Last week, we released version 6.0.1 of Log & Event Manager. Normally we don't make too much noise about service releases (minor dot releases) 'round these parts, but this time we decided to make an exception. We packed a lot of security enhancements and customer requests into this release that you should definitely be aware of.


Enhanced Security Features

  • Removal of several flagged "vulnerabilities" on the LEM appliance: We continuously monitor security scans and while rarely (dare I say, almost never?) has there been an issue without a mitigation (like ShellShockfor example), we do still try to make sure we reduce and ideally eliminate any vulnerability scans from flagging the LEM appliance in any way. With this release, we've cleaned up all known security scan flags except the visibility of the Tomcat error page which we're looking into for a future release, and a couple of certificate triggers which are expected and would be resolved by using a CA-signed cert.
  • Better support for using signed certs: We had some customers use the ability to sign and re-upload certs for the LEM console, but there were some cases where it didn't work quite right. We shored up our support for certs and things should be much improved.
  • Improved enforcement for password storage for connectors: some connectors require storing username/password credentials (connectors that use a database to retrieve log data, for example) so we've beefed up encryption and version enforcement for storage of those passwords. Once you upgrade your 6.0.1 appliance and console, you'll need to also upgrade any agents that might have one of these connectors configured (or where you'll configure one going forward).

And the big one...

  • Named user access and TLS support for reports: our database has been encrypted since version 5.6 (and even before that has always been limited access), but using JDBC access and a fixed username was cause for concern for some folks. We've migrated to using LEM users (including AD users) for reports instead, and optionally allowing you to enable TLS connectivity.
    • There's a new "reports" role in the LEM console that you can assign if you have users that shouldn't have access to real-time data, but do need access to historical data. In addition, admin and auditor roles also have reporting access (but not monitor users).
    • When you install v6.0.1, be sure to install v6.0.1 reports, launch it, and specify your access credentials, especially if you have scheduled reports. Your reports won't run until you do.
    • If you're interested in using TLS, use the CMC's "enabletls" command to toggle TLS support for reports (you'll have to export the cert using "exportcert" and then import into the reports console as well).


FIM (File Integrity Monitoring) Updates

  • Fix for the "NT AUTHORITY\SYSTEM" username when accessed by a fileshare: we put this out in a hot fix but now it's incorporated in the agent install and agent automatic upgrade. When someone accesses a file remotely, the username should be shown instead of the stock NT AUTHORITY\SYSTEM user.
  • Fixes for several configuration issues with FIM: we've had a few issues reported with FIM from customers - directories not displaying, for example - that we've resolved.


But Wait, There's More!

  • Support for SQL Auditor with SQL 2012: we're working on SQL 2014, too, but for now we officially support SQL 2012 with SQL Auditor, along with the previous support for earlier versions (2008, 2005, 2000).
  • Better support for large memory configurations: customers with high throughput have assigned extra RAM and CPU to the LEM appliance, but support often had to remote in and tweak some settings. We've improved our auto-tuning on startup to detect and support these configurations.
  • Several additional utilities and smaller fixes, including: improvements to our internal logging, a utility to rebuild indexes more easily, and as always more officially supported connectors (remember, you can download these at any time - see SolarWinds Knowledge Base :: How to apply a LEM connector update package)


Customers on maintenance can download the LEM v6.0.1 upgrade on the Customer Portal immediately. For everyone else, the download on the LEM Product Page is now v6.0.1, too.


Be sure to check out What We're Working on - Log & Event Manager Edition for some ideas on where we're going next. If you've got any questions about v6.0.1 or all things LEM, post them here or over in the Security Event Manager (SEM) - Formerly Log & Event Manager forum.