Documentation forSecurity Event Manager

LEM 6.4 release notes

This document summarizes new features, improvements, and fixed issues in LEM 6.4, additional features, and upgrade notes and workarounds for known issues.

New features and improvements

LEM Events Console

The LEM Events Console provides instant access to live event monitoring and filtering as well as historical record archives for in-depth analysis and troubleshooting. Within the console view, you can quickly switch between real-time event streaming and historical log views based on user-defined date and time parameters. In addition to live and historical keyword search options, all established LEM Monitor filters are accessible in the LEM Events Console Filters pane. You can access the console view by clicking Visit LEM Events Console in the top-right section of the LEM console.

View the LEM Events Console in HTML5

The LEM Events Console view is presented in HTML5 format, which means no requirement for Adobe® Flash® or other third-party media players. This update also results in a more robust console that can run on any computer operating system as well as most web browsers.

Filter and monitor events in Live Mode

Switch the LEM Events Console to Live Mode to monitor events as they occur in your environment. This is particularly useful when troubleshooting active network problems. You can apply "live" filters to target and identify issues using the Filters pane and Live filter keywords, and then conduct a historical log search for additional event analysis.

Live Mode also reconciles device polling gaps by processing and correlating a consistent stream of log event data.

Search and filter historical event logs

The LEM Events Console includes an advanced search capability to access your aggregated event logs based on existing Live Mode filters and a specified time range. To set your search parameters, click Historical Search, enter a specific keyword, and then open the custom time picker to set your time frame. You can further refine your search by changing the keyword in the search field.

Monitor multiple console tabs

You can open and monitor multiple LEM Events Console tabs in your web browser. You can also apply the same filters simultaneously in Live and Paused Modes, and initiate multiple search queries.

Running multiple searches simultaneously can negatively impact LEM performance due to hardware resource limitations.

Remote database (L4) configuration

Configuring the LEM Events Console with a remote database limits available console functionality. You can still search, filter, and monitor live events, but historical records and event details are not accessible. In this instance, a remote database notification appears in the top-right of the console reminding you of the limited functionality.

CMC command updates

In LEM 6.4 and later, some CMC commands are deprecated, merged, or modified. See the LEM Administrator Guide for a current list of CMC commands.

LEM Debian version upgrade

Debian version 9.4 (codename stretch) is currently installed on LEM 6.4 and later. This version eliminates the 2TB data storage restriction applicable to previous LEM releases, and significantly reduces potential security risks and vulnerabilities.

Exceeding the previous 2TB limit requires a fresh deployment based off the new OVA template. Please contact SolarWinds support for assistance with migrating your data and settings.

LEM SMB version support

LEM 6.4 currently supports all versions of Microsoft Windows SMB.

End of life, end of support, and deprecation notices

End of life

Version

EOL

Announcements

EOE Effective

dates

Eol effective dates
6.1 June 12, 2018: End-of-Life (EoL) announcement – Customers on SEM version 6.1 should begin transitioning to the latest version of SEM. September 12, 2018: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM version 6.1 will no longer be actively supported by SolarWinds. September 12, 2019: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 6.1.

New customer installation

For information about installing LEM, see the SolarWinds Log & Event Manager Installation Guide and the SolarWinds Log & Event Manager Getting Started Guide.

How to upgrade

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade:

Use the LEM Upgrade Guide to help you plan and execute your upgrade.

Download the upgrade package from the SolarWinds Customer Portal.

If you are using multimanager, LEM Managers are disconnected after the upgrade to 6.4. To reconnect, set multimanagerconfig to True (enabled). Clear your Flex cache (F12 hotkey) to see the change.

Find which Apache Tomcat version corresponds with your SEM version here.

File system consistency check (fsck)

During your upgrade, the system may run a fsck check during reboot. This can last 30 or more minutes depending on the quantity of data in the data partition. With the Debian version upgrade, the file system is configured to initiate the check when certain conditions are met:

  • 21 mounts since the last check (during the 22nd reboot). -or-
  • Six months since the last check.

Oracle Solaris Agent upgrades

Beginning with version 6.3, LEM supports the 64-bit Java 8 Runtime Environment (JRE). Since Oracle did not release a 32-bit version of Java for Solaris, you must manually upgrade the agents running on these systems.

To upgrade your 32-bit Solaris SPARC and Solaris Intel agents, download the Solaris SPARC Agent and Solaris Intel Agent installers from the Customer Portal and run these installers on your Solaris systems. In a future release, the LEM console will support updates for 64-bit Solaris agents when they are available.

LEM Agent installers

Oracle intends to discontinue support for their 32-bit Java Runtime Environment (JRE). Therefore, SolarWinds will no longer provide 32-bit LEM Agent installers for future LEM releases. Since IBM and HP provide their own customized Java implementations, this may impact their JRE support as well.

Supported connectors

Find LEM connector information on Thwack.

Fixed issues

LEM 6.4 fixes the following issues.​

case Number description
n/a Fixed upgrade package security vulnerability reported by Zsolt Imre.
1170529 1203980 1195052 1180987 1239478 1195751 1182585 1174010 1171725 1170238 1356460 1199799 1197746 Added SMB 2 and SMB 3 support.
00029996 Fixed kernel oops stacktrace in 6.3.1 version of LEM manager running on Hyper-V.
00054564 1185945 1235263 00054521 1175551 1234325 00068202 00092665 1341023 1359876 Fixed BSOD caused by FIM.
1337668 1317605 1315324 1235810 1320935 1148037 1124956 00046855 1289923 1211917 968093 Upgraded to Debian version 9.4.
n/a Resolved Debian DSA-4172-1 security vulnerability (Perl security update).
1239842 941038 942272 942776 937960 915827 Upgraded v2 Debian packages.
n/a Built new FIM from source code with updated version for version 6.4.0.
1071589 1068783 1069345 1069040 Fixed Dirty COW vulnerability.
00048438 00079087 Resolved LEM library jackson-databind deserialization vulnerability (CVE-2017-7525, CVE-2017-17485).
996820 Set automatic Time-Out Time-Frames for SSH connections to the LEM.
00073619 Fixed vulnerability of LEM 6.3.1 instance to CVE-2017-15906
n/a Fixed Meltdown and Spectre exploits.
n/a Upgraded Apache Tomcat to 8.0.45 after identifying vulnerability in version 8.0.44 (after HF 5).
1235711 1190546 Disabled TLS 1.1 for web console in favor of TLS 1.2.
1338245 1211489 Resolved an issue with https not working after upgrade when exportcertrequest is unfinished.
n/a Placed the lemra.conf file in config backup to ensure configuration backup is running appropriately.
1156783 1170376 Resolved issue with dead-locked receiving agent communication.
1129326 1136177 1133304 1124947 Upgraded SSH library to support AES encryption by default.
n/a Removed .keystore password from LogBundle.
n/a keyStorePassword=xxx no longer appears when processes are listed by ps -auxMove.
n/a Resolved an issue with .keystore and .truststore passwords.
n/a Fixed a vulnerability in restrictssh command.
n/a Fixed an improper access control vulnerability.
n/a Corrected an arbitrary command injection vulnerability.
1142662 1112443 Corrected an OpenSSH vulnerability in 6.3.1 HF2.
1101622 1095284 Resolved an issue where "All Installed Agents" group FQDN field is set to IP address when reverse DNS request doesn't return the hostname.
1101692 Fixed a vulnerability with mgrconfig.pl being editable by editbanner CMC command.
1096628 Resolved an issue with Windows Remote Installer being unable to install to Program Files folder.
1069477 112370 Resolved an issue with the agent requiring multiple restarts to work after deleting spop folder, taking 1 CPU full by Java process.
1174573 Fixed Tomcat logging errors and other logging issues.
1135264 1027365 1205624 1055750 1088857 Resolved an issue with user settings getting corrupted in some situations.
884629 862122 Upgraded an outdated and vulnerable Java JDK.
n/a Resolved CMC archiveconfig issues.
1119532 1031619 884629 1087625 862122 Fixed missing .keystore files for LEM Customers.
n/a Resolved an issue with protecting credentials used in scripts.
1002133 1015694 Fixed an issue with Flash crossdomain policy allowing access.
750844 Resolved an issue with widgets and filters in monitor not loading for new LEM users.
1007369 931684 1025955 683139 809926 1074516 1080153 683139 Resolved an issue with connector no longer reading events after log rotation.

Known issues

Issue: After upgrading LEM 6.3.1.hf7 to 6.4.0.1500, the blue screen incorrectly indicates that no IP address is assigned when connected directly from a Hyper-V or vSphere window.

Workaround: To find the IP address:

  1. Open your hypervisor and connect to the LEM VM:
    • For VMware vSphere, click the Console tab, select Advanced Configuration on the main console screen, and then press Enter to access the command prompt.
    • For Hyper-V, click Action > Connect, and then click the Console tab.
  2. Use the arrow keys to navigate to Advanced Configuration, and then press Enter.

    The CMC menu appears with a cmc> prompt.

  3. If the machine has an assigned IP address, you can find it in the menu next to the admin option.

Issue: In the Flex UI (Manage > Nodes > Add Node), the agent download links download outdated files.

Workaround: None. This issue will be fixed in the RTM version of LEM 6.4.

Version History

LEM Release Notes Version 6.3.1

LEM Release Notes Version 6.3.0

Legal notices

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.