Log Correlation Engine 4.6 Release Notes - 8/20/2015
The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.6.0, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.
General Upgrade Notes
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.6 Administration and User Guide.
- Prior to upgrading to LCE 4.6.0, ensure that your "Feed Expiration" is not expired and your "Activation Status" is "Licensed" by logging in to the LCE web interface, clicking on "Health and Status", then clicking on "Plugins". If these fields are not valid, then LCE 4.6.0 will cease to run until a new activation code is applied.
- The only supported upgrade path is from LCE 4.4.x to LCE 4.6.0. If you have deployed LCE < 4.4.x, please perform an intermediate upgrade to LCE 4.4.x, then upgrade to LCE 4.6.0.
- LCE version 4.6.0 is compatible with SecurityCenter version 184.108.40.206 or later. Older versions of SecurityCenter will work with LCE 4.4.1 without issues, but will not support some new features.
- LCE version 4.6.0 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 4.6.0
- Prior to upgrading or deploying LCE 4.6.0 with High Availability, please contact Tenable Support at firstname.lastname@example.org.
- Please contact Tenable Support at email@example.com if you have any questions about compatibility issues.
File Names & MD5 Checksums
New Features and Improvements:
- TLS TCP Syslog: LCE can now receive encrypted reliable syslog data from verified senders.
- DHCP Client Support: LCE 4.6.0 introduces DHCP client support. LCE Clients (version 4.6.0+) can be authorized once and will be recognized even if the endpoint receives a new IP address.
- Simplified licensing: The lce.key file is no longer required; the activation code now provides the license and the plugin subscription.
- Simplified offline registration and plugin update: Follow the instructions at https://plugins.nessus.org/v2/offline-lce.php to perform offline activation and plugin updates.
- Fixed a log engine deadlock and memory leak associated with importing statistical info-level vulnerability data every two hours
- Removed support for SSLv3 on all interfaces, removed support for TLSv1 on most interfaces, and tightened accepted cipher suites
- Fixed an issue where offline plugin updates occasionally failed
- Fixed an issue where LCE would return incorrect results to SecurityCenter if IPv6 ranges were included in a Repository