Upgrade the Log Correlation Engine Server

Required User Role: Root user

For information about new features, resolved issues, third-party product updates, and supported upgrade paths, see the release notes for Log Correlation Engine.

Note: All Log Correlation Engine server installations are compatible with Client versions 4.0.0 and later. Older Log Correlation Engine clients will not be able to log in and send event data to Log Correlation Engine 4.4 - 5.1.

Before You Begin

  • Download the Log Correlation Engine server package from the Tenable Downloads page.

Note: The complete PostgreSQL 11.1 is bundled inside the Log Correlation Engine RPM.

To upgrade the Log Correlation Engine server:

  1. Log in to Log Correlation Engine via the command line interface (CLI).

  2. In the CLI in Log Correlation Engine, run the following command, where <package name> is the name of the Log Correlation Engine server package you downloaded from the Tenable Downloads page:

    rpm -Uvh <package name>

    The upgrade begins.

    # rpm -Uvh lce-6.0.0-el6.x86_64.rpm

    Preparing...       ########################################### [100%]

    1:lce              warning: /opt/lce/.ssh/authorized_keys created as /opt/lce/.ssh/authorized_keys.rpmnew

    ########################################### [100%]

    The installation process is complete.

    Please refer to /var/log/lce_upgrade.log to review installation messages.

     

    To configure Tenable Log Correlation Engine, please direct your browser to:

       https://192.168.0.123:8836

  3. (Optional) Migrate your silos using the /opt/lce/tools/migrateDB-overseer utility. The utility supports the following operations:

    Operation Description
    --estimate-required-disk-space Estimates how much disk space your 5X silos will need, once migrated into 6X datastore; note, this estimate does not account for events created "live" by Tenable Log Correlation Engine in the course of its normal operation while migration is running. If needed it will remind you to give the --clear-source-on-success option to --migrate-all operation.
    --estimate-total-duration Shows conservative estimates for how long the migration will take for each plausible nParallelWorkers value. Also shows what nParallelWorkers value will be chosen by default.
    --migrate-all [--clear-source-on-success] [<nondefault_nParallelWorkers>] If you do not specify --clear-source-on-success, the Tenable Log Correlation Engine 5X silos will be left as they were, after Tenable Log Correlation Engine 6.0.0 silos with the same contents are built. This could lead to running out of disk space.
    Note: While a higher value means a faster migration, it also means less resources will remain for normal Tenable Log Correlation Engine operation.
    --status Use this option at any time, from another shell console, to see how migration is progressing.

    Caution: Prior to beginning an event silo migration, you should take precautions to ensure there will be sufficient disk space. A silo in the Tenable Log Correlation Engine 6.0.x PostgreSQL format will require more disk space than the same silo in the Tenable Log Correlation Engine 5.x Elasticsearch format.

    Note: Tenable strongly recommends running the /opt/lce/tools/migrateDB-overseer --migrate-all command instead of migrating one silo at a time with --migrate-one. With the --migrate-all option, the silos with the most recent events will be migrated first, followed by older silos. With --migrate-one, you cannot automatically undo in event of failure. Using --migrate-one does not guard against event loss or progress bookmarking for correct resumption after premature termination.

    Note: If your SSH console session times out after you start migrateDB-overseer, the migration will stop (and you need to start it again later). To avoid this issue, start migrateDB-overseer in console-detached mode:

    nohup /opt/lce/tools/migrateDB-overseer &

    or

    nohup /opt/lce/tools/migrateDB-overseer --migrate-all --clear-source-on-success &