Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > Log and Event Manager (LEM) 6.3.1 Hotfix 5 ReadMe

Log and Event Manager (LEM) 6.3.1 Hotfix 5 ReadMe

 

LEM 6.3.1 Hotfix 5 Release Date: June 29, 2017

ReadMe File Updated: June 27, 2017

This is the latest Hotfix for LEM 6.3.1.

This hotfix can be downloaded from your Customer Portal.

Notes

  • This hotfix cannot be uninstalled! If you have any problems with Hotfix 5, contact SolarWinds Technical Support:  www.solarwinds.com/company/contact-us
    Technical Support cannot remove this hotfix after it has been applied, however if you experience a problem, Support can work with you to resolve the issue.
  • This release includes the following LEM Manager and LEM Agent updates:
    • LEM Manager Hotfix 5
    • LEM Agent Hotfix 5
  • SolarWinds strongly recommends that you apply the LEM Manager Hotfix and the LEM Agent Hotfix in tandem. (Do not apply the LEM Agent Hotfix without also applying the LEM Manager Hotfix, or vice versa.)
  • This is a cumulative hotfix that includes fixes from Hotfix 1, Hotfix 2, Hotfix 3, and  Hotfix 4.

Fixed Issues

Hotfix 5 includes one security issue fix and five functionality updates.

Security Issue Fixed in Hotfix 5

Hotfix 5 includes the following LEM Manager update:

  • Fixed a hard-coded credential vulnerability (CWE Classification 798) 

Vulnerability Overview:

Hotfix 5 removes hardcoded passwords and hash digests that were discovered within the LEM appliance. These credentials were only accessible via root access. SolarWinds is not aware of any instances of this vulnerability being actively exploited.

CVE identifiers for this vulnerability are not available as of the Hotfix 5 release date. For information about the Common Vulnerabilities and Exposures (CVE) system, see https://cve.mitre.org/about/

Credit Statement:

SolarWinds would like to credit Joshua Hardin and Matt Bergin at KoreLogic for reporting the hard-coded credential vulnerability. 

To report a potential vulnerability to SolarWinds, please email PSIRT@solarwinds.com

Functional Issues Fixed in Hotfix 5

LEM Manager updates in this release:

  • Added several updates to improve logging and enhance supportability.
  • Upgraded Tomcat to version 8.0.44.
  • Fixed an issue with free disk calculations.
  • Upgraded the SSH library to support AES encryption by default.
  • Windows Server 2016 nodes are now labeled properly in the LEM console. Previously, the LEM console listed computers running Windows Server 2016 as Windows NT (unknown).

LEM Agent updates in this release:

  • Added several updates to improve logging and enhance supportability.
  • Upgraded the SSH library to support AES encryption by default.
  • Windows Server 2016 nodes are now labeled properly in the LEM console. Previously, the LEM console listed computers running Windows Server 2016 as Windows NT (unknown).

Issues Fixed in Previous Hotfixes

The following fixes from Hotfix 1, Hotfix 2, Hotfix 3, and Hotfix 4 are also included in this Hotfix:

  • Addressed several security issues.
  • Made multiple updates that improve communication with the LEM Agent.
  • Fixed an issue related to free disk space management. Previously, LEM might under-report the amount of disk space remaining if raw logging is enabled.
  • Made updates that improve the performance of some connectors. In addition, fixed a bug that caused a connector to not function properly.
  • Fixed a CMC command vulnerability.
  • Scheduled nDepth search: results limited to 50,000.
  • Fixed ImportCert error when importing certificate after command failure.
  • Fixed an issue that displays the IP address instead of the FQDN/hostname in "All Installed Agents."
  • Fixed an issue that occurs when an L4 Database appliance starts with only 128MB of memory.
  • Updated the Java platform to the latest version.
  • Fixed an out-of-memory issue that occurs when sending alerts to the console. The fix improves performance when a large number of events are sent to the console.
  • Fixed agent-manager communication issues: periodic disconnect and others.
  • Fixed an issue with nDepth log retention (logging missing date in raw records).
  • Fixed an issue that prevents logging in to LEM if using UserPrincipalName with a custom Alias, or SAMAccountName with NETBIOS.
  • Added the ability to use sub-alias LDAP environments.
  • Removed field limitations in the normalized alert database.
  • Fixed a log rotate issue that causes connectors to stop working if log lines are too long.
  • Fixed a single sign-on (SSO) issue that occurs if a Kerberos ticket is unusually long because a user belongs to many groups.
  • Added the ability to configure custom LDAP groups for authentication.
  • Set an agent memory limit for agents upgraded from older versions.
  • Fixed other agent-manager communication issues.
  • Additional improvements to assist customer support, including improved logging, and added diagnostics.
  • The threat-feeds server certificate changed. LEM cannot download threat-feeds IPs.
  • Unable to use a domain containing a dash in the LDAP configuration.
  • Unable to recover a password when HTTP is disabled.
  • Exceptions during a fast evaluation are not logged.

Environment

This hotfix includes updates to the SolarWinds LEM Virtual Appliance (Hotfix 5) and the LEM Agents (Hotfix 5). 

  • To Install Hotfix 5 on the LEM Appliance:
    Verify that the LEM Appliance is running release 6.3.1, 6.3.1 HF1, 6.3.1 HF2, 6.3.1 HF3, or 6.3.1 HF4. (Verification steps are provided in the next section.)
    Following verification, complete the steps in the Install Hotfix 5 on the LEM Manager section.
     
  • To install Hotfix 5 on the LEM Agents:
    Use the auto-upgrade feature to automatically upgrade Agents. See Install Hotfix 5 on the LEM Agents section for more information.

    If upgrading older agent versions, the agent is first upgraded to version 6.3.1, and then to version 6.3.1.hotfix5.

Verify the LEM appliance release version

  1. Open the LEM console and log in to the LEM Virtual Appliance.

  2. Click Manage > Appliances.

  3. Under the Version column, check the current LEM version. 

  • If the version is Release 6.3.1, 6.3.1 HF1, 6.3.1 HF2,  6.3.1 HF3, or 6.3.1 HF 4, install the hotfix. Go to the next section: Install Hotfix 5 on the LEM Manager.
  • If the version is not Release 6.3.1, 6.3.1 HF1, 6.3.1 HF2, 6.3.1 HF3, or 6.3.1 HF4, do not install the hotfix.

Install Hotfix 5 on the LEM Manager

  1. Log in to the CMC command-line interface using an SSH client (such as PuTTY) or the hypervisor console.

    1. At the cmc> prompt, enter:

      manager

    2. At the cmc::manager> prompt, type:

      hotfix

  2. Follow the instructions on your screen. You will need to provide the network path to your Hotfix 5 files and credentials that have Read access to this path.

    For example:

    \\server\share\unzipped_hotfix_folder\hotfix

    If you receive a message stating that no upgrades were found, ensure that you entered the correct path to the files.

    When complete, a cmc::manager> prompt appears.

  3. Reboot the appliance:

    1. To return to the main menu from the cmc::manager> prompt, type:

      exit

    2. At the cmc> prompt, type:

      appliance

    3. At the cmc::appliance> prompt, type:

      reboot

  4. After the appliance reboots, log in to CMC:

    At the cmc> prompt, type:

    manager

  5. At the cmc::manager> prompt, type:

    viewsysinfo

    The system info appears on your screen.

  6. At the top of your screen the following message should appear if the hotfix was installed correctly:

           SolarWinds manager version is: 6.3.1
           SolarWinds manager build is: hotfix5

    Hotfix 5 is installed on LEM Manager.

Install Hotfix 5 on the LEM Agents 

Please use the auto-upgrade feature to upgrade agents to Hotfix 5. To enable the Global Automatic Updates feature in the console:

  1. Choose Manage > Appliances.
  2. In the Properties pane, click the Settings tab.
  3. Under the Remote Updates heading, select the Enable Global Automatic Updates option. 
  4. Click Save at the bottom of the page.

Contact Technical Support at www.solarWinds.com/company/contact-us if you cannot use the auto-upgrade feature, or if there are communication issues between Agents and the LEM Manager.

SolarWinds is working on updated agent installers that include Hotfix 5. Updated agent installers will be posted to the Customer Portal as soon as they are available.

Uninstalling Hotfix 5

This hotfix cannot be uninstalled! If you have any problems with hotfix 5, contact SolarWinds Technical Support at www.solarWinds.com/company/contact-us.
Technical Support cannot remove this hotfix after it has been applied, however if you experience a problem, Support can work with you to resolve the issue.

Last modified
12:39, 30 Jun 2017

Tags

Classifications

Public