Submit a ticketCall us

WebinarFREE IT Monitoring Webcast

Don’t miss out on our webcast, Essential IT Monitoring with SolarWinds ipMonitor, where we will show you how to keep an eye on your IT environment from one centralized, affordable, and lightweight monitoring tool: SolarWinds® ipMonitor®.

Register now.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > LEM Administrator Guide > Restrict access to the LEM reports application

Restrict access to the LEM reports application

Updated: October 5, 2018

This topic documents how to secure the LEM reports application so that only authorized users can access it.

Understand your options for securing LEM reports

Older versions of LEM (pre 6.2) allow unrestricted access to the LEM database by the reports application installed on a Windows computer. No credentials were required for the access.


Starting with LEM version 6.2.0, the LEM Reports application requires a username and password to allow the LEM Reports application to access the database. 

 

As with all versions of LEM, there is one additional level of security for the Reports application, but the same holds true for the SSH connection or the Console connection (web-based or air-based). You only need to run the “restrictreports” command (or “restrictconsole” or “restrictssh” commands) to create a whitelist of computer hostnames or IP-addresses that can run reports and access the database (or the console or SSH, if using that parameter).

  • Access can be restricted to specific computers.
  • Access is automatically restricted by port number. The Reports application communicates over port 9001, using TLS or no encryption. Console access only on port 8443/443 when the LEM is activated, but port 8080/80 is available during evaluation period or if “togglehttp” command used to re-enable the port 8080/80. SSH access is allowed on port 22 or 32022, but support can assist you with forcing only one port. LEM versions prior to 6.3.1 only had port 32022 available for SSH.
  • The LEM reports application can be configured to require a user name and password.
     

To encrypt communication between the LEM reports application and the LEM database, see Enable transport layer security (TLS) in the LEM reports application.

Restrict access to LEM reports to specific computers

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

  2. At the cmc> prompt, type service.

  3. At the cmc::service> prompt, type restrictreports.

  4. When prompted, press the Enter key.

  5. Enter the IP addresses (or hostnames) of the computers that you want to allow to run the LEM reports application, separated by spaces.

    Ensure that the list you provide is complete. Your entry will override any previous entries.

  6. To confirm your entry, type y.

  7. To return to the cmc> prompt, type exit.

  8. To log out of the CMC command line, type exit.

Remove all LEM reports access restrictions

  1. Open the CMC command line. See Log in to the LEM CMC command line interface for steps.

  2. At the cmc> prompt, type service.

  3. At the cmc::service> prompt, type unrestrictreports.

  4. When prompted, press the Enter key.

    Removing LEM reports restrictions will make the LEM database accessible to any computer on your network that is running the LEM reports application.

  5. To return to the cmc> prompt, type exit, and then press Enter.
  6. To log out of the CMC command line, type exit, and then press Enter.
Last modified

Tags

Classifications

Public