2 Replies Latest reply on Dec 12, 2013 3:00 PM by nicole pauls

    LEM 5.7 RC - Notes & Info

    nicole pauls

      As mentioned in the Product Blog post and here in the forum, the LEM 5.7 Release Candidate is up on the portal. For all the details about new features, check out that post: Log & Event Manager v5.7 RC Now Available: Scheduled Searching, License Recycling, and More!


      Today, we released RC2, so the current version is:

      Log & Event Manager 5.7 RC2, released November 20, 2013


      What's New in LEM 5.7

      • Scheduled searching with nDepth - automate searches, export a ton of records (more than the Console can with a manual search) and have the CSV emailed automatically
      • License recycling - especially for customers with VDI and other temporary workstation environments, automate cleanup of old nodes that aren't sending data anymore
      • Performance and platform improvements - especially in the correlation engine, but also noteworthy:
        • Agent update - new Java 1.7 runtime, rolled up all the agent hotfixes from previous releases
        • Appliance update - new Java 1.7 runtime, updated Tomcat version (should reduce noise from vulnerability scans)
        • Console updates - including improvements to the nDepth manual search export
      • Lots of customer-requested fixes and changes to help support help customers faster/easier
        • Improved logging in some areas for troubleshooting (reduces an extra data collection call when you've got an issue)
        • Added import User-Defined Group from CSV functionality
      • New connectors
        • Support for NetApp file auditing (requires RC installed to work)
        • Lots of new standard connectors, which don't require the RC and can be downloaded at any time


      Full release notes will be up with the official release. If you have a question about a specific issue/feature, let me know.


      What's New in LEM 5.7 RC2 vs. RC1

      For those of you that downloaded RC1, the differences in RC2 are:

      • Upgrading agents from the 4.6 labeled version to 5.7 (applies to only customers with old 4.6 version agents installed)
      • Addition of automatic agent updates for non-Windows agents (other than Mac)
      • Resolved a console issue with 'save' button not always enabled with scheduled/saved searches
      • Added a tooltip to the group selection in License Recycling configuration to make it easier to see long groups
      • CSV export of records wasn't always exporting the maximum records, so a lot of time was spent to get this as close to the 10M maximum as possible
      • A couple of logging/cleanup items not worth detailing
      • RESOLVED: Some customers reported instances of the ol' BSOD after installing reports.


      What to Test in LEM 5.7 RC

      We're interested in testing of all new features and any of you that have had issues resolved. Specifically:

      • Upgrading the appliance, agents, and console without interruption
      • nDepth Scheduled Searching
        • Scheduling saved searches
        • Issues with the event generated or emailed CSV results
      • License Recycling
        • Enabling and using license recycling
        • Time window/frequency for recycling
      • Other Stuff
        • Exporting records from other nDepth searches (should be improved)
        • Importing User-Defined Groups from CSV
        • NetApp file auditing


      What Components Were Updated in LEM 5.7 RC

      • Appliances of all types (manager/single appliance, database server, logging server, etc)
      • Console (web and AIR)
      • Reports
      • Agents


      SQL Auditor was not changed.


      How to Upgrade

      All of these details and more are in the Upgrade Guide. This is the same procedure as previous LEM upgrades.

      NOTE: You must first be running LEM version 5.6 before upgrading to 5.7. You should also wait until data migration has completed, to be safe.


      To upgrade:

      1. Download the upgrade zip file from the Customer Portal (you'll see an RC listed, then the first download will be the Upgrade zip file).
      2. Extract it somewhere.
      3. Create a network share and copy/move the "TriGeo" and "Upgrade" files to the root of the share. (Sometimes other methods work, but this is the most fool-proof. Generally mounting shares with special characters or deep paths requires Obi-Wan level Force skills.)
      4. Log in to your LEM appliance(s) and run the "upgrade" command in the Advanced Configuration/CMC.
        1. If you have multiple appliances, upgrade the core manager appliance first, the rest in any order.
        2. You will be prompted for two possible scenarios: if you don't have enough space for us to guarantee all data will migrate; and to make an archive or take a snapshot since the upgrade is irreversible.


      Caveats & Notes

      • Upgrading agents:
        • If you don't want agents to automatically upgrade, you can disable global automatic updates from Manage>Appliances, or individual agents from Manage>Nodes. You can always push out agents manually from the Console even if you disable automatic updates, just go to Manage>Nodes, select the agent, and push.
        • Agents running on Solaris 9 and AIX 5.3 and earlier may automatically upgrade but fail to start. We're working on a way to prevent those agents from upgrading, but if this happens, you'll need to go back to the LEM 5.3.1 agent version. If you can catch them before upgrading, you can disable automatic updates to those agents from Manage>Nodes in the console.
        • We did update the Mac OS X agent installer, but it's just to resolve an issue with auto-start on boot. 5.3.1 is the latest version of this agent for now, due to some upstream issues.
      • If you're using the AIR Console, there might be certificate warnings that prevent you from installing. The workaround is to uninstall/reinstall the AIR console.
      • As always, if you encounter any issues with the upgrade, are confused by the prompts, or wish the documentation included something, please let us know.
      • If you installed Reports from the RC (RC1 or RC2) before November 22, we re-uploaded RC2 to reflect a resolution of a reported BSOD issue (seen most commonly after installing reports and rebooting, though not 100% of the time for all customers). Run the Reports installer again (you can just download the Reports installer, no need to re-run the full upgrade on the appliance) with the updated bits to resolve.
        • Re: LEM 5.7 RC - Notes & Info

          I see this in the release notes-

          Fixed Issues

          Hyper-V 2008 does not support promiscuous mode monitoring beyond simple port mirroring in the virtual switch

          I thought Hyper-V 2008 was the limitation on this, is that not the case? 

            • Re: LEM 5.7 RC - Notes & Info
              nicole pauls

              You're right. Effectively what we did was disable functionality that requires promiscuous mode when Hyper-V is detected. Not really a fixed issue, just a documented and worked around issue.


              Will pass on to docs to update release notes on this one to at least reflect that it's a workaround or still a limitation. Thanks for checking.