Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities.
NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > Previous Versions > LEM 5.5 Release Notes

LEM 5.5 Release Notes

Created by Caroline Juszczak, last modified by Caroline Juszczak on Mar 30, 2017

Views: 1,330 Votes: 0 Revisions: 4

Updated: December 5, 2012

These release notes provide additional guidance for SolarWinds Log & Event Manager (LEM) v5.5.

Features and Fixes

This version of SolarWinds Log & Event Manager provides the following improvements and fixed items, organized by functional area:

  • Console
  • Appliance/Manager
  • nDepth Log Storage/Search
  • Reports
  • MSSQL Auditor
  • Connectors



  • Connector discovery for syslog and SNMP connectors on the Manager appliance only
  • Added an Add Node button to the new Node Health widget, which opens the Add Node wizard to walk you through adding devices.
  • Added a new thwack widget.
  • Added a new What's New in LEM widget.
  • Added a new Top 10 Rules by # of Rules Fired widget.
  • Added a new Top 10 Nodes by # of Events widget.
  • Added a new Top 10 Events widget.
  • Added a new User Details widget.
  • Added a new Node Details widget.
  • Added a new custom widget.
  • Fixed SNMP Trap Alert Action Does Not Work with Thresholds
  • Terminology change to reference "connector" instead of "tool" in the user interface and documentation
  • Terminology change to reference "event" instead of "alert" in the user interface and documentation



  • Added support for Hyper-V on Windows 2012.
  • The Email Active Response Tool now supports SSL and TLS protocols
  • Added a Logout button to the web console, which allows users to switch between LEM user accounts.
  • Fixed issue: CheckPoint is not able to create log files greater than 2.1G.
  • Fixed issue: Checkpoint connector starting issues.
  • Fixed issue: Rule Misfiring after 5.4.0 Upgrade due to All Installed Agents profile. This applies if you have enabled rules which use the "All Installed Agents" Tool Profile. The most common rule used is the NATO5 "DHCP no agent rule."
  • Fixed issue: AD Group Authentication failure due to a comma in the distinguished name. This applies if you are using the LEM Directory Service tool or Active Directory Integration to allow login to your LEM appliance with Active Directory accounts.
  • Fixed issue: Backups Failing, CIFS Error in current kernel
  • On the Hyper-V platform (Win2k8 R2 and Win2k12), the virtual network interface receives unicast traffic destined for the LEM VM only along with broadcast and multicast traffic when in promiscuous mode. No traffic for the other VMs or Hyper-V manager host (hypervisor) can be observed. The Snort IDS can still be used but it will only generate alerts for traffic to or from the LEM server.
  • On Windows8/Win2k12 Hyper-V, there is a protocol mismatch for the Key-Value Pair (KVP) Exchange using the Microsoft provided drivers. This has low impact and will only prevent WMI automation to retrieve the DHCP-assigned IP address.
  • New LEM deployments to VMware vSphere have a 2000MHz/8192MB CPU/Memory reservation by default.
  • New LEM deployments to VMware vSphere have hypervisor time synchronization enabled by default.

nDepth Log Storage/Search


  • Fixed issue: Solr future data was set to 8.8 seconds instead of 1 week.



  • No change in this version.

MSSQL Auditor


  • No change in this version.

New and Updated Connectors

SolarWinds LEM version 5.5 includes 106 new connectors and 307 updated connectors. Click the headings below to expand the lists of new and updated connectors in this release. The current version number for each connector is in parenthesis after its name.


Description Version
Actiance Unified Security Gateway 7374
ActiveScout 7374
AMaViS 7374
Array Networks SPX 7374
SonicWALL Aventail SSL VPN E-Class 7374
Symantec Backup Exec System Recovery 7374
Barracuda Web Filter 7374
Blue Coat Proxy SG web access 7379
CA's BrightStor v11.5 7374
Checkpoint Edge X Firewall 7374
Cisco ACS Express 7374
Cisco Secure ACS 5+ Syslog 7374
Cisco Content Services Switch 7374
Cisco Network Registrar for Windows 7374
Cisco Nexus NX-OS 7395
Citrix XenDesktop 7374
Citrix XenServer auth log 7374
Citrix XenServer daemon log 7374
Command Antivirus for Windows 7374
Cyber-Ark Vault 7374
DigitalPersona Pro 7374
D-Link DFL firewall 7374
Dragon IDS 7374
eDMZ Password Auto Repository 7374
EMC RecoverPoint 7374
eSafe 7374
eSoft 7374
FileSure 7374
FireProof 7374
Forefront Endpoint Protection - AV 7374
ForeScout CounterACT NAC 7374
FreeBSD Authentication 7374
FreshClam 7374
GFI LANguard System Integrity Monitor 3 7374
HP MSM700 Series Controller 7436
HP BladeSystem Enclosure auth log 7374
HP BladeSystem Enclosure local log 7374
HP StorageWorks Modular Smart Array 7374
Huawei Switches 7374
Microsoft IIS FTP Server 7.0 (W3C Extended file format) 7374
Ingate Firewall 7374
IronPort Email Security Appliance 7374
Juniper SBR authentication accepts report log 7374
Juniper SBR authentication accepts report log 7374
Juniper SBR authentication rejects report log 7374
Juniper SBR authentication rejects report log 7374
Juniper Virtual Gateway 7374
Kaspersky Security Center 7417
Lancope StealthWatch 7374
LOGbinder for Sharepoint: LOGbinder SP log 7374
LOGbinder for Sharepoint: Security Log 7374
Made2Manage 7374
McAfee Email Gateway 7374
McAfee Web Gateway v6.x 7374
Meditech EMR Access Log 7374
Microsoft Security Essentials 7374
Nagios 7374
NitroGuard IPS - Snort Format 7374
NOD32 Antivirus 4 SQL Threat 7374
NOD32 Antivirus 4 SQL Scan 7374
NOD32 Antivirus 4 SQL Event 7374
NOD32 Antivirus 4 Access Threat 7374
NOD32 Antivirus 4 Access Scan 7374
NOD32 Antivirus 4 Access Event 7374
OpenEdge Audit 7374
Open SSH 7374
HP OpenVMS 8+ 7374
Oracle Auditor - Database 7374
Panda Security for Desktops 4.02 7374
ManageEngine Password Manager Pro SNMP 7413
Proxim Orinoco WAP 7374
Pure-FTPd 7374
Radware AppDirector 7374
Raritan Dominion Switch 7374
RSA Authentication Manager 7.1 7374
Checkpoint Safe@Office Firewall 7374
Samba 7374
SanDisk CMC 7374
SecureSphere Database Gateway 6.0 7374
SecureSphere System and Firewall Events 6.0 7374
SecureSphere Web Application Firewall 6.0 7374
SELinux 7374
Linux Sendmail 7374
Serv-U FTP Server 7374
Serv-U FTP Server (Never Rotate) 7374
smnpd daemon messages 7374
Sonicwall Email Security 7374
Sophos Anti-Virus SNMP 7439
StoneGate Firewall v5.3 CEF 7374
SolarWinds Orion and Virtualization Manager 7380
Symantec Web Security for Windows 7374
Thycotic Secret Server 7374
Trend Micro Interscan Gateway Security Appliance 7374
Vericept Monitor 7374
VIPRE Business 4.0 7374
VIPRE Business - System Events 4.0 7374
VIPRE 5.0 7374
vsftpd xferlog 7374
WatchGuard firewalls 7420
Webroot Antispyware Corporate Edition 3.5 7374
Websense Data Security 7435
WatchGuard Extensible Content Security (XCS) auth log 7374
WatchGuard Extensible Content Security (XCS) syslog 7374
Wescom Resources Group's Host Gateway Windows Log 7374
WS_FTP Server Corporate 7374
Xirrus WiFi Array 7374


Description Version
3Com Switch 7374
AIX Audit 7405
AIX Syslog 7426
Allied Telesis Routers and Switches 7374
Apache Access 7374
Apache Error 7374
APC InfraStruXure 7374
Aruba Wireless Access Point 7374
Aruba Wireless Access Point 3x 7453
Legacy TriGeo Agent AS400 Tool 7374
Astaro Security Gateway 7374
Adtran Atlas Switch 7374
AVG DataCenter 8.0 7374
AVG DataCenter 7.5 7374
AVG 7.5 Network 7374
Axcient Unified Management Console (UMC) 7380
Barracuda Admin 7374
Barracuda NG Firewall (Phion Netfence) 7374
Barracuda Web Application Firewall 7374
Bind 7374
BioPassword 7374
Bit9 Parity v5+ Syslog 7492
Blade RackSwitch 7374
Blue Coat ProxySG 7399
Novell BorderManager 7374
Novell BorderManager Web Proxy 7374
Borderware Firewall 7374
Cisco ACS Admin Audit 7387
Cisco ACS Admin Audit 4.1+ 7387
Cisco ACS Backup and Restore 7374
Cisco ACS Database Replication 7374
Cisco ACS Database Sync 7374
Cisco ACS Failed Attempts 7374
Cisco ACS Passed Authentications 7374
Cisco ACS User Password Changes 7374
Cisco ACS RADIUS Accounting 7374
Cisco ACS Service Monitoring 7374
Cisco Secure ACS 4.1 Syslog 7374
Cisco ACS TACACS+ Accounting 7374
Cisco ACS TACACS+ Administration 7374
Cisco ACS VoIP 7374
Cisco CatOS 7374
Cisco Content Security and Control Security Services Module 6.1-6.2 7374
Cisco Content Security and Control Security Services Module 6.3+ 7374
Cisco PIX and IOS 7443
Cisco IDS/IPS v4/5.x 7374
Cisco IPS 5+ (SDEE) 7374
Cisco (NAC) Network Access Control Appliance with Clean Access Manager (CAM) or Server (CAS) Software 7422
Cisco VPN 7374
Cisco Wireless LAN Controller and IOS-XE Software 7388
Citrix Secure Access Gateway Enterprise Appliance / Netscaler 7374
Citrix Secure Access Gateway 7374
ClamAV 7374
CodeGreen Content Inspection 7374
CodeGreen Content Inspection user 7374
Command for Exchange Server 7374
ConSentry Controller 7374
Manager Monitor 7374
SWLEM Reports 7374
Corente AWB 7374
Cyberguard 7374
Cyberoam UTM 7374
Dell PowerConnect Switches 7374
DeviceLock Events 7374
DeviceLock Audit 7374
eEye Blink Professional Endpoint Protection 7380
EFT Server Enterprise Windows Application Log 7374
Enterasys C-Series and N-Series Switches 7374
ePolicy Orchestrator (ePO) 7380
ePolicy Orchestrator (ePO) 4.5+ 7467
VMWare ESX esxcfg-firewall log 7374
VMWare ESX hostd log 7374
VMWare ESXi Hostd log 7483
VMWare ESX messages log 7406
VMWare ESXi messages log 7406
VMWare ESX secure log 7429
VMWare ESX vmkernel log 7392
VMWare ESXi vmkernel log 7392
VMWare ESX vmkwarning log 7374
Extreme Switch 7452
F5 BigIP BSD daemon messages 7374
F5 BigIP HTTPD specific 7374
F5 General BIG-IP specific messages 7454
F5 BigIP messages 7374
FirePass SSL VPN 7374
Flex Teller 7374
Forefront Security Application Log (Client Security Exchange and Sharepoint) 7374
Forefront Security SQL Database 7374
Forefront Security System Log (Client Security) 7374
FortiGate 2.5 7374
FortiGate 2.8+ 7448
Foundry 7374
FreeRADIUS 7374
F-Secure Anti-Virus 7 7374
Globalscape EFT client 7374
Globalscape Secure FTP (W3C Extended file format) 7407
GNAT Box System Software v.3.3 7415
Group Shield/Outbreak for Exchange Server 7374
HP ProCurve Switches Firmware F.05.65+ Zl Series 7374
HP-ux Syslog 7374
IAS RADIUS Non-Rotating File 7374
IAS RADIUS Rotating File 7374
Windows IAS System Log 7374
Microsoft IIS Web Server 5.0 (W3C Extended file format) 7374
Microsoft IIS Web Server 6.0 (W3C Extended file format) 7374
Microsoft IIS Web Server 7.0 (W3C Extended file format) 7374
Microsoft IIS FTP Server 5+ (W3C Extended file format) 7374
InoculateIT 6.0 7374
InoculateIT 7.0+ 7374
IntruShield 7490
IP Filter 7374
St. Bernard iPrism 7374
IronPort Web Security 7374
Microsoft ISA 2004/2006 Firewall (ISA Server file format) 7374
Microsoft ISA 2004 Web Proxy (ISA Server file format) 7374
Microsoft ISA 2004/2006 Firewall (W3C Server file format) 7374
Microsoft ISA 2004 Web Proxy (W3C Server file format) 7374
Microsoft ISA 2006 Web Proxy (ISA Server file format) 7374
Microsoft ISA 2006 Web Proxy (W3C Server file format) 7374
Microsoft ISA Server Application Log 7374
Microsoft ISA 2000 Firewall (ISA Server file format) 7374
Microsoft ISA Packet Filter (ISA Server file format) 7374
Apache Tomcat isapi_redirect 7374
Microsoft ISA Web Proxy (ISA Server file format) 7374
Microsoft ISA Firewall (W3C Extended file format) 7374
Microsoft ISA Packet Filter (W3C Extended file format) 7374
Microsoft ISA Web Proxy (W3C Extended file format) 7374
ISS Proventia IPS 7380
ISS RealSecure IDS 7380
JACO CartCare 7374
Juniper IDP 3.x 7374
Juniper IDP 4.0+ 7374
Juniper NSM 7374
Juniper JUNOS 7455
Kaspersky Administration Kit 8 7417
Kaspersky Anti-Virus 6 7374
LinkProof 7374
Linux Auditd 7374
DHCPd 7374
LogAgent for OS400 (Patrick Townsend Security Solutions) 7410
Lotus Notes and Domino Server 8 7374
Mac OS X (crashreporter) 7374
Mac OS X (install) 7374
Mac OS X (mail) 7374
Mac OS X (ppp) 7374
Mac OS X (secure) 7374
Mac OS X (system) 7374
McAfee Access Protection 7374
McAfee On Access Scan v7.0 7374
McAfee Activity Log (4.5 DAT file update) 7374
McAfee Mail Scan 7374
McAfee NetShield 7374
McAfee Total Protection 7374
McAfee Update v7.0 7374
McAfee VSC 7374
McAfee VSH Home 7374
McAfee VSH 5.0/7.0 7374
McAfee VSH 80i 7374
McAfee VSH 85i 7374
McAfee Web Email Scan 7374
Meditech 7374
Motorola WLAN Controller 7374
MOVEit Windows Application Log 7444
MOVEit Log 7444
Microsoft Exchange Application Log 7411
Microsoft Exchange Event Log 7411
Microsoft RRAS 7374
MSSQL 2000 Application Log 7442
SolarWinds Log and Event Manager MSSQL Auditor 7475
nDepth Log Storage Message 7374
Neo Accel SSL VPN 7374
Neoteris VPN/Juniper SA series 7374
Nessus Message 7374
Nessus Report 7374
Nessus XML Report 7374
Nessus Security Scanner NBE Report 7374
Net Access 7374
iptables / netfilter 7374
Netgear FV Series 7374
Netgear SSL VPN Concentrator SSL312 7374
Netgear Switch 7374
Netilla VPN 7419
NetIQ Directory and Resource Administrator 7374
Netscreen 7374
Juniper/NetScreen 5 7491
Adtran NetVanta Router 7374
Novell Netware 4.1 - 5.3 7374
Novell Netware 6.5 7374
Novell Netware 6.5 File 7374
Novell Netware 6.5 (Database) 7374
Network Box RM300 and ITPE1000 7374
NitroSecurity IPS 7374
Nortel Contivity 200 Series 7374
Nortel Alteon 7374
Nortel Baystack 7374
Nortel Contivity 7374
Nortel Ethernet Routing Switch 7374
Nortel Ethernet Routing Switch 4500 Series 7374
Nortel WLAN Security Switch 7374
Symantec Corp Antivirus 7374
Novell Identity Audit DB 7374
Windows Application Log 7423
Windows DNS Server Log 7374
Windows Directory Service Log 7428
Windows File Replication Service 7374
Windows NT/2000/XP Security Log 7374
Windows System Log 7446
NuBridges Protect Key Manager 7374
NuBridges Protect Resource Service 7374
NuBridges Protect Token Manager Engine 7374
OpenBSD FTPd 7374
OpenLDAP 7374
OPSEC(TM) / Check Point(TM) NG LEA Client 7374
Oracle Auditor - Syslog 7374
Oracle Auditor - Windows 7441
Osiris Host Integrity Monitoring System 7374
Palo Alto Networks PA-2000 Series and PA-4000 Series Firewall 7463
Linux PAM 7418
PatchLink Vulnerability 7374
pcAnywhere 7374
Permeo VPN 7374
PointSec PC 7374
Postfix 7374
ProFTPD Access 7374
ProFTPD Auth 7374
PowerTech Interact 7374
QualysGuard Scan Report 7374
Reflex IMC 7374
RemotelyAnywhere / LogMeIn 7374
Retina 7374
SafeNet SafeWord 7374
Savant Protection 7374
SecureNet IDS 7380
SecurID 7374
SecurID Syslog 7374
Extreme Sentriant 7374
Sidewinder Firewall 7374
Sidewinder 6.1+ Firewall 7401
SmoothWall Unified Threat Manager 7433
Snort 7440
SyslogSnort 7440
FortiSnort 7440
Solaris 10 BSM Auditing 7374
Solaris 10 Snare Auditing 7374
Solaris 8 and 9 Snare Auditing 7374
SonicWALL SSL VPN 7391
SonicWall 7465
SonicWall GMS 7374
Sophos Anti-Virus for Win2k 7374
Sophos Enterprise 2.0 Database 7374
Sophos Enterprise 3.0 Database 7374
Sophos ES appliance 7374
Sophos ES appliance auth 7374
Sophos WS appliance 7374
Squid Access Log 7374
SquidGuard Access Block Log 7374
sudo 7374
sudo syslog 7374
Sybari's Antigen 7.0 for Exchange Server 2000 7374
Symantec Endpoint Protection 11 7445
Symantec Gateway IDS 7374
Symmetricom SyncServer 7419
Titanium Mirror Firewall 7374
Tippingpoint SMS 7374
Tippingpoint IPS 2.1 7374
Tippingpoint IPS 1.4 7374
TippingPoint Audit and System 7374
Tippingpoint X505 7374
TopLayer Attack Mitigator 7374
Trend Deep Security 7374
Trend IMSS 7374
Trend IMSS Policy 7374
Trend IMSS Virus 7374
Trend InterScan 7374
Trend Office Scan 7374
Trend ScanMail 7374
Trend Server Protect 7374
TriCipher 7374
Tripwire Enterprise 7374
Ultra VNC 7374
Symantec Velociraptor 1.5 7374
Symantec Velociraptor 2.0 7374
Symantec Velociraptor 3.0 7374
VIPRE Enterprise 3.1 7374
VisNetic Firewall 7374
Windows 7/2008/Vista Security Log 7449
Vormetric 7374
Websense Web Filter and Websense Web Security 7434
Websense Web Filter and Websense Web Security Database 7435
WatchGuard Firebox 7429
WatchGuard SOHO 7429
WatchGuard Vclass 7374
WatchGuard Vclass (Alarm) 7374
WatchGuard Vclass (VPN) 7374
WatchGuard Xcore 7429
WatchGuard Firebox X Edge E-Series 7429
Windows DHCP Server 2000 7374
Windows DHCP Server 2003 7374
Windows DHCP Server 2000/2003/2008 System Log 7374
Windows DNS Traffic Log 7374
Windows Firewall 7374


Differences Between the Web and Desktop Consoles

The following are differences between the web and desktop consoles. Otherwise, the two consoles are identical.

  • The web console resides on the LEM appliance. Use one of the following URLs to access the web console, where managerAddress is the hostname (recommended) or IP address of your LEM appliance:
    • Evaluation Version: http://managerAddress
    • Licensed Version: https://managerAddress
  • The web console does not require the Adobe AIR runtime.
  • You can open concurrent instances of the web console on the same computer (not recommended), but you can only open one instance of the desktop console per computer.
  • The web console always shows the appliance on which it resides, called the host manager, in the Manage > Appliances area.
  • The desktop console requires you to add at least one appliance in the Manage > Appliances area before it is functional.
  • The web console displays a confirmation prompt before allowing you to browse to a file location when exporting any of the following items:
    • Rules
    • User Settings
    • nDepth Results (PDF)
    • nDepth Result Details (CSV)
  • Both consoles have a minimum size of 1000 x 720 px, but you can make the web console smaller by resizing the browser window (not recommended).
  • The desktop console allows you to view console popup windows independently. The web console always displays popup windows within the browser window. These windows include:
    • nDepth Export
    • nDepth Widget Builder
    • Widget Builder (Ops Center, Monitor)
    • Filter popup notifications
    • Data Simulation Complete popup
  • When you run the activate command in the CMC, the desktop console automatically tries to reconnect to the manager after it becomes available again. The web console displays a popup message with its new URL and you have to reconnect manually.
  • The only way to log out of the host manager when using the web console is to close the browser tab or window.

Additional Requirements

The following are additional requirements for components added in v5.4:

  • Web Console
  • Hyper‑V Appliances

Web Console

  • The web console requires Flash Player 11.
  • SolarWinds supports the LEM web console in the following browsers:
    • Internet Explorer 8 and later
    • Mozilla Firefox 10 and later
    • Google Chrome 17 and later
    • Support for IE 10 on Windows 8

Hyper‑V Appliances

The following are additional steps and requirements needed to deploy LEM using Microsoft Hyper‑V.

  • Configure the appliance's network settings after deploying the VHD.
  • Enable the Hyper‑V time synchronization integration service.

To configure network settings in Hyper‑V:

  1. Open Hyper‑V Manager.
  2. In the left pane, select the LEM appliance.
  3. In the Actions pane (right), click Settings.
  4. In the left pane under Hardware, click Network Adapter.
  5. In the right pane, select the network you want to connect to.
  6. Click OK.

To enable time synchronization in Hyper‑V:

  1. Open Hyper‑V Manager.
  2. In the left pane, select the LEM appliance.
  3. In the Actions pane (right), click Settings.
  4. In the left pane under Management, click Integration Services.
  5. In the right pane, select the Time synchronization checkbox.
  6. Click OK.



Installing and Upgrading SolarWinds Log & Event Manager

The following sections provide required information for installing and upgrading Log & Event Manager.

  • General Requirements
  • Supported Versions
  • Upgrading Log & Event Manager

General Requirements

The following are the general requirements for installing SolarWinds Log & Event Manager. For additional information about how to install Log & Event Manager, see the Log & Event Manager QuickStart Guide.Support for Hyper-V on Windows 2012

Component Requirement
Virtual Appliance
  • VMWare ESX/ESXi with vSphere 4.0 or later
  • Microsoft Hyper‑V 2008 R2 (see Additional Requirements)
Web Console See Additional Requirements
Desktop Console Adobe AIR Runtime on:
  • Windows
  • Mac
  • Linux
LEM Reports Crystal Reports Runtime on Windows

Supported Versions

SolarWinds supports Log & Event Manager versions 5.2 and later, and SIM versions 5.0 and later.

Upgrading Log & Event Manager

The following section provides critical notes regarding how to complete an upgrade to the latest version of Log & Event Manager, regardless of your current version.

Upgrade to Version 5.5 from Version 5.4 or 5.2

We recommend that you upgrade to 5.4 before upgrading to 5.5, though we also support upgrades from 5.2.

If you are upgrading from a version prior to LEM 5.2, use the following upgrade path to upgrade:

4.5.3 > 5.0.2 > 5.2.1 > 5.4 (recommended)  > 5.5

Reboot after the 5.4 upgrade on hardware (SIM) appliances takes 15+ minutes

If you are upgrading a hardware (SIM) appliance, the upgrade repartitions the available disk space on the appliance upon reboot. This adds up to 15 minutes to the upgrade process. Do not turn off or reboot the appliance until after it starts up completely.

Let Agents Reconnect During Incremental Upgrades

When you are preforming incremental upgrades, like upgrading from v5.0 to v5.2 in order to upgrade to v5.5, we recommend you let your LEM Agents reconnect to the upgraded LEM Manager after each step.

Download the Latest Connector Update Package After You Upgrade

All LEM upgrades include a connector update, but we often update the stand-alone Connector Update package between releases as well. To ensure you have the latest version of all of the LEM connectors, download the current Connector Update package here.

McAfee On-Access Scan Prevents the Upgrade Script from Extracting the Upgrade Files

The upgrade script fails and returns the following error when McAfee On-Access Scan prevents it from extracting the upgrade files:

cp: cannot stat '/tmp/smb/Upgrade/x64jar': No such file or directory


  1. Open McAfee On-Access Scan Properties
  2. Click the Blocking tab.
  3. Clear Block the connection when a threat is detected in a shared folder.
  4. Click OK.
  5. Rerun the LEM upgrade.



Licensing for v5.3 and Later

Log & Event Manager v5.3 included a new license for all LEM customers. Access your activation key from the SolarWinds Customer Portal, and activate your LEM Console from Manage > Appliance > License. If you receive an error ("Error retrieving license information"), check your license key and network connection, or use the manual activation feature from the SolarWinds Customer Portal.

Note: If you are upgrading from a functional v5.3 LEM appliance, you have already completed this step.



Other Known Issues

The following sections provide information related to known issues in Log & Event Manager Version 5.4, organized by functional area:

  • Console
  • Appliance/Manager
  • Reports
  • MSSQL Auditor
  • Connectors




  • When upgrading from 5.4 to 5.5, the software version number may not display the correct version. Clear the browser cache and the correct version should display.
  • When going from an AIR Console previous to 5.3 you must upgrade to the 5.4 AIR Console first before moving to a 5.5 AIR Console due to an AIR Console certificate change. This does not affect the web console.
  • A previously configured connector will have the vendor column blank and the tool tip description is missing.
  • When you log into the desktop console with saved credentials after upgrading from 5.3.1, the 5.5 console prompts for your password. After you provide it once and save the credentials, the console does not prompt again. (CMANAGE-502)
  • The web console login screen shows http:// without a hostname or IP address, and you get the error, Unable to connect to manager: http:// when you try to connect using the URL, http://managerAddress/lem
  • When the web console is loading a new session, you are able to authenticate to a second session as the same user. (CINT-75)
  • The web console does not close a second instance when you click OK on the multiple session warning message. (CINT-77)
  • Flash Player in Firefox 9.0 does not perform as expected with the web console. Upgrade to the latest version of Firefox. (CINT-69)
  • Drag and drop functionality in the web console does not work correctly with Flash Player in Firefox 9.0. Upgrade to the latest version of Firefox. (CMONITOR-980)
  • Connecting to the web console by IP address in Firefox 9.0 causes unexpected behavior from the LEM manager. Install the console certificate, add the LEM manager IP address to the Firefox exceptions list, or upgrade to the latest version of Firefox.
  • Chrome 17 displays a security warning when you connect to the web console by IP address or hostname. Upgrade to the latest version of Chrome and install the console certificate. (FB116214)
  • Chrome 18 displays a security warning when you connect to the web console by IP address. Install the console certificate and connect to the web console by hostname. (FB116214)
  • You cannot import or export filters with </, or : in their names. (FB127819)
  • The web console does not create an empty My Filters filter group when first launched. (CMONITOR-978)
  • If you do not close the Export dialog after exporting data from nDepth, a second export of the same data might not return all of the data. (CEXPLORER-1171)
  • You cannot use Active Directory groups or users from Organizational Units (OU) with /\, or " in their names. (FB129259)
  • If you import multiple copies of the same rule in a single batch, you must delete the rule multiple times to remove it from the manager. (CBUILD-921)
  • The Add > Directory Service User and Add > Directory Service Group dialog does not load the current OU every time it launches. To refresh the current OU in these dialogs, select a different OU, and then select the original one. (CBUILD-966)
  • When you import a user from Active Directory (AD) to create a LEM user, LEM does not update the LEM user when you change the AD user. To update LEM users imported from AD, delete and recreate the user in LEM. (FB127486)
  • When you import user settings into the desktop console, the list of managers in Manage > Appliances is updated with the imported list, and the console does not reconnect to any previously-connected managers. (CMANAGE-482)
  • When you select Agent in the Node filter on Manage > Nodes, the filter menu continues to display Agent after you click the Reset button. (CMANAGE-497)



  • Connectors configured on the manager for /var/log/syslog or /var/log/messages need to be reconfigured
  • Explore nDepth displays the following message “No Vertica user name specified in startup packet”
  • The upgrade script hangs if the primary network interface (eth0) is down or does not have an IP address (as is the case with secondary or HA appliances)
  • If you run the hostname command on an appliance that does not have an IP address assigned to the primary network interface (eth0), it fails with a fatal error. Run cmc > appliance > netconfig to assign or obtain an IP address prior to changing the hostname
  • Unable to import Connector Profiles exported from a 5.4.0 console
  • Deleting Agents that are connected and letting them reconnect causes "Discovery Error: Request Timeout" message in console
  • Unable to import User Defined Groups exported from a 5.4.0 console
  • Unable to import Time of Day Set exported from a 5.40 console
  • Unable to import Alert Groups exported from a 5.4.0 console

Agent and USB-Defender


  • There is no remote agent upgrade for LEM agents running on Mac OS. Update these agents manually by running the current agent installer for Mac OS. (MGR-472)
  • When you try to uninstall a 5.3 agent that was upgraded from a previous version, you may receive one of two errors:
    • A popup with Exception "java.lang.IllegalArgumentException...": Resolved by using the Remote Agent Uninstaller rather than Add/Remove Programs.
    • A JVM launcher error: Resolved by running the current Agent Installer, then uninstalling the Agent.
  • Upgraded agents may appear with a new IP and/or hostname combination. This issue is more prevalent on Unix/Linux platforms due to a known issue in the Java Runtime Environment. Enter the expected/desired values in the /etc/hosts file.



  • The email address and phone number for Support on the About Reports dialog are incorrect. To contact Support, submit a ticket. (FB126056)

MSSQL Auditor


  • MS SQL Auditor does not work with SQL 2012. (FB117809)



  • Connectors that connect to a database must be run on an agent, and not the appliance. These connectors include:
    • AVG DataCenter 7.5
    • AVG DataCenter 8.0
    • DeviceLock Audit
    • DeviceLock Events
    • Forefront Security SQL Database
    • Kaspersky Administration Kit 8
    • Novell Netware 6.5 (Database)
    • NOD32 Antivirus 4 SQL Event
    • NOD32 Antivirus 4 SQL Scan
    • NOD32 Antivirus 4 SQL Threat
    • NOD32 Antivirus 4 Access Event
    • NOD32 Antivirus 4 Access Scan
    • NOD32 Antivirus 4 Access Threat
    • Novell Identity Audit DB
    • PatchLink Vulnerability
    • SonicWall GMS
    • Sophos Enterprise 2.0 Database
    • Sophos Enterprise 3.0 Database
    • VIPRE 5.0
    • VIPRE Business 4.0
    • VIPRE Business - System Events 4.0
    • VIPRE Enterprise 3.1
    • Websense Web Filter and Websense Web Security Database



Copyright © 1995-2012 SolarWinds Worldwide, LLC. All rights reserved worldwide.

No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.


The SolarWinds, the SolarWinds & Design, ipMonitor, LANsurveyor, Orion, and other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies. Microsoft®, Windows®, and SQL Server® are registered trademarks of Microsoft Corporation in the United States and/or other countries.

Last modified