Documentation forSecurity Event Manager

LEM 6.3.1 release notes

These release notes describe the new features, improvements, and fixed issues in LEM 6.3.1, as well as upgrade notes and workarounds for known issues.

New features and improvements

This section describes the new features in this release.

Single sign-on

LEM now supports Active Directory single sign-on (SSO). When enabled, LEM does not ask users for a user name and password if they are already logged in to Active Directory (AD). Instead, AD authenticates the user in the background, and LEM automatically logs the user in with the appropriate user access rights. User access in the LEM consoles (both desktop and web), as well as the LEM reports console, is based on AD group membership.

To integrate LEM with Active Directory, a keytab file is required. The keytab file is exported from Active Directory and then imported into LEM. LEM uses this file to authenticate users with Active Directory and to enforce user account security. Kerberos authentication ensures that SSO details are securely transmitted between LEM and Active Directory.

To configure single sign-on

To configure single sign-on in a web browser, open the Admin user interface available at the following URL: https://lem_manager_IP_address:8443/mvc/login

Use the Admin user interface to configure LDAP and SSO connection settings, import the Active Directory keytab file into LEM Manager, and enable or disable local user account access to LEM.

If using a web browser is not possible, you can also configure LDAP and SSO settings by choosing admin in the CMC management console menu. See the Open the Admin UI in a text browser section for more information.

CMC management console updates

The CMC Management Console includes an updated top-level menu with the following new commands:

  • Open the Admin UI in a text browser

    Choose the admin CMC command on the main menu to open the Admin user interface in a text browser. Use this screen to make SSO and LDAP configuration changes without a web browser.

  • Import a keytab file

    If you set up SSO using the CMC console, use the import command on the main menu to import a keytab file into the manager.

  • Set up SNMP monitoring on the Orion Web Console

    Use the snmp CMC command on the service menu to enable the SNMP Request Service on the LEM appliance. You can configure SNMP version 3 on the LEM appliance to communicate with SolarWinds Network Performance Monitor (NPM) through ports 161 and 162. Use this configuration to monitor CPU, memory, and other critical components from the SolarWinds Orion Web Console.

    After you enable the service, set up a managed SNMP node in the Orion Web Console and configure an SNMP polling method to monitor the LEM appliance.

  • Create a disk usage warning when reaching certain set values

    The appliance menu now includes the diskusageconfig command. Use this command to set up an event in the Monitor view that warns you when the partition reaches a predetermined use limit.

    Below is an example of the diskusageconfig command.

    cmc::appliance > diskusageconfig
    Current Disk Usage Configuration:
    # | Partition (filesystem) | Configured limit
    ================================================
    1 |LEM (/user/local)  |90%
    2 |OS (/)|90%
    3 |Logs/Data (/var/) |10G 
    4 |Temp (/tmp)|90%
    ------------------------------------------------
    You can define your disk use limit by the percentage of unavailable disk space (such as 75%) or the amount of free disk space (such as 58G). Enter the partition number you want to change (enter'exit' and press <Enter> to quit:

    Set the disk use limit to a percentage of unavailable disk space (such as 90%), or to the minimum required amount of free disk space (such as 58G). When the limit is reached, an InternalWarning event displays in the Monitor view.

    For example:

    • If you set the OS disk partition limit (option #2) to 75%, the following event displays in the All Events grid and in SolarWinds Alerts when the 75% limit is reached:

      ManageMonitor Warning! Disk Usage: The OS filesystem is over 75% full!

    • If you set the OS disk partition limit (option #2) to 5GB, the following event displays in the All Events grid and in SolarWinds Alerts when the 5GB limit is reached:

      ManageMonitor Warning! Disk Usage: The OS filesystem has under 5G left!

    • If you set the Logs/Data disk partition limit (option #3), a message prompts you to use the dbdiskconfig command to change the database disk configuration. SolarWinds recommends setting the Logs/Data partition and the database disk configuration to the same value.
  • Monitor multiple managers in the console

    Use the multimanagerconfig CMC command to enable the multimanager feature that lets you manage information in one place by connecting to multiple managers in the console.

    If you enable the multimanager feature, some security scanners may generate cross-domain security warnings about the LEM appliance. Keep this feature disabled if it is not required.

    See CMC Commands in the SolarWinds Administrator Guide for more information.

Other improvements

  • "What's New" widget in the Ops Center describes new features and improvements in this release.
  • You can now access LEM manager using Secure Shell (SSH) port 22 or port 32022.

  • Oracle Java version 8 provides security enhancements and improved agent integration with systems running Microsoft® Windows® 10.

New customer installation

For information about installing LEM, see the SolarWinds Log & Event Manager Installation Guide and the SolarWinds Log & Event Manager Getting Started Guide.

How to upgrade

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade:

  • Use the LEM Upgrade Guide to help you plan and execute your upgrade.
  • Download the upgrade package from the SolarWinds Customer Portal.
  • If you need to install the LEM Windows agent on Windows Server 2016, see the workaround in the Known Issues section.

If you are using multimanager, LEM Managers are disconnected after the upgrade to 6.3.1. To reconnect, set multimanagerconfig to True (enabled). Your Flex cache must be cleared (F12 hotkey) to see the change.

Fixed issues

LEM 6.3.1 fixes the following issues:

case number Description

N/A

Fixed an issue where when a rule fires on 2 or more events the data filled out in actions is empty.

LEM 6.3.0 fixes the following issues:

case number Description
756763
785994
875682
877194
886729
LEM is now running Apache Tomcat® version 8 for improved security.
744453 Running BlazeDS in a LEM environment no longer generates "out of memory" messages.
828868 An issue with the Rapid7 Nexpose Connector was resolved.
828868 An issue with the Rapid7 Nexpose Reader was resolved.
849537 Rules that include a SourceMACaddress correlation condition will now fire properly.
850931
852523
882875
929871
933431
For improved security, LEM no longer supports the Transport Layer Security version 1 (TLSv1) cryptography.
861621 An issue with the Microsoft SQL (MSSQL) Auditor connector was resolved.
865152 LEM will no longer lose its connection to the syslog server when you upgrade to version 6.2.0 and change the host name.
868246
865352
Installing an AIX agent no longer generates errors or installation issues.
871908 To meet the U.S. Department of Defense requirements, LEM now generates an alert when the LEM appliance hard drive capacity reaches 75%.
828273 The LEM Console login screen no longer fills unpopulated username and password fields with asterisks (******).
890851
969439
An issue with an agent detecting its own IP address was resolved. The agent can properly connect to the manager appliance.
910494
909992
918736
923329
924007
An issue with the HyperSQL database was resolved.
N/A CVE-2015-3195 - OpenSSL sensitive information leakage
N/A CVE-2015-3197 - Possible to use disabled ciphers
N/A CVE-2015-3269 - BlazeDS XXE
N/A CVE-2015-7547 - Critical vulnerability of glibc
N/A CVE-2016-0703 - Bleichenbacher RSA padding oracle
N/A CVE-2016-0777 - OpenSSH sensitive information leakage
N/A CVE-2016-0778 - OpenSSH DoS/buffer overflow
N/A Java/RMI deserialization vulnerability
N/A CVE-2015-7575, CVE-2015-4835, CVE-2016-0686 - Oracle Java SE Multiple Vulnerabilities
N/A SSH Weak Algorithms Supported
N/A CVE-2015-4000 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
N/A CVE-2015-5174 - Directory traversal vulnerability in RequestUtil.java in Apache Tomcat
N/A CVE-2015-5345 - Directory discovery vulnerability in RequestUtil.java in Apache Tomcat
N/A CVE-2015-5346 - Session Fixation vulnerability in Tomcat
N/A CVE-2015-5351 - CSRF token leak in Tomcat
N/A CVE-2016-0706, CVE-2016-0763 - Security manager bypass in Tomcat
N/A CVE-2016-0714 - Security Manager bypass via persistence mechanisms
N/A Adobe cross-domain http://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html

LEM 6.3.0 and 6.3.1 include the following connectors.

case number connector
840610 Cyphort™
842263 Securelink Device
872821 Barracuda Load Balancer ADC
637488 Barracuda SSL VPN
854919 Cisco® ISE data not standard syslog
828484 Windows® Network Address Translation (WinNAT) Operational log-DirectAccess
828482 Base-Filtering-Engine (BFE) Resource Flows Operational log-DirectAccess
734401 Applications And Services Logs
846866 PIKAEvents
586782 NetMotion® Mobility™
782135 PostgreSQL
867735 Windows VMWare® logging
916812 Arbor® Networks Peakflow®
938303 Cerberus FTP Server

Known issues

"Log in automatically next time" and "Save Credentials" are not working

Issue: The "Login Automatically Next Time" and "Save Credentials" settings are lost after a user logs out of the LEM web console and refreshes the login page (F5).

Work-around: Set up single sign-on. See Set up single sign-on (SSO) in LEM for details.

Nodes view shows Windows Server 2016 as unknown

Issue: The LEM console lists computers running Windows Server 2016 as Windows NT (unknown).

Work-around: None. This issue will be fixed in the next version of LEM.

Installing the LEM Windows agent on Windows Server 2016 fails

Issue: Installing the LEM 6.3.1 Windows agent installer on Windows Server 2016 results in an error.

Work-around: To install the agent on Windows Server 2016, run the remote agent installer from another machine that is not running Windows Server 2016.

Installing the 6.3.1 HP-UX agent may generate errors

Issue: When you run the 6.3.1 HP-UX agent installer, you may receive unexpected results.

Work-around: Install the agent using the 6.2.1 HP-UX agent installer.

Using underscores in custom report search terms does not return report data

Issue: When you open the Reports console and generate a report using an underscore ( _ ) in your search query, the report does not include your search data.

Work-around: Avoid using underscores in your report search queries.

Widgets and filters may not load for a new LEM user

Issue: When you click Build > Users and create a new Admin user, the widget and filter options do not load into their Ops Center and Monitor views.

Work-around: Log out of the console, clear your browser cache, and then log back in to the console.

Enabling and disabling rules may generate unexpected results

Issue: When you click Build > Rules and enable or disable a rule, the console redirects you to the All Rules category. The rule status does not change.

Work-around: Refresh the console.

Reports console generates an error when entering a date format

Issue: When you open the Reports console, generate a report, and select a date format, the console generates an error stating that your selected format is not a valid date and time.

Work-around: Use the supported date format. See "Run and schedule reports" in the LEM User Guide for the supported date formats.

Creating FIM rules in a clustered environment generates unexpected results

Issue: After you install the 6.3.0 HP-UX agent, the system may generate errors.

Work-around: Use Windows File Auditing instead of File Integrity Monitoring (FIM). See your Windows Server operating system documentation for more information.

Unable to generate a report using a separate database appliance

Issue: If your LEM appliance is connected to a separate database appliance, you cannot generate the following reports in the Reports console:

  • List of Subscription Rules by User
  • List of Users
  • List of Rules for Rule Subscriptions

Workaround: No known workaround. This issue may be resolved in a future release.

USB Defender disables access to IronKey flash drives

Issue: When you install an IronKey™ flash drive into your USB port, USB Defender prevents you from entering a password to access the drive.

Work-around: Disable USB Defender when using an IronKey flash drive.

Legacy LDAP users display in the List of Users report

Issue: When you migrate from legacy to new LDAP users in the LEM Manager and generate a List of Users report in the Reports console, the legacy users appear in the report.

Work-around: Log on to the CMC, open the Manager menu, and restart the Manager Service. This will take the Manager offline for 1–3 minutes.

Legacy LDAP users do not display in the console

Issue: When you migrate from a legacy LDAP to a new LDAP configuration, legacy LDAP users do not display in the LEM Console. Additionally, these users are not assigned to subscriptions or email actions to rules after the upgrade.

Work-around: Migrate users to the new LDAP configuration using the following procedure:

Upgrade LEM to version 6.3.

  1. Prompt all users previously running in version 6.2 to log in to the LEM console. If these users do not log in, they will not be migrated to the new LDAP configuration.
  2. Disable your legacy LDAP configuration.
  3. Set up a new LDAP configuration in the Admin user interface. All users who logged in to the LEM console are migrated and display in the console.

Error message displays when you upgrade the Desktop Console

Issue: When you upgrade the SolarWinds LEM Desktop Console to version 6.3.0, an error message displays stating that the application cannot be installed due to a certificate problem.

Work-around: Uninstall the current Desktop Console. When you are finished, install Desktop Console version 6.3.0.

Unable to establish an HTTPS connection to the LEM Manager running Windows 7

Issue: When you connect to the LEM manager using Internet Explorer or the Adobe AIR-enabled desktop console on a workstation running Windows 7, HTTPS is disabled. You can establish an HTTPS connection using Google Chrome or Mozilla Firefox.

Work-around: Install the latest Windows 7 updates or upgrade to the latest supported operating system.

Version history

LEM Release Notes Version 6.3.0

Legal notices

© 2016 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds and other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies.