TOC & Recently Viewed

Recently Viewed Topics

Upgrade the LCE Server

The following table lists the upgrade paths for the LCE server with links to release notes as well as the compatible versions of Tenable.sc and LCE clients. If you have a version of LCE that does not appear in the From... column corresponding to the version you are trying to upgrade to, you must first upgrade to an intermediate version. For example, if you were currently using 4.4.x, you would first need to upgrade to 4.8 before upgrading to 5.0.

Upgrade to From Compatible versions of Tenable.sc
5.1.1 4.8.x, 5.0.x, 5.1.x Tenable.sc version 5.1 or later.
5.0.x 4.8.x Tenable.sc version 4.6.2.2 or later.
4.8.1 4.8, 4.6.x Tenable.sc version 4.6.2.2 or later.
4.8 4.6.x, 4.4.x Tenable.sc version 4.6.2.2 or later.
4.6.1 4.6, 4.4.x Tenable.sc version 4.6.2.2 or later.
4.6 4.4.x Tenable.sc version 4.6.2.2 or later.
4.4.1 4.4, 4.2.2 Tenable.sc version 4.6.2.2 or later.
4.4 4.2.2 Tenable.sc version 4.6.2.2 or later.
Note: All LCE server installations are compatible with Client versions 4.0.0 and later. Older LCE clients will not be able to log in and send event data to LCE 4.4 to 5.1.

LCE will work with older versions of Tenable.sc than those listed, but some new features will not be supported.

Before You Begin

Caution: When upgrading to LCE 5.0, review the updated system requirements. In order to utilize LCE 5.0, your system will require about twice the previous minimum disk space, and about 33% more computing power and RAM. It is not recommended that you upgrade a system that is already operating at maximum capacity while utilizing an older version of LCE.

The following procedure must be performed as the root user.

Upgrade Procedure

To upgrade, enter the following command: rpm -Uvh <package name>, where <package name> is the name of the LCE server package you downloaded from the Tenable Downloads Page. You do not need to stop the LCE server before upgrading.

# rpm -Uvh lce-5.0.0-el6.x86_64.rpm

Preparing...       ########################################### [100%]

1:lce              warning: /opt/lce/.ssh/authorized_keys created as /opt/lce/.ssh/authorized_keys.rpmnew

########################################### [100%]

Moving deprecated file lce.conf to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file feed.cfg to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file rules.conf to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file excluded_domains.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file trusted_plugins.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file hostlist.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file untracked_usernames.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file disabled-tasls.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file disabled-prms.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file sampleable_tasls.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file syslog_sensors.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

The installation process is complete.

Please refer to /var/log/lce_upgrade.log to review installation messages.

 

To configure LCE, please direct your browser to:

   https://192.168.0.123:8836

After the upgrade, changes to the LCE configuration will be done using the LCE interface. To access the LCE interface, navigate to the IP address or hostname of the LCE server over port 8836 (https://<ip address or hostname>:8836). The previous configuration files are stored in /opt/lce/tmp and may be deleted once the upgrade is determined to be successful.

Additional Steps for 5.0

After upgrading the server to 5.0, you must also migrate data from your silos to Elasticsearch databases using a tool included with the LCE 5.0 package. After validating that there are no issues with the databases, you can then use the same tool to remove the old silos.

Migrating Silos

The migrate utility is /opt/lce/tools/migrateDB-overseer; this utility can run multiple migrate tasks in parallel, so migration overall is completed faster.

The supported operations are shown in the table below:

Operation Description
--estimate-required-disk-space Estimates how much disk space your 5X silos will need, once migrated into 6X datastore; note, this estimate does not account for events created "live" by LCE in the course of its normal operation while migration is running. If needed it will remind you to give the --clear-source-on-success option to --migrate-all operation.
--estimate-total-duration Shows conservative estimates for how long the migration will take for each plausible nParallelWorkers value. Also shows what nParallelWorkers value will be chosen by default.
--migrate-all [--clear-source-on-success] [<nondefault_nParallelWorkers>] If you do not specify --clear-source-on-success, the LCE 5X silos will be left as they were, after LCE 6.0.0 silos with the same contents are built. This could lead to running out of disk space.
Note: While a higher value means a faster migration, it also means less resources will remain for normal LCE operation.
--status Use this option at any time, from another shell console, to see how migration is progressing.

Tip: It is also possible to explicitly invoke migration of one silo at a time, with /opt/lce/tools/migrateDB-from5X --migrate-one <Elasticsearch_siloId> <tEarliest> <tLatest> command. This approach, however, cannot provide automatic undo in event of failure, nor guards against event loss or progress bookmarking for correct resumption after premature termination. It is strongly recommended you employ the /opt/lce/tools/migrateDB-overseer --migrate-all command. With the --migrate-all option, the silos with the most recent events will be migrated first, followed by older silos. If your SSH console session times out after you start migrateDB-overseer from it, the migration will stop (and you need to start it again later); to avoid that, start migrateDB-overseer in console-detached mode:

nohup /opt/lce/tools/migrateDB-overseer &

or

nohup /opt/lce/tools/migrateDB-overseer --clear-source-on-success &

To migrate silos, enter the following command: /opt/lce/tools/migrateDB-toES. The following table describes the arguments that can be used with the tool. The main migrate utility is /opt/lce/tools/migrateDB-overseer; this utility can run multiple migrate tasks in parallel, so migration overall completes faster. At any one time, it will run at most nParallelWorkers such tasks, where you choose the nParallelWorkers value

Note: The <dbDirSpec> indicates where to look for the NDB/LDB silos. You can specify any of the following:
  • --from-active
  • <absolute_path_of_parent_directory>
Argument Description
--migrate-all-silos <dbDirSpec> Data from all existing silos will be migrated into Elasticsearch databases.
--migrate-one-silo <dbDirSpec> <silo_number> Migrates data from a silo to an Elasticsearch database, where <silo_number> is the silo number that you want to migrate.
--migrate-one-silo <absolute_path_of__.ndb[.gz]> <absolute_path_of__lceN-log_store/> Migrates an archived silo and log store.
--list-ndbLdb-silos <dbDirSpec> Lists silos containing NDB and LDB data.
--list-ES-silos <dbDirSpec> Lists Elasticsearch databases.

Removing Silos

To remove old silos, enter the following command: /opt/lce/tools/migrateDB-toES. The following table describes the arguments that can be used with the tool.

Argument Description
--remove-all-silos <dbDirSpec> All existing NDB/LDB silos will be removed.
--remove-one-silo <dbDirSpec> <silo_number> Removes a specific NDB/LDB silo, where <silo_number> is the number of the silo that you want to remove.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.