Log Correlation Engine 4.0.0 Release Notes - 6/27/2012
The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.0, significant enhancements to the LCE, and information about upgrading. A PDF file of these release notes is also available here.
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- LCE version 4.0 is compatible with SecurityCenter version 4.2 or later. Older versions of Security Center may work with LCE 4.0 without issues, but will not support many of the new features. Please contact Tenable Support at firstname.lastname@example.org if you have any questions about compatibility issues.
- Beginning with version 4.0 LCE Clients, their configuration files, now called “policies”, must be managed centrally when connected to LCE Server 4.0 or later with the LCE Client Manager tool. Existing configuration files may be converted using the LCE Configuration File Converter tool, and imported/assigned with the LCE Client Manager. LCE Clients connected to an LCE Server 3.6 or earlier may continue to use the traditional configuration files.
- The LCE log archive feature has been removed. Existing logs may continue to be searched via the SecurityCenter's "Raw Log Search", but new logs will be searchable via SecurityCenter's "Events" analysis.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.0 Administration and User Guide.
File Names & MD5 Checksums
- Increased performance resulting from improved multi-processing support.
- Load Balancing accross multiple LCE Servers
- Store all logs in highly compressed log stores instead of flat text raw files.
- Full text search. Added support for full log indexing.
- Option to store and query non-matching (un-normalized) logs in the database.
- TCP syslog (rsyslog) support
- LCE server syslog listen port is now configurable.
- The syslog forward-to port is now configurable and the LCE header optional.
- Centralized Client Configuration Management
- Increased maximum silo size to 10GB per silo
- Enhancements in the client communication:
- Support for NAT
- Added event compression between LCE clients and LCE Server
- Support for multiple secrets covering the same IP range in the server
- Support higher number of clients
More information about reasons to upgrade to LCE 4.0 may be found at the Tenable website.