TOC & Recently Viewed

Recently Viewed Topics

Upgrade the LCE Server

The following table lists the upgrade paths for the LCE server with links to release notes as well as the compatible versions of Tenable.sc and LCE clients. If you have a version of LCE that does not appear in the From... column corresponding to the version you are trying to upgrade to, you must first upgrade to an intermediate version. For example, if you were currently using 4.4.x, you would first need to upgrade to 4.8 before upgrading to 5.0.

Upgrade to From Compatible versions of Tenable.sc
5.1.1 4.8.x, 5.0.x, 5.1.x Tenable.sc version 5.1 or later.
5.0.x 4.8.x Tenable.sc version 4.6.2.2 or later.
4.8.1 4.8, 4.6.x Tenable.sc version 4.6.2.2 or later.
4.8 4.6.x, 4.4.x Tenable.sc version 4.6.2.2 or later.
4.6.1 4.6, 4.4.x Tenable.sc version 4.6.2.2 or later.
4.6 4.4.x Tenable.sc version 4.6.2.2 or later.
4.4.1 4.4, 4.2.2 Tenable.sc version 4.6.2.2 or later.
4.4 4.2.2 Tenable.sc version 4.6.2.2 or later.
Note: All LCE server installations are compatible with Client versions 4.0.0 and later. Older LCE clients will not be able to log in and send event data to LCE 4.4 to 5.1.

LCE will work with older versions of Tenable.sc than those listed, but some new features will not be supported.

Before You Begin

The following procedure must be performed as the root user.

Upgrade Procedure

To upgrade, enter the following command: rpm -Uvh <package name>, where <package name> is the name of the LCE server package you downloaded from the Tenable Downloads Page. You do not need to stop the LCE server before upgrading.

#

Preparing...       ########################################### [100%]

1:lce              warning: /opt/lce/.ssh/authorized_keys created as /opt/lce/.ssh/authorized_keys.rpmnew

########################################### [100%]

Moving deprecated file lce.conf to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file feed.cfg to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file rules.conf to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file excluded_domains.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file trusted_plugins.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file hostlist.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file untracked_usernames.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file disabled-tasls.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file disabled-prms.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file sampleable_tasls.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

Moving deprecated file syslog_sensors.txt to /opt/lce/tmp; OK to delete it once upgrade succeeds.

The installation process is complete.

Please refer to /var/log/lce_upgrade.log to review installation messages.

 

To configure LCE, please direct your browser to:

   https://192.168.0.123:8836

After the upgrade, changes to the LCE configuration will be done using the LCE interface. To access the LCE interface, navigate to the IP address or hostname of the LCE server over port 8836 (https://<ip address or hostname>:8836). The previous configuration files are stored in /opt/lce/tmp and may be deleted once the upgrade is determined to be successful.

Migrating Silos

The migrate utility is /opt/lce/tools/migrateDB-overseer; this utility can run multiple migrate tasks in parallel, so migration overall is completed faster.

The supported operations are shown in the table below:

Operation Description
--estimate-required-disk-space Estimates how much disk space your 5X silos will need, once migrated into 6X datastore; note, this estimate does not account for events created "live" by LCE in the course of its normal operation while migration is running. If needed it will remind you to give the --clear-source-on-success option to --migrate-all operation.
--estimate-total-duration Shows conservative estimates for how long the migration will take for each plausible nParallelWorkers value. Also shows what nParallelWorkers value will be chosen by default.
--migrate-all [--clear-source-on-success] [<nondefault_nParallelWorkers>] If you do not specify --clear-source-on-success, the LCE 5X silos will be left as they were, after LCE 6.0.0 silos with the same contents are built. This could lead to running out of disk space.
Note: While a higher value means a faster migration, it also means less resources will remain for normal LCE operation.
--status Use this option at any time, from another shell console, to see how migration is progressing.

Tip: It is also possible to explicitly invoke migration of one silo at a time, with /opt/lce/tools/migrateDB-from5X --migrate-one <Elasticsearch_siloId> <tEarliest> <tLatest> command. This approach, however, cannot provide automatic undo in event of failure, nor guards against event loss or progress bookmarking for correct resumption after premature termination. It is strongly recommended you employ the /opt/lce/tools/migrateDB-overseer --migrate-all command. With the --migrate-all option, the silos with the most recent events will be migrated first, followed by older silos. If your SSH console session times out after you start migrateDB-overseer from it, the migration will stop (and you need to start it again later); to avoid that, start migrateDB-overseer in console-detached mode:

nohup /opt/lce/tools/migrateDB-overseer &

or

nohup /opt/lce/tools/migrateDB-overseer --migrate-all --clear-source-on-success &

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.