TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engine 4.8.1 Release Notes - 9/7/2016

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.8.1, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.

General Upgrade Notes

  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.8 User Guide.
  • Supported upgrade paths:
    • 4.6.0 > 4.8.1
    • 4.8.0 > 4.8.1

Compatibility Notes

  • LCE version 4.8.1 is compatible with SecurityCenter version 4.6.2.2 or later. Older versions of SecurityCenter will work with LCE 4.8 without issues, but will not support some new features.
  • LCE version 4.8.1 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 4.8.1.
  • Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.

File Names & MD5 Checksums

File MD5
lce-4.8.1-el5.x86_64.rpm 51b91a3cdeadf800f899729a9b6b29ff
lce-4.8.1-el6.x86_64.rpm e37efe41df0d7172e34c514f87dcec78
lce-4.8.1-el7.x86_64.rpm 081e931cafc3f8598cca4cd9e33fbc52

New Features and Improvements:

  • Added support for Google Pub-Sub endpoints in the LCE Web Query 4.8.0 agent
  • Speed up upgrades by distinctly correcting only database files and folders not already owned by LCE
  • Enable extraction of usernames from plugins normalizing logs of type "login-failure"
  • Reduce TASL script log file size by de-duplicating similar and adjacent admin log messages
  • Log license updates in the web server log file whenever plugins are updated

Security Enhancements:

  • Upgrade OpenSSL to 1.0.2h
  • Upgrade libpcre to 8.39
  • Upgrade libxml2 to 2.9.4
  • Upgrade libcURL to 7.50.1
  • Upgrade jQuery Core to 2.2.4

Resolved Items:

  • Fixed a performance issue related to connecting thousands of agents to a single LCE server
  • Fixed an issue rebuilding raw logs within the TASL engine which could result in incorrect tokens in rebuilt logs being passed to TASL scripts
  • Fixed an issue with blank lines being sent between logs to the 2nd-to-Nth TCP syslog forward targets
  • Fixed an issue where a large user database could result in a server reboot at startup
  • Fixed an issue displaying IP addresses in little-endian byte order in the Connection Summary in SecurityCenter
  • Fixed an issue that resulted in incorrectly interpreted included networks for some TASLs resulting in incorrect directionality calculations
  • Fixed an issue where the text indexer would re-index from the first silo rather than the state persisted to disk on shutdown
  • Fixed an issue where a PRM plugin with a dynamically determined event field could restart the engine
  • Fixed resources leaks in the TASL engine when reloading plugins

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.