Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Restrict access to the LEM reports application

Restrict access to the LEM reports application

Updated: January 26, 2018

This topic documents how to secure the LEM reports application so that only authorized users can access it.

Understand your options for securing LEM reports

Older versions of LEM (pre 6.2) allow unrestricted access to the LEM database by the reports application installed on a Windows computer. No credentials were required for the access.


Starting with LEM version 6.2.0, the LEM Reports application requires a username and password to allow the LEM Reports application to access the database. 

 

As with all versions of LEM, there is one additional level of security for the Reports application, but the same holds true for the SSH connection or the Console connection (web-based or air-based). You only need to run the “restrictreports” command (or “restrictconsole” or “restrictssh” commands) to create a whitelist of computer hostnames or IP-addresses that can run reports and access the database (or the console or SSH, if using that parameter).

  • Access can be restricted to specific computers.
  • Access is automatically restricted by port number. The Reports application communicates over port 9001, using TLS or no encryption. Console access only on port 8443/443 when the LEM is activated, but port 8080/80 is available during evaluation period or if “togglehttp” command used to re-enable the port 8080/80. SSH access is allowed on port 22 or 32022, but support can assist you with forcing only one port. LEM versions prior to 6.3.1 only had port 32022 available for SSH.
  • The LEM reports application can be configured to require a user name and password.
     

To encrypt communication between the LEM reports application and the LEM database, see Enable transport layer security (TLS) in the LEM reports application.

Restrict access to LEM reports to specific computers

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

  2. At the cmc> prompt, type service.

  3. At the cmc::service> prompt, type restrictreports.

  4. When prompted, press the Enter key.

  5. Enter the IP addresses (or hostnames) of the computers that you want to allow to run the LEM reports application, separated by spaces.

    Ensure that the list you provide is complete. Your entry will override any previous entries.

  6. Type y to confirm your entry.

  7. Type exit to return to the cmc> prompt.

  8. Type exit to log out of the CMC command line.

Remove all LEM reports access restrictions

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

  2. At the cmc> prompt, type service.

  3. At the cmc::service> prompt, type unrestrictreports.

  4. When prompted, press the Enter key.

    Removing LEM reports restrictions will make the LEM database accessible to any computer on your network that is running the LEM reports application.

  5. Type exit and press Enter to return to the cmc> prompt.
  6. Type exit and press Enter to log out of the CMC command line.
Last modified

Tags

Classifications

Public