The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.8.2, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.
General Upgrade Notes
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.8 User Guide.
- Supported upgrade paths:
- 4.6.x > 4.8.2
- 4.8.x > 4.8.2
- LCE version 4.8.2 is compatible with SecurityCenter version 18.104.22.168 or later. Older versions of SecurityCenter will work with LCE 4.8.2 without issues, but will not support some new features.
- LCE version 4.8.2 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 4.8.2.
- Please contact Tenable Support at firstname.lastname@example.org if you have any questions about compatibility issues.
File Names & MD5 Checksums
New Features and Improvements:
- Added configuration backup and restoration scripts to /opt/lce/tools/
- Added hardware information to the debugging file
- Added bounds to the memory and host information consumed by the stats service
- Added SQLite3 pragmas for safer synchronous access to configuration, status, client, alert, and plugin databases
- Clarified workflow in the quick setup UI to guide users to enter a code and "Apply" it, or explicitly "Skip" that step
- Updated OpenSSL to 1.0.2j
- Updated libcURL to 7.51.0
- Updated SQLite3 to 3.15.2
- Fixed an issue that caused installs to fail and report proxy services to fail to start after the RHEL 7 host was patched with glibc-2.17-157.el7
- Fixed an issue where vulnerability severity values for some plugins were invalid
- Fixed an issue where processing plugin updates could crash the web server
- Fixed an issue where the TASL service did not reinitialize if include or exclude networks were reconfigured
- Fixed an issue where processing certain logs with a certain user database could restart the log engine
- Fixed an issue where normalized database indexing could stop due to a race condition
- Fixed an unbounded memory consumption issue in the query service when using the text search filters
- Fixed an issue where Assets with zero IP addresses had incorrect event counts in the Asset Summary screen of SecurityCenter
- Removed excessive log spam when parsing the user tracking database
- Removed from the UI syslog sensors that have not received data within the past two weeks
- Fixed a UI issue where the "Override Sensor Name" feature could not be toggled and saved