Recently Viewed Topics
The following are the new improvements included in LCE 5.1.0:
- Startup latency of the lced daemon has been reduced by over 60 seconds; this means less downtime in the event of LCE services restart.
- Response latency and completion time of LCE initscripts have been reduced, so service lce <serviceName> commands will now be more responsive.
- The stats daemon now saves an alert on startup, if the current LCE configuration precludes it from producing stats-type events.
- The diagnostics tool diag now also collects:
- Additional host and networking configuration which could have bearing on LCE installation and operation.
- (only if activeDb and/or archiveDb are in NFS-mounted partitions) NFS-specific configuration.
- Indication of whether Linux kernel has had a FIPS mode enabled.
- User-created and user-modified .prm plugins.
- Creation times, in addition to modification times, of critical datastore and configuration files.
- Roll-up summaries of connected clients, grouped by recent behavior and by assigned policy.
- An extra list of client policy files, grouped by checksum and with any duplicate-content files clearly marked.
- The install-logrotate-config utility, in /opt/lce/tools/, is new. It generates a specialized config stanza, leveraging logrotate(8) to manage disk space needed for LCE tracelogs.
- The list-policies utility, in /opt/lce/tools/, is new. It lists on-disk policy files with basename parts color-coded for easier review, and also prints policy creation times.
- The save-customizations utility, in /opt/lce/tools/, is new; it is intended for situations where backup of LCE configuration, rather than events data, is desired.
- The harmonize-datastore utility, in /opt/lce/tools/es-helper-scripts/, has a new “dry-run” mode, enabling operator to preview steps to be taken.
- The list-clients utility, in /opt/lce/tools/, will now also report the agent software patchlevel. Also, this utility now accepts --flat option, to omit the header and then print all the columns per client on the same line; this is intended to ease post-processing.
- To help troubleshoot unnormalized logs, the lced daemon offers a special mode, which is activated by setting the save-nonmatched config attribute. This mode has been re-implemented to provide a more representative sample with less performance overhead; also, the meaning of save-nonmatched has changed: if it is N, lced will print, to its normal tracelog, approximately every Nth unnormalized log encountered.
- Given certain syslog input combinations, TASL correlation engine crashes frequently.
- SQLite3 databases (lce_status.db, pm.db, lce_alerts.db), used to store operational state, can become effectively read-only under certain conditions, causing LCE daemons reliant on those databases to terminate abnormally.
- Non-default client policy assignments are not permanent.
- Under certain circumstances, Linux and Windows tail clients do not stay connected.
- Timestamp of logs in SecurityCenter reports, when such a report is exported in CSV format, is zeroed.
- Plugin update is skipped if the lce_wwwd daemon is restarted within 72 hours of initialization.
- Under certain conditions, Windows clients enter an infinite re-authorization loop.
- No more than 10,000 records returned by lce_queryd daemon even when -maxlimit query parameter specifies otherwise.
- Excess tracelog messages emitted, and alerts saved, when a client disconnects.
- Request to list archived snapshots periodically sent to Elasticsearch when archiving is not configured, resulting in spurious error messages.
- Invalid SQL generated and submitted by lce_wwwd daemon, in response to certain user administration operations.
- Clients not auto-authorized when auto-authorize-clients-time config attribute set.
- If a policy is assigned to one or more clients while LCE Server is shutdown, on startup of LCE Server those clients may become de-authorized.
File Names & MD5 Checksums