TOC & Recently Viewed

Log Correlation Engine 4.2.2 Release Notes - 12/9/2013

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.2.2, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.

Upgrade Notes

  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.2 Administration and User Guide.
  • The LCE Server Virtual Machine Quick Start Guide explains how to initially configure the LCE server virtual machine.
  • Lowering the number-silos setting can impact data storage. If this setting is lowered after data has been collected, LCE will archive or delete silos ranging outside of the specified maximum when rolling to silo 0. In order for data to be archived in this scenario, the silo archiving settings in lce.conf must be enabled.
  • LCE version 4.2 is compatible with SecurityCenter version 4.6.2.2 or later. Older versions of SecurityCenter will work with LCE 4.2 without issues, but will not support many of the new features available in LCE 4.2. Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.

Upgrading from LCE 4.0.x and below

  • In order to enable LCE’s reporting features, the report proxy settings must be configured. This can be done by editing the “Discovery Options” section of lce.conf, or running the /opt/lce/tools/lce-post-install.sh script.
  • In order for plugins and other updates to be retrieved, LCE 4.2 must first be activated using your provided activation code. This can be done by running the post-install script referenced above.

Upgrading from LCE 3.x

  • Beginning with version 4.0 LCE Clients, their configuration files, now called "policies", must be managed centrally with the LCE Client Manager tool when connected to LCE Server 4.0 or later. Existing configuration files may be converted using the LCE Configuration File Converter tool, and imported/assigned with the LCE Client Manager. LCE Clients connected to an LCE Server 3.6 or earlier may continue to use the traditional configuration files.
  • The LCE log archive feature has been removed. Existing logs may continue to be searched via the SecurityCenter's "Raw Log Search", but new logs will be searchable via SecurityCenter's "Events" analysis.

File Names & MD5 Checksums

File MD5
lce-4.2.2-el5.i386.rpm d61c1f0b6649634e3c5ac31f28c708ef
lce-4.2.2-el5.x86_64.rpm 78c46d7f81d062210b154a3b9f4ab911
lce-4.2.2-el6.i386.rpm ec7d0b3197a895857fa32aa24c49fb6f
lce-4.2.2-el6.x86_64.rpm 517631bf7e8a41228018aa623e149e9a
LCE-Server-4.2.2-HyperV.zip f86db222b22c4491cd89850b352f3a1a
LCE-Server-4.2.2-VMware.ova b63daad3c1c8b6d11a287efffa30fb6f

Application Notes

Bugs Addressed

This is a bug-fix release only.

  • Fixed an issue where some queries could hang, impacting query performance
  • Fixed an issue where the LCE Client Manager could not appropriately signal the LCE server process of changes to the LCE Client policies or authorizations.
  • Added intelligence to fix a partial database entry that could occur during an ungraceful shutdown or disk failure
  • Fixed an issue that could cause a failed import of event vulnerabilities into SecurityCenter
  • Fixed an issue that could cause invalid data to be used in an LCE alert generated from using the sensor, event1, event2, type, or user macros in rules.conf
  • Fixed an issue where the query service would fail to query a portion of the database with a missing index
  • Fixed an issue where the query service would fail to return data if multiple filters for the same indexed attribute were specified but one corresponding value did not exist
  • Fixed an issue with the statistics engine that could cause it to stop sending events occasionally on a 64-bit host
  • Fixed an issue that could cause false client entries to be listed if the LCE server host was scanned
  • Added the lsof package as a dependency
  • Fixed an issue where the LCE Report Proxy service did not bind to all listed interfaces in lce.conf
  • Fixed a memory consumption issue when reloading discovery plugins
  • Fixed an issue where the plugin account activation script could fail to parse the response
  • Increased the frequency of threatlist downloads

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.