Submit a ticketCall us

AnnouncementsTHWACKcamp 2018 is here

2018 is the seventh year for THWACKcamp™, and once again we’ll be live October 17 – 18 with packed session tracks covering everything from network monitoring and management, to change control, application management, storage, cloud and DevOps, security, automation, virtualization, mapping, logging, and more.

Register for online sessions.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > Previous Versions > SolarWinds Log & Event Manager (LEM) 6.2.1 Release Notes

SolarWinds Log & Event Manager (LEM) 6.2.1 Release Notes

Created by Caroline Juszczak, last modified by Caroline Juszczak on Mar 12, 2018

Views: 1,007 Votes: 0 Revisions: 3


Updated 12/18/2015


SolarWinds Log & Event Manager (LEM) v6.2.1 provides new functionality and improves on previous LEM versions. These release notes explain the new features, performance improvements, and fixed issues.


LEM 6.2.1



New Features and Improvements

The LEM 6.2.1 service release includes new bug fixes, as well as the following features and improvements released with LEM 6.2.0:

  • Threat intelligence feed: Retrieves periodic updates from a secure threat feed data source, tagging events that contain threat IP addresses.
  • Automatic connector updates: Update connectors automatically through the LEM console interface, minimizing the amount of Unmatched Data in your LEM deployment.
  • Virtual appliance details in the LEM Manager: See the host appliance resource settings so you can avoid and, if needed, troubleshoot performance issues.

Version Requirements

Different sized installations may require greater or fewer resources. For detailed information on sizing and resource requirements, see the "Requirements" section of the Log & Event Manager Deployment Guide.

Before installing, always make sure your hardware and software meet the minimum requirements.

Virtual appliance minimum resource requirements

Software/Hardware Requirements
Virtualization platform
  • VMware vSphere Hypervisor ESX/ESXi 4.0 or later
  • Microsoft Hyper V Server 2008 R2, 2012, and 2012 R2
CPU speed
  • 2 GHZ
  • 8 GB
Hard drive space
  • 250 GB is advised for smaller deployments.
  • 2.0 TB is advised for larger deployments.

Desktop console software and Reports software requirements

Software/Hardware Requirements
Operating system,
Desktop Console, & Reports
  • Windows Vista
  • Windows Server 2008 and 2008 R2
  • Windows 7
  • Windows Server 2012 and 2012 R2
  • Windows 8
  • Windows 10
CPU Speed
  • 1 GHz Pentium III or equivalent
  • 1 GB
Hard Drive Space
  • 5 GB
Environment Variables
  • Ability to install all software with administrator rights

Web console software requirements

Software/Hardware Requirements
Adobe Flash
  • Flash Player 15
Supported browsers
  • Internet Explorer 9 and later.

    Cannot run the web console on Internet Explorer 10 on a Windows Server 2012.

  • Mozilla Firefox 10 and later.
  • Google Chrome 17 and later

Desktop console software requirements

The LEM Desktop console requires Adobe Air 18.

Fixed Issues

Fixed issues in 6.2.1.

Issue Case Number
Unable to back up the LEM database after installing v6.2.


861546, 865557, 876159,
881491, 884294
Vulnerability in OpenSSL 1.0.2 that mishandles the carry propagation and produces incorrect output. This issue was reported by the National Vulnerability Database (CVE-2015-3193).


(LEM Database Server) The server requires additional Java Archive (JAR) files to function properly.


(LEM Manager) The DNS settings are not preconfigured, causing LEM Manager to run out of memory.


(LEM Manager) Vulnerability to an XML external entity injection through the agent message-processing service. This issue was reported by Digital Defense® Inc. (DDIVRT-2015-55).


(LEM Syslog Server) The server requires additional JAR files to function properly.



Known Issues

Issue Case Number
(LEM Agent and LEM Manager) The Rapid7® NeXpose® connector is not functioning properly.  
The File Integrity Monitoring (FIM) registry log is corrupted when log event names include a space character.  
Agent service stops immediately after installing using new InstallAnywhere and after running for 20 minutes. In both cases, the service restarts after 120 seconds and then runs flawlessly.  
Unmatched security data occurs during MS-SQL auditor installation.  
nDepth behaves inconsistently when you toggle between "Text input mode" and "Drag & Drop mode."  
Exporting a filter to nDepth with certain data string text values can cause data mismatches. This is because nDepth only supports comparing these fields to boolean values. For example, if the isThreat field may be set to a boolean value, but filter conditions allow comparing the isThreat field against the string text values 'true' or 'false', as well as boolean values true or false.To avoid data mismatches, make sure the filter is set only to boolean values true or falsebefore importing to nDepth.  
One of the following errors may occur when restarting snort: "An error occured. Exiting." or "The following error
occured: ERROR: Cannot start snort on interface eth0."
Windows 10 appears in the LEM Console as Windows 8.1.  
LEM 6 Adobe Flash vulnerability exists in crossdomain.xml policy. 674720


Last modified