TOC & Recently Viewed

Log Correlation Engine 4.0.0 Release Notes - 6/27/2012

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.0, significant enhancements to the LCE, and information about upgrading. A PDF file of these release notes is also available here.

Upgrade Notes

  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • LCE version 4.0 is compatible with SecurityCenter version 4.2 or later. Older versions of Security Center may work with LCE 4.0 without issues, but will not support many of the new features. Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.
  • Beginning with version 4.0 LCE Clients, their configuration files, now called “policies”, must be managed centrally when connected to LCE Server 4.0 or later with the LCE Client Manager tool. Existing configuration files may be converted using the LCE Configuration File Converter tool, and imported/assigned with the LCE Client Manager. LCE Clients connected to an LCE Server 3.6 or earlier may continue to use the traditional configuration files.
  • The LCE log archive feature has been removed. Existing logs may continue to be searched via the SecurityCenter's "Raw Log Search", but new logs will be searchable via SecurityCenter's "Events" analysis.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.0 Administration and User Guide.

File Names & MD5 Checksums

File MD5
lce-4.0.0-es5.i386.rpm f121d55d5d869c583b564ed5d3212584
lce-4.0.0-es5.x86_64.rpm a46e152cda9ff5becd7e32d30d3acfd9
lce-4.0.0-es6.i386.rpm 25e7b9f48960a26d93aea88f3e4047f3
lce-4.0.0-es6.x86_64.rpm ac089242b91d547a5bc7a0929cf86dee

Application Notes

LCE Features

  • Increased performance resulting from improved multi-processing support.
  • Load Balancing accross multiple LCE Servers
  • Store all logs in highly compressed log stores instead of flat text raw files.
  • Full text search. Added support for full log indexing.
  • Option to store and query non-matching (un-normalized) logs in the database.
  • TCP syslog (rsyslog) support
  • LCE server syslog listen port is now configurable.
  • The syslog forward-to port is now configurable and the LCE header optional.
  • Centralized Client Configuration Management
  • Increased maximum silo size to 10GB per silo
  • Enhancements in the client communication:
    • Support for NAT
    • Added event compression between LCE clients and LCE Server
    • Support for multiple secrets covering the same IP range in the server
    • Support higher number of clients

More information about reasons to upgrade to LCE 4.0 may be found at the Tenable website.

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.