Log Correlation Engine 3.0.1 Release Notes
The following describes many of the changes that are included in LCE version 3.0.1, including significant enhancements that have been made, as well as notes for upgrading. A PDF file of these release notes is also available here.
As with any application, it is always wise to perform a backup of your Log Correlation Engine (LCE) installation before upgrading.
Upgrading from 3.0.0
There are no special upgrade notes for those users running the Log Correlation Engine 3.0.0. The command syntax for an RPM upgrade is as follows:
- rpm -Uvh %lt;RPM Package File Name>
Upgrading from LCE 2.0.3
- Please note that as part of the upgrade process your existing data files will be modified. As the nature of LCE is to collect and retain large amounts of data, Tenable cannot create backups of the existing data files as part of the upgrade process since this would run the risk of exhausting available storage. Please be sure to backup your LCE installation, including data files, prior to performing the upgrade process.
- LCE version 3.x is compatible with Security Center version 3.4.2 or greater. The 3.4.2 version of the Security Center will work with LCE 3.x without issues but does not support the new features. Support for the new LCE 3.x features is available in Security Center 3.4.3 or greater. Please contact Tenable Support at firstname.lastname@example.org if you have any questions regarding this.
- To assist with the upgrade process, we have designed and tested all of the v3.0 clients to be compatible with the LCE version 2.0.3 server, and all of the LCE version 2.0.3 clients to be compatible with the LCE version 3.x server. This way, you may choose in what order and manner the components are to be upgraded within your environment.
- Detailed instructions and notes on upgrading are located in the Upgrading From LCE 2.x section of the Log Correlation Engine 3.0 Administration and User Guide. Please be sure to review this entire section of the documentation before upgrading.
- Previous versions of LCE (2.x) have been installed to the /usr/thunder directory. Beginning with version 3.0.0, LCE installs to the /opt/lce directory. All related file names, services and file text which previously contained "thunder" now accurately reflect "lce".
- Configuration files, data files and log files from your previous installation of LCE will be left in their original locations. All other files will be removed as part of the upgrade process. The configuration and log files are not used by the upgraded application, but are left for the administrator to be used as reference.
- While the upgrade process updates the data files (silos), it does not move them to the new /opt/lce directory structure. You may choose to do this after you have verified that the upgrade process was successful, but it is not required. If you plan to move the LCE data files, please reference the documentation regarding the database-directory directive of the /opt/lce/daemons/lce.conf file.
- All release notes for LCE version 3.0.0 are applicable and should be reviewed. These release notes may be found on the Tenable Customer Support Portal, in the Downloads section, on the Log Correlation Engine page.
- An improvement has been made to the user tracking functionality in which the assignment of usernames is attempted when the user: field for a log has no entry, regardless of whether or not the PRM reporting the log is listed in the trusted plugins file.
- For very large silos, the rollover process would appear to make the LCE unreachable. A modification has been made so that this is no longer an issue.
- Redundant messages in the LCE Server administrative log have been suppressed to improve readability.
LCE Clients Unix/Linux
- If the LCE server is not reachable, booting a FreeBSD system with any of the LCE clients installed will no longer cause FreeBSD system startup issues.
- Upon starting the LCE Client, a log entry is now generated which indicates the client is active and reports the version of the client.
- Performing a "service lce_client status" from a Red Hat system on which the LCE Client is running will no longer incorrectly indicate that the client is stopped.
LCE Client Windows
Upon starting the LCE Client, a log entry is now generated which indicates the client is active and reports the version of the client.