Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

TIBCO LogLogic® Security Event Manager Enterprise Virtual

TIBCO LogLogic®
Security Event Manager Enterprise Virtual
Appliance
Release Notes
Software Release 3.5.2
October 2012
1
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED
TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY)
OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR
ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.
USE OF TIBCO SOFTWARE AND THIS DOCUMENTIS SUBJECTTO THE TERMS AND CONDITIONSOFA LICENSE
AGREEMENT FOUNDIN EITHERASEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO
SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING
DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF
THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE
LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE
TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT
TO BE BOUND BY THE SAME.
This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part
of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.
TIBCO, Two-Second Advantage and LogLogic are either registered trademarks or trademarks of TIBCO Software Inc. in the
United States and/or other countries.
All other product and company names and marks mentioned in this document are the property of their respective
owners and are mentioned for identification purposes only.
THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING
SYSTEM PLATFORMSFORASPECIFIC SOFTWARE VERSIONARE RELEASEDATTHESAME TIME. SEE THE README FILE
FOR THE AVAILABILITYOF THIS SOFTWARE VERSIONONASPECIFIC OPERATING SYSTEM PLATFORM.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
FORAPARTICULAR PURPOSE,OR NON-INFRINGEMENT.
THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE
PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW
EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE
PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.
THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY
OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY
RELEASE NOTES AND "READ ME" FILES.
Copyright © 2002-2012 TIBCO Software Inc. ALL RIGHTS RESERVED.
TIBCO Software Inc. Confidential Information
2
Release Notes for TIBCO LogLogic® Security
Event Manager Enterprise Virtual Appliance,
v3.5.2 GA
TIBCO LogLogic® Security Event Manager Enterprise Virtual Appliance provides operations and
security professionals with VMware support for our best in class SEM product. It offers scalable and
comprehensive data security assistance monitoring for organizations challenged by the complexity of
modern IT infrastructures. It is designed to continuously protect the most valuable business assets:
core systems and the intellectual property they hold.
This document lists functionality changes and bug fixes in TIBCO LogLogic® Security Event Manager
Enterprise Virtual Appliance version 3.5.2.
Note: For changes to the Release Notes after the initial release, see https://download.tibco.com/tibco/
Requirements ........................................................................................................................................ 4
Supported Platforms ............................................................................................................... 4
Virtual Machine Requirements .............................................................................................. 4
Web Console Requirements ................................................................................................... 4
SEM EVA Performances ...................................................................................................................... 4
Supported Log Sources by SEM EVA................................................................................................ 5
Technical Support ................................................................................................................................. 7
Documentation Support ...................................................................................................................... 7
3
Requirements
Supported Platforms
TIBCO LogLogic® Security Event Manager Enterprise Virtual Appliance can be installed on the
following servers:

VMWare Workstation 8 or higher

VMWare ESXi 4.1 or higher
Virtual Machine Requirements

Disk space: 850 GB

Memory size (RAM): 16 GB

Processor: 8 VMware vCPU's
Web Console Requirements
The Web Console can be used with the following web browsers:
Web browser
Microsoft
Internet Explorer
Mozilla Firefox
Version
7.0 or higher
13 or higher
Hosts running the Web Console must have at least:

1 GB of RAM.

1024x768 resolutions.

1 GHz 32-bit (x86) or 64-bit (x64) processor.
SEM EVA Performances
SEM EVA
Max. EPS (remote Log Collector)
2500
Max. Instances
1
Archive Storage (GB)
66
Online Storage (GB)
600
4
Supported Log Sources by SEM EVA
Vendor
Product
Vendor
Anti virus/spyware/spam
Apache
Blue Coat
Cisco
ClamAV
Clearswift
Clearswift
Clearswift
F-Secure
Sophos
Symantec
Symantec
TrendMicro
TrendMicro
Spamassassin
Blue Coat ProxyAV
Ironport Mail Security
ClamAV
Mimesweeper For SMTP DB
Mimesweeper For SMTP Log
Mimesweeper For WEB
Policy Manager
Puremessage
Norton Antivirus
Symantec Antivirus
Interscan Viruswall
Trend Micro SPS sytem
Authentication server
ActivIdentity
ActivIdentity
ActivIdentity
Cisco
Cisco
Cistron
EMC
EMC
EMC
Microsoft
Novell
Utimaco
Activpack v4
Activpack v6.3
Activpack v6.5
Cisco ACS Csv
Cisco ACS Syslog
Radius
Rsa Ace server
Rsa Ace WMI
Rsa Securid linux
Internet Authentication Service
Novell eDirectory
Safeguard
Business application
-
Centralized management
Arkoon
Arkoon
Arkoon
Arkoon
Intrusion.com
ISS
ISS
ISS
ISS
Juniper
LogLogic
McAfee
Microsoft
Nagios
TrendMicro
Webmin
Ntsyslog
Arkoon DB
Arkoon DB v3
Arkoon DB v4
Arkoon Syslog
Securenet Provider
SiteProtector SP4
SiteProtector SP5
SiteProtector SP6
SiteProtector SP7
Netscreen Security Manager v2004
Security Change Manager
Epolicy Orchestrator
Microsoft Operation Management
Nagios
Trend Micro Control Manager
Webmin
Database services
Microsoft
Microsoft
Loglogic
Oracle
Sourcefire
Ms sql
Ms sql Operational
Database Security Manager (DSM)
Oracle DB
Sourcefire3D
Product
Domain Name System (DNS)
isc.org
Bind
File server
NetApp
ProFTPD
Wu-ftpd
Vsftpd
Netapp
ProFTPD
Wuftpd
Honeypot
honeyd.org
Honeyd
Intrusion Detection System (IDS) / Intrusion
Prevention System (IPS)
3Com
TippingPoint
Cisco
Cisco CSA v45
Cisco
Cisco CSA v52
Cisco
Cisco CSA v60
Cisco
Cisco IPS (SDEE)
Enterasys
Dragon IDS v7_0
Enterasys
Dragon IDS v7_1
Enterasys
Dragon IDS v7_2
ForeScout
Activescout
Intrusion.com
Securenet Sensor
ISS
Realsecure wgm
Juniper
Netscreen IDP
McAfee
Entercept
McAfee
Intrushield
Niksun
Netdetector
Samhain
Samhain
Sentry Tools
Portsentry
Snort
Snort
Snort
Snort DB
Snort
Winsnort
Symantec
Symantec Client Security
Symantec
Symantec Endpoint Protection
Symantec
Symantec Network Security
Tripwire
Tripwire
Tripwire
Tripwire Entreprise
Log management
LogLogic
LogLogic
LogLogic
LMI
SMP
SMP Relay
Messaging services
Ciphertrust
courier-mta.org
Eudora
GNU
Inter7
Lotus
Microsoft
Postfix
sendmail.org
TrendMicro
Imapd
IronMail
Courier MTA
Qpopper
Exim
Vpopmail
Lotus Domino
Exchange
Postfix
Sendmail
Interscan Messaging Security Suite
Directory services
-
-
5
Vendor
Product
Network device
Aruba
Check Point
Cisco
Cisco
Cisco
Cisco
Cisco
Cisco
Cyberguard
Draytek
F5
Juniper
Juniper
Juniper
Linksys
Lucent
Nortel
Nortel
Nortel
Nortel
Nortel
StoneSoft
Zyxel
Zyxel
Aruba Wireless Access Point
Check Point Internal Log
Cisco CSS
Cisco FWSM
Cisco Router
Cisco Switch
Cisco VPN
Cisco VPN IOS compat
Cyberguard
Vigor
Bigip
Juniper Secure Access
Netscreen
Netscreen v6
Wap11
Brick
Alteon Web Switch
Contivity
Nortel Alteon
Nortel switch
Nortel VPN gateway
Stonegate
Zywall
Zyxel
Operating System
Breach Security
FreeBSD
Grsecurity
HP
HP
IBM
IBM
Intersect alliance
Intersect alliance
Intersect alliance
Intersect alliance
Intersect alliance
Intersect alliance
Intersect alliance
Linux
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Microsoft
Netfilter
Nokia
Sun
Sun
Ipchains
Modsecurity
FreeBSD
Grsecurity
HP UX
Tru64
Aix
Tivoli Directory Server
Windows 2000 server snare
Windows 2000 workstation snare
Windows 2003 server snare
Windows 2008 server snare
Windows all snare
Windows Vista workstation snare
Windows XP workstation snare
Linux
Internet Connection Firewall
Windows 2000 server
Windows 2000 workstation
Windows 2003 server - English
Windows 2003 server - French
Windows 2008 server - English
Windows 2008 server - French
Windows Vista - English
Windows Vista - French
Windows XP - English
Windows XP - French
Netfilter
IPSO
Solaris
Solaris BSM
Vendor
Blue Coat
Deny ALL
F5
Ingrian
McAfee
Microsoft
Microsoft
Squid
Squid
Sun
TrendMicro
TrendMicro
WebSense
WebSense
Product
Blue Coat ProxySG
Rweb
Appshield
Ingrian
WebShield
Internet Security Acceleration v2000 FW
Internet Security Acceleration v2004
Squid
Squidguard
Iplanet
Interscan Web Security Suite Linux v2
Interscan Web Security Suite Windows
v2
Websense v5
Websense v6
Remote desktop
Symantec
PCanywhere
Unified Threat Management (UTM)
Astaro
Astaro
Barracuda
Check Point
Check Point
Cisco
Cisco
Fortinet
PaloAlto
Networks
NetASQ
NetASQ
NetASQ
NetASQ
Sonicwall
Symantec
Symantec
Astaro v4
Astaro v5
Barracuda
Check Point
Pointsec Protector
Cisco ASA
Cisco PIX
Fortigate
Firewall
Netasq Alarm v6
Netasq Connection v6
Netasq Filter v6
Netasq v5
Sonicwall
Symantec Gateway Security v2
Symantec Gateway Security v3
Virtualization
-
Vulnerability scanner
Criston
ISS
ISS
McAfee
Qualys
Tenable Security
Criston VM
Internet Security Scanner v6
Internet Security Scanner v7
Foundstone
QualysGuard
Nessus
Web server
Apache
Microsoft
Microsoft
Microsoft
Apache
Internet Information Services NCSA
Internet Information Services W3C
Internet Information Services W3C v3
Other
APC
APC
APC EMU
APC UPS
Proxy / Reverse proxy
Beeware
I Sentry
Products also supported through LogLogic LMI are highlighted in green.
-6-
Technical Support
LogLogic is committed to the success of our customers and to ensuring our products improve
customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use
and maintain, occasional assistance may be necessary. LogLogic provides timely and comprehensive
customer support and technical assistance from highly knowledgeable, experienced engineers who
can help you maximize the performance of your LogLogic Appliances.
To reach our experienced support team by telephone:
Toll Free, US—1 800 957 LOGS (5647)
Toll—1 408 834 7480
Toll Free, Canada—1 800 957 LOGS (5647)
Toll—1 408 834 7480
Toll Free, Mexico—1 800 957 LOGS (5647)
Toll—1 408 834 7480
Toll Free, United Kingdom—00 800 0330 4444
Toll—01480 479391
Toll Free, Mainland Europe—00 800 0330 4444
Toll— +44 1480 479391
Toll Free, Japan IDC—0061 800 0330 4444
Toll— Not Available
Toll Free, Japan KDD—0010 800 0330 4444
Toll— Not Available
Toll Free, Brazil—0021 800 0330 4444
Toll— Not Available
Email: support@loglogic.com
Support Website: http://www.loglogic.com/services/support/
When contacting LogLogic Support, be prepared to provide the following information:

Your name, e-mail address, phone number, and fax number

Your company name and company address

Your appliance model and release version

Serial number located on the back of the Appliance or the eth0 MAC address

A description of the problem and the content of pertinent error messages (if any)
Documentation Support
Your feedback on the LogLogic documentation is important to us. If you have questions or comments,
send email to DocComments@loglogic.com. In your email message, please indicate the software name
and version you are using, as well as the title and document release date of your documentation. Your
comments will be reviewed and addressed by LogLogic Technical Publications. The Technical
Publications team is eager to receive your feedback to help ensure that the documentation is accurate
and useful.
-7-
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
Infrastructure Lead
Infrastructure Lead
Enterprise Network Infrastructure Manager (0901002)
Enterprise Network Infrastructure Manager (0901002)
Cisco 2611 Router
Cisco 2611 Router
Cisco Services are most attractive to customers when they are sold
Cisco Services are most attractive to customers when they are sold
CCENT 640-822 ICND1 Exam Topics Review
CCENT 640-822 ICND1 Exam Topics Review
Class Schedule
Class Schedule
Download