The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.6.1, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.
General Upgrade Notes
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.6 Administration and User Guide.
- The supported upgrade path is from LCE 4.4.x to LCE 4.6.1 and LCE 4.6.0 to LCE 4.6.1. If you have deployed LCE < 4.4.x, please perform an intermediate upgrade to LCE 4.4.x, then upgrade to LCE 4.6.1.
- LCE version 4.6.1 is compatible with SecurityCenter version 5.1 or later. Older versions of SecurityCenter will work with LCE 4.4.1 without issues, but will not support some new features.
- LCE version 4.6.1 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 4.6.1
- Prior to upgrading or deploying LCE 4.6.x with High Availability, please contact Tenable Support at firstname.lastname@example.org.
- Please contact Tenable Support at email@example.com if you have any questions about compatibility issues.
File Names & MD5 Checksums
New Features and Improvements:
- Added a multi-threaded option for the log_importer tool to allow faster import of large sets of data. Use "-j" or "--jobs" to specify the number of threads.
- Improved performance over LCE 4.6.0 by moving TASL processors to a separate, new TASL Engine process. The process can be monitored, started, and stopped along with other LCE Server components using the LCE UI.
- Added support for the Web Query Client.
- Fixed an issue where a successful plugin update could cause the web server to hang.
- Fixed an issue where "Event Rules" could be cleared in the UI when modified.
- Fixed an issue that caused the Query Interface to hang if a query was performed with certain special characters in a specific order.
- Fixed an issue in the log_importer tool encountered if /opt/lce/tmp/ and the archive directory were not on the same filesystem.
- Fixed an issue where the Text Indexer could become stuck on a certain database entry.
- Fixed an issue on RHEL7 where services would not restart on reboot.
- Fixed an issue where the UI prevented re-registration from the Feed Settings page if the Activation Code was unchanged.
- Fixed a few resource leaks in the Query Interface and the Log Engine, and excessive memory usage by the lce_client_manager tool.