Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM appliance security information

LEM appliance security information

Table of contents


Log and Event Manager is delivered as a virtual appliance with several related security features and functionality. This article lists appliance and Console security features that are common information requests from customers.


LEM v5.6 and later


  • The Log and Event Manager virtual appliance is a hardened Linux operating system. This means we’ve installed minimal software, keep it patched regularly with LEM updates, have minimal ports open, and provide the ability for customers to restrict or limit most external access.
  • Customers do not have root access to the operating system, but rather utilize a limited command shell. OS access via root or other mechanisms is only used by technical support under certain circumstances, and EVERY LEM  appliance has a different and unique root password that our support team does not know in advance.
  • When making changes to the appliance through the customer command shell, activity is logged and this log can be reviewed. Changes may also be reviewed in the LEM Console and reports.
  • Access to the command shell requires direct access to the appliance virtual console (via the hypervisor) or SSH access. If a customer is using SSH, they can further restrict access to only an acceptable list of IP addresses.
  • Communication to/from the appliance, where technically possible, is encrypted. This includes ALL agent-to-manager (and reverse) communication.
  • Communication to/from the LEM Console is encrypted as long as port 8443 is being used, and non-encrypted traffic can be disabled entirely on the appliance command shell.
  • Access to the LEM Console uses a set of different roles that can be used for limiting visibility and ability to make changes within the LEM system. Customers can also use Active Directory user/group integration to ensure no out-of-band users are being used. The LEM data store only supports write access from the internal application using credentials and connection details that are embedded in the application and are neither editable nor accessible. External access to the database is read-only and can be limited by IP Address by the administrator in the appliance command shell.
  • Activity performed in the Console, including changes and access to certain LEM features, is audited and can be reported on or searched for using LEM Reports and the LEM Console.
Last modified