These release notes provide additional guidance for SolarWinds Log & Event Manager (LEM) v5.4. All of the notes within also apply to SolarWinds SIM (previously TriGeo SIM) v5.4 unless otherwise noted.

Why Install this Version

Log & Event Manager Version 5.4 includes Microsoft Hyper‑V support, a web-based console, SNMP integration for several other SolarWinds products, and many other improvements and updates.

SIM Customers: Any references to the virtual appliance do not apply to the SIM product. To utilize these features, purchase a LEM license and migrate your SIM appliance to a virtual appliance.

Features and Improvements

This version of SolarWinds Log & Event Manager provides the following improvements, organized by functional area:

• Console
• Appliance/Manager
• nDepth Log Storage/Search
• Agent and USB-Defender
• Reports
• MSSQL Auditor
• Connectors

Console

• Added a browser-based LEM console.
• Resolved several performance issues with the Event Explorer.
• Added Microsoft Active Directory integration for LEM user accounts. For additional information, see KB article 3658.
• Added best practice deployment steps with links to related videos and documentation to the "Getting Started" widget in the Ops Center.
• Resolved several issues related to Tool Profiles in which agents appeared with incorrect hostnames and could not be removed.¹
• Resolved an issue with the popup notification count in the Filter Notifications pane.²
• Improved copy/paste functionality in the Alert Details pane and Alert grid.

Appliance/Manager

• [LEM only] Added Microsoft Hyper‑V support for the virtual LEM appliance.
• [LEM only] Added the ability to increase the virtual appliance disk size from the default 250 GB up to the maximum 1 TB. For additional information, see KB article 3717.
• Added appliance migration support (hardware to virtual, virtual to virtual, etc.). For additional information, see KB article 3656.
• [SIM only] Resolved an issue in which the blue screen displayed when physically connected to a hardware (SIM) appliance showed an evaluation license.³
• Resolved false positives related to the built-in Community SIP Snort rules on the LEM appliance.⁴
• Resolved an issue that caused the DiskUsage command in the CMC to throw a Java error upon completion.⁵
• Resolved issues with the hostname command in the CMC.⁶
• Disabled Snort IDS on new LEM appliances by default.⁷ Current customers can disable Snort using the procedure in KB article 3406.

nDepth Log Storage/Search

• Resolved an nDepth issue related to queries that contain quotation marks.⁸
• Resolved an issue that prevented nDepth queries from cancelling when you clicked the Cancel icon [x].⁹

Agent and USB-Defender

• No change in this version.

Reports

• No change in this version.

MSSQL Auditor

• No change in this version.

Connectors

• Added SNMP trap integration for sending/receiving events to/from core SolarWinds products. The SolarWinds Orion and Virtualization Manager connector currently accepts traps from SolarWinds NPM, SolarWinds SAM, and SolarWinds Virtualization Manager.
• Renamed the unsupported AS400 connector to Legacy TriGeo Agent AS400 Tool.¹⁰
• Resolved an issue that sometimes affected connectors for Syslog data containing the word "Error," causing the data to show up incorrectly in real-time feeds.¹¹ This was most apparent with the Sonicwall Aventail SSL VPN E-class connector.

New and Updated Connectors

SolarWinds LEM version 5.4 includes 15 new connectors and several improved connectors. Click the headings below to expand the lists of new and updated connectors in this release. The current version number for each connector is in parenthesis after its name.

New

Updated

Differences Between the Web and Desktop Consoles

The following are differences between the web and desktop consoles. Otherwise, the two consoles are identical.

• The web console resides on the LEM appliance. Use one of the following URLs to access the web console, where managerAddress is the hostname (recommended) or IP address of your LEM appliance:
• Evaluation Version: http://managerAddress
• Licensed Version: https://managerAddress
• The web console does not require the Adobe AIR runtime.
• You can open concurrent instances of the web console on the same computer (not recommended), but you can only open one instance of the desktop console per computer.
• The web console always shows the appliance on which it resides, called the host manager, in the Manage > Appliances area.
• The desktop console requires you to add at least one appliance in the Manage > Appliances area before it is functional.
• The web console displays a confirmation prompt before allowing you to browse to a file location when exporting any of the following items:
• Rules
• User Settings
• nDepth Results (PDF)
• nDepth Result Details (CSV)
• Both consoles have a minimum size of 1000 x 720 px, but you can make the web console smaller by resizing the browser window (not recommended).
• The desktop console allows you to view console popup windows independently. The web console always displays popup windows within the browser window. These windows include:
• nDepth Export
• nDepth Widget Builder
• Widget Builder (Ops Center, Monitor)
• Filter popup notifications
• Data Simulation Complete popup
• When you run the activate command in the CMC, the desktop console automatically tries to reconnect to the manager after it becomes available again. The web console displays a popup message with its new URL and you have to reconnect manually.
• The only way to log out of the host manager when using the web console is to close the browser tab or window.

Additional Requirements

The following are additional requirements for components added in v5.4:

• Web Console
• Hyper‑V Appliances

Web Console

• The web console requires Flash Player 11.
• SolarWinds supports the LEM web console in the following browsers:
• Internet Explorer 8 and later
• Mozilla Firefox 10 and later
• Google Chrome 17 and later

Hyper‑V Appliances

The following are additional steps and requirements needed to deploy LEM using Microsoft Hyper‑V.

• Configure the appliance's network settings after deploying the VHD.
• Enable the Hyper‑V time synchronization integration service.

To configure network settings in Hyper‑V:

1. Open Hyper‑V Manager.
2. In the left pane, select the LEM appliance.
3. In the Actions pane (right), click Settings.
4. In the left pane under Hardware, click Network Adapter.
5. In the right pane, select the network you want to connect to.
6. Click OK.

To enable time synchronization in Hyper‑V:

1. Open Hyper‑V Manager.
2. In the left pane, select the LEM appliance.
3. In the Actions pane (right), click Settings.
4. In the left pane under Management, click Integration Services.
5. In the right pane, select the Time synchronization checkbox.
6. Click OK.

Installing and Upgrading SolarWinds Log & Event Manager

The following sections provide required information for installing and upgrading Log & Event Manager.

• General Requirements
• Supported Versions
• Upgrading Log & Event Manager

General Requirements

The following are the general requirements for installing SolarWinds Log & Event Manager. For additional information about how to install Log & Event Manager, see the Log & Event Manager QuickStart Guide.

Supported Versions

SolarWinds supports Log & Event Manager versions 5.2 and later, and SIM versions 5.0 and later.

Upgrading Log & Event Manager

The following section provides critical notes regarding how to complete an upgrade to the latest version of Log & Event Manager, regardless of your current version.

 Note: Detailed upgrade instructions are available in the Log & Event Manager Upgrade Guide.

Upgrade to Version 5.4 from Version 5.2 or later

If you are upgrading from a version prior to LEM 5.2, use the following upgrade path:

4.5.3 > 5.0.2 > 5.2.1 > 5.4

Reboot after the 5.4 upgrade on hardware (SIM) appliances takes 15+ minutes

If you are upgrading a hardware (SIM) appliance, the upgrade repartitions the available disk space on the appliance upon reboot. This adds up to 15 minutes to the upgrade process. Do not turn off or reboot the appliance until after it starts up completely.

Let Agents Reconnect During Incremental Upgrades

When you are preforming incremental upgrades, like upgrading from v5.0 to v5.2 in order to upgrade to v5.4, we recommend you let your LEM Agents reconnect to the upgraded LEM Manager after each step.

Download the Latest Connector Update Package After You Upgrade

All LEM upgrades include a connector update, but we often update the stand-alone Connector Update package between releases as well. To ensure you have the latest version of all of the LEM connectors, download the current Connector Update package here.

For instructions to apply the LEM Connector Update package, see How to apply a LEM connector update package or the Log & Event Manager Upgrade Guide.

McAfee On-Access Scan Prevents the Upgrade Script from Extracting the Upgrade Files

The upgrade script fails and returns the following error when McAfee On-Access Scan prevents it from extracting the upgrade files:

cp: cannot stat '/tmp/smb/Upgrade/x64jar': No such file or directory

Workaround:

1. Open McAfee On-Access Scan Properties
2. Click the Blocking tab.
3. Clear Block the connection when a threat is detected in a shared folder.
4. Click OK.
5. Rerun the LEM upgrade.

Licensing for v5.3 and Later

Log & Event Manager v5.3 included a new license for all LEM customers. Access your activation key from the SolarWinds Customer Portal, and activate your LEM Console from Manage > Appliance > License. If you receive an error ("Error retrieving license information"), check your license key and network connection, or use the manual activation feature from the SolarWinds Customer Portal.

 Note: If you are upgrading from a functional v5.3 LEM appliance, you have already completed this step.

Other Known Issues

The following sections provide information related to known issues in Log & Event Manager Version 5.4, organized by functional area:

• Console
• Appliance/Manager
• Agent and USB-Defender
• Reports
• MSSQL Auditor
• Connectors

Console

• When you log into the desktop console with saved credentials after upgrading from 5.3.1, the 5.4 console prompts for your password. After you provide it once and save the credentials, the console does not prompt again. (CMANAGE-502)
• The web console login screen shows http:// without a hostname or IP address, and you get the error, Unable to connect to manager: http:// when you try to connect using the URL, http://managerAddress/lem. See Differences Between the Web and Desktop Consoles for the acceptable format.
• When the web console is loading a new session, you are able to authenticate to a second session as the same user. (CINT-75)
• The web console does not close a second instance when you click OK on the multiple session warning message. (CINT-77)
• Flash Player in Firefox 9.0 does not perform as expected with the web console. Upgrade to the latest version of Firefox. (CINT-69)
• Drag and drop functionality in the web console does not work correctly with Flash Player in Firefox 9.0. Upgrade to the latest version of Firefox. (CMONITOR-980)
• Connecting to the web console by IP address in Firefox 9.0 causes unexpected behavior from the LEM manager. Install the console certificate, add the LEM manager IP address to the Firefox exceptions list, or upgrade to the latest version of Firefox.
• Chrome 17 displays a security warning when you connect to the web console by IP address or hostname. Upgrade to the latest version of Chrome and install the console certificate. (FB116214)
• Chrome 18 displays a security warning when you connect to the web console by IP address. Install the console certificate and connect to the web console by hostname. (FB116214)
• You cannot import or export filters with <, /, or : in their names. (FB127819)
• The desktop console does not append a file extension to filters it exports. The correct file extension is .swfil. (FB126074)
• The web console does not create an empty My Filters filter group when first launched. (CMONITOR-978)
• If you do not close the Export dialog after exporting data from nDepth, a second export of the same data might not return all of the data. (CEXPLORER-1171)
• You cannot use Active Directory groups or users from Organizational Units (OU) with /, \, or " in their names. (FB129259)
• If you import multiple copies of the same rule in a single batch, you must delete the rule multiple times to remove it from the manager. (CBUILD-921)
• The Add > Directory Service User and Add > Directory Service Group dialog does not load the current OU every time it launches. To refresh the current OU in these dialogs, select a different OU, and then select the original one. (CBUILD-966)
• When you import a user from Active Directory (AD) to create a LEM user, LEM does not update the LEM user when you change the AD user. To update LEM users imported from AD, delete and recreate the user in LEM. (FB127486)
• When you import user settings into the desktop console, the list of managers in Manage > Appliances is updated with the imported list, and the console does not reconnect to any previously-connected managers. (CMANAGE-482)
• When you select Agent in the Node filter on Manage > Nodes, the filter menu continues to display Agent after you click the Reset button. (CMANAGE-497)

Appliance/Manager

• The upgrade script hangs if the primary network interface (eth0) is down or does not have an IP address (as is the case with secondary or HA appliances). (FB107589)
• If you run the hostname command on an appliance that does not have an IP address assigned to the primary network interface (eth0), it fails with a fatal error. Run cmc > appliance > netconfig to assign or obtain an IP address prior to changing the hostname. (FB128074)

Agent and USB-Defender

• There is no remote agent upgrade for LEM agents running on Mac OS. Update these agents manually by running the current agent installer for Mac OS. (MGR-472)
• When you try to uninstall a 5.3 agent that was upgraded from a previous version, you may receive one of two errors:
  • A popup with Exception "java.lang.IllegalArgumentException...": Resolved by using the Remote Agent Uninstaller rather than Add/Remove Programs.
  • A JVM launcher error: Resolved by running the current Agent Installer, then uninstalling the Agent.
• Upgraded agents may appear with a new IP and/or hostname combination. This issue is more prevalent on Unix/Linux platforms due to a known issue in the Java Runtime Environment. Enter the expected/desired values in the /etc/hosts file.

Reports

• The email address and phone number for Support on the About Reports dialog are incorrect. To contact Support, submit a ticket. (FB126056)

MSSQL Auditor

• MS SQL Auditor does not work with SQL 2012. (FB117809)

Connectors

• Connectors that connect to a database must be run on an agent, and not the appliance. These connectors include:
  • AVG DataCenter 7.5
  • AVG DataCenter 8.0
  • DeviceLock Audit
  • DeviceLock Events
  • Forefront Security SQL Database
  • Kaspersky Administration Kit 8
  • Novell Netware 6.5 (Database)
  • NOD32 Antivirus 4 SQL Event
  • NOD32 Antivirus 4 SQL Scan
  • NOD32 Antivirus 4 SQL Threat
  • NOD32 Antivirus 4 Access Event
  • NOD32 Antivirus 4 Access Scan
  • NOD32 Antivirus 4 Access Threat
  • Novell Identity Audit DB
  • PatchLink Vulnerability
  • SonicWall GMS
  • Sophos Enterprise 2.0 Database
  • Sophos Enterprise 3.0 Database
  • VIPRE 5.0
  • VIPRE Business 4.0
  • VIPRE Business - System Events 4.0
  • VIPRE Enterprise 3.1
  • Websense Web Filter and Websense Web Security Database
  (FB129522)

Development and Support ID Fix Table

The following table provides the internal Development ID numbers and external support ID numbers for customer-reported issues resolved in this release.

Version History

Click the links below for the release notes for previous versions of SolarWinds Log & Event Manager.

• SolarWinds LEM v5.3.1
• SolarWinds LEM v5.3
• SolarWinds LEM v5.2

Legal

Copyright © 1995-2012 SolarWinds Worldwide, LLC. All rights reserved worldwide.

No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, the SolarWinds & Design, ipMonitor, LANsurveyor, Orion, and other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies. Microsoft®, Windows®, and SQL Server® are registered trademarks of Microsoft Corporation in the United States and/or other countries.