The following notes describe the changes that are included in Log Correlation Engine (LCE) version 5.0.0, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.
General Upgrade Notes
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 5.0 User Guide.
- Supported upgrade paths:
- 4.6.x > 5.0.0
- 4.8.x > 5.0.0
- LCE version 5.0.0 is compatible with SecurityCenter version 18.104.22.168 or later. Older versions of SecurityCenter will work with LCE 5.0.0 without issues, but will not support some new features.
- LCE version 5.0.0 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 5.0.0.
- Please contact Tenable Support at firstname.lastname@example.org if you have any questions about compatibility issues.
File Names & MD5 Checksums
- Added support for receiving, storing, and querying Unicode characters via syslog and the LCE Windows Agent 5.0.0
- Replaced backend database with Elasticsearch to increase scalability and flexibility
- Added an Event Rule editor to simplify immediate alerting, forwarding, and filtering capabilities
- Improved clarity of Health and Status / Advanced reporting by adding active/archive database sizes on disk and oldest event reporting to show the timeframe covered by each database
- Improved configuration of database usage in Configuration / Storage by allowing users to directly specify the maximum space allowed to be used by LCE for the active/archive databases
- Clarified debug log options in Configuration > Advanced
- Simplified client configuration by preserving column selection and sort options after refresh and update
- Simplified client policy management by adding a "Hide Default" policies button to show only user-defined policies
- Added sub-second precision to event timestamps
- Reduced overhead in processing UDP syslog payloads on RHEL / CentOS 6 and 7 systems
- Greatly increased application data collected in debug files
- Native load balancing and high availability are no longer supported. Elasticsearch should instead be leveraged for scalability with LCE 5.0.0.
- Updated OpenSSL to 1.0.2k
- Updated libcurl to 7.52.1
- Updated jQuery UI to 1.12
- Added a lockout for administrator users after 5 unsuccessful password guesses
- See advisory TNS-2017-02 for more details
- Fixed an issue where client policies were truncated in some cases when creating client assignment rules in Configuration > Advanced