in a LEM environment no longer generates "out of memory" messages.
828868 An issue with the Rapid7 Nexpose Connector was resolved.
828868 An issue with the Rapid7 Nexpose Reader was resolved.
849537 Rules that include a SourceMACaddress correlation condition will now fire properly.
850931
852523
882875
929871
933431
For improved security, LEM no longer supports the Transport Layer Security version 1 (TLSv1) cryptography.
861621 An issue with the Microsoft SQL (MSSQL) Auditor connector was resolved.
865152 LEM will no longer lose its connection to the syslog server when you upgrade to version 6.2.0 and change the host name.
868246
865352
Installing an AIX agent no longer generates errors or installation issues.
871908 To meet the U.S. Department of Defense requirements, LEM now generates an alert when the LEM appliance hard drive capacity reaches 75%.
828273 The LEM Console login screen no longer fills unpopulated username and password fields with asterisks (******).
890851
969439
An issue with an agent detecting its own IP address was resolved. The agent can properly connect to the manager appliance.
910494
909992
918736
923329
924007
An issue with the HyperSQL database was resolved.
N/A CVE-2015-3195 - OpenSSL sensitive information leakage
N/A CVE-2015-3197 - Possible to use disabled ciphers
N/A CVE-2015-3269 - BlazeDS XXE
N/A CVE-2015-7547 - Critical vulnerability of glibc
N/A CVE-2016-0703 - Bleichenbacher RSA padding oracle
N/A CVE-2016-0777 - OpenSSH sensitive information leakage
N/A CVE-2016-0778 - OpenSSH DoS/buffer overflow
N/A Java/RMI deserialization vulnerability
N/A CVE-2015-7575, CVE-2015-4835, CVE-2016-0686 - Oracle Java SE Multiple Vulnerabilities
N/A SSH Weak Algorithms Supported
N/A CVE-2015-4000 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
N/A CVE-2015-5174 - Directory traversal vulnerability in RequestUtil.java in Apache Tomcat
N/A CVE-2015-5345 - Directory discovery vulnerability in RequestUtil.java in Apache Tomcat
N/A CVE-2015-5346 - Session Fixation vulnerability in Tomcat
N/A CVE-2015-5351 - CSRF token leak in Tomcat
N/A CVE-2016-0706, CVE-2016-0763 - Security manager bypass in Tomcat
N/A CVE-2016-0714 - Security Manager bypass via persistence mechanisms
N/A Adobe cross-domain http://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html

LEM 6.3.0 includes the following connectors.

case number connector
840610 Cyphort™
842263 Securelink Device
872821 Barracuda Load Balancer ADC
637488 Barracuda SSL VPN
854919 Cisco® ISE data not standard syslog
828484 Windows® Network Address Translation (WinNAT) Operational log-DirectAccess
828482 Base-Filtering-Engine (BFE) Resource Flows Operational log-DirectAccess
734401 Applications And Services Logs
846866 PIKAEvents
586782 NetMotion® Mobility™
782135 PostgreSQL
867735 Windows VMWare® logging
916812 Arbor® Networks Peakflow®
938303 Cerberus FTP Server

Known issues

Installing the 6.3.0 HP-UX agent may generate errors

Issue: When you run the 6.3.0 HP-UX agent installer, you may receive unexpected results.

Work-around: Install the agent using the 6.2.1 HP-UX agent installer.

Using underscores in custom report search terms does not return report data

Issue: When you open the Reports console and generate a report using an underscore ( _ ) in your search query, the report does not include your search data.

Work-around: Avoid using underscores in your report search queries.

Widgets and filters may not load for a new LEM user

Issue: When you click Build > Users and create a new Admin user, the widget and filter options do not load into their Ops Center and Monitor views.

Work-around: Log out of the console, clear your browser cache, and then log back in to the console.

Enabling and disabling rules may generate unexpected results

Issue: When you click Build > Rules and enable or disable a rule, the console redirects you to the All Rules category. The rule status does not change.

Work-around: Refresh the console.

Reports console generates an error when entering a date format

Issue: When you open the Reports console, generate a report, and select a date format, the console generates an error stating that your selected format is not a valid date and time.

Work-around: Use the supported date format. See "Run and schedule reports" in the LEM User Guide for the supported date formats.

Creating FIM rules in a clustered environment generates unexpected results

Issue: After you install the 6.3.0 HP-UX agent, the system may generate errors.

Work-around: Use Windows File Auditing instead of File Integrity Monitoring (FIM). See your Windows Server operating system documentation for more information.

Unable to generate a report using a separate database appliance

Issue: If your LEM appliance is connected to a separate database appliance, you cannot generate the following reports in the Reports console:

  • List of Subscription Rules by User
  • List of Users
  • List of Rules for Rule Subscriptions

Workaround: No known workaround. This issue may be resolved in a future release.

USB Defender disables access to IronKey flash drives

Issue: When you install an IronKey™ flash drive into your USB port, USB Defender prevents you from entering a password to access the drive.

Work-around: Disable USB Defender when using an IronKey flash drive.

Legacy LDAP users display in the List of Users report

Issue: When you migrate from legacy to new LDAP users in the LEM Manager and generate a List of Users report in the Reports console, the legacy users appear in the report.

Work-around: Log on to the CMC, open the Manager menu, and restart the Manager Service. This will take the Manager offline for 1–3 minutes.

Legacy LDAP users do not display in the console

Issue: When you migrate from a legacy LDAP to a new LDAP configuration, legacy LDAP users do not display in the LEM Console. Additionally, these users are not assigned to subscriptions or email actions to rules after the upgrade.

Work-around: Migrate users to the new LDAP configuration using the following procedure:

Upgrade LEM to version 6.3.

  1. Prompt all users previously running in version 6.2 to log in to the LEM console. If these users do not log in, they will not be migrated to the new LDAP configuration.
  2. Disable your legacy LDAP configuration.
  3. Set up a new LDAP configuration in the Admin user interface. All users who logged in to the LEM console are migrated and display in the console.

Error message displays when you upgrade the Desktop Console

Issue: When you upgrade the SolarWinds LEM Desktop Console to version 6.3.0, an error message displays stating that the application cannot be installed due to a certificate problem.

Work-around: Uninstall the current Desktop Console. When you are finished, install Desktop Console version 6.3.0.

Unable to establish an HTTPS connection to the LEM Manager running Windows 7

Issue: When you connect to the LEM manager using Internet Explorer or the Adobe AIR-enabled desktop console on a workstation running Windows 7, HTTPS is disabled. You can establish an HTTPS connection using Google Chrome or Mozilla Firefox.

Work-around: Install the latest Windows 7 updates or upgrade to the latest supported operating system.

Legal notices

© 2016 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds and other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies.