Upgrade the LCE Server

Required User Role: Root user

For information about new features, resolved issues, third-party product updates, and supported upgrade paths, see the release notes for LCE.

Note: All LCE server installations are compatible with Client versions 4.0.0 and later. Older LCE clients will not be able to log in and send event data to LCE 4.4 - 5.1.

Before You Begin

Note: The complete PostgreSQL 11.1 is bundled inside the LCE RPM.

To upgrade the LCE server:

  1. Log in to LCE via the command line interface (CLI).

  2. In the CLI in LCE, run the following command, where <package name> is the name of the LCE server package you downloaded from the Tenable Downloads page:

    rpm -Uvh <package name>

    The upgrade begins.

    # rpm -Uvh lce-6.0.0-el6.x86_64.rpm

    Preparing...       ########################################### [100%]

    1:lce              warning: /opt/lce/.ssh/authorized_keys created as /opt/lce/.ssh/authorized_keys.rpmnew

    ########################################### [100%]

    The installation process is complete.

    Please refer to /var/log/lce_upgrade.log to review installation messages.

     

    To configure LCE, please direct your browser to:

       https://192.168.0.123:8836

  3. (Optional) Migrate your silos using the /opt/lce/tools/migrateDB-overseer utility. The utility supports the following operations:

    Operation Description
    --estimate-required-disk-space Estimates how much disk space your 5X silos will need, once migrated into 6X datastore; note, this estimate does not account for events created "live" by LCE in the course of its normal operation while migration is running. If needed it will remind you to give the --clear-source-on-success option to --migrate-all operation.
    --estimate-total-duration Shows conservative estimates for how long the migration will take for each plausible nParallelWorkers value. Also shows what nParallelWorkers value will be chosen by default.
    --migrate-all [--clear-source-on-success] [<nondefault_nParallelWorkers>] If you do not specify --clear-source-on-success, the LCE 5X silos will be left as they were, after LCE 6.0.0 silos with the same contents are built. This could lead to running out of disk space.
    Note: While a higher value means a faster migration, it also means less resources will remain for normal LCE operation.
    --status Use this option at any time, from another shell console, to see how migration is progressing.

    Caution: Prior to beginning an event silo migration, you should take precautions to ensure there will be sufficient disk space. A silo in the LCE 6.0.x PostgreSQL format will require more disk space than the same silo in the LCE 5.x Elasticsearch format.

    Note: Tenable strongly recommends running the /opt/lce/tools/migrateDB-overseer --migrate-all command instead of migrating one silo at a time with --migrate-one. With the --migrate-all option, the silos with the most recent events will be migrated first, followed by older silos. With --migrate-one, you cannot automatically undo in event of failure. Using --migrate-one does not guard against event loss or progress bookmarking for correct resumption after premature termination.

    Note: If your SSH console session times out after you start migrateDB-overseer, the migration will stop (and you need to start it again later). To avoid this issue, start migrateDB-overseer in console-detached mode:

    nohup /opt/lce/tools/migrateDB-overseer &

    or

    nohup /opt/lce/tools/migrateDB-overseer --migrate-all --clear-source-on-success &