TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engine 5.0.0 Release Notes - 1/31/2017

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 5.0.0, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.

General Upgrade Notes

  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 5.0 User Guide.
  • Supported upgrade paths:
    • 4.6.x > 5.0.0
    • 4.8.x > 5.0.0

Compatibility Notes

  • LCE version 5.0.0 is compatible with SecurityCenter version 4.6.2.2 or later. Older versions of SecurityCenter will work with LCE 5.0.0 without issues, but will not support some new features.
  • LCE version 5.0.0 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 5.0.0.
  • Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.

File Names & MD5 Checksums

File SHA256 MD5
lce-5.0.0-el5.x86_64.rpm 7d1d32d5d741cfd32e0cc00e83e524d6025b810138155d322e2b93ae5bfcdb6d f85ed7a4dad9eee65ab7860747aab73f
lce-5.0.0-el6.x86_64.rpm 96ee009adb43b0e06c00053c232aa140d5119047af0df172871a6d2ffb31a11e 42b456b58082014058748349e8c186d5
lce-5.0.0-el7.x86_64.rpm 14a64016ab55272b33cc11d00b31f01e6f175190f7e45b382685051f07a1d1cc ba59815da109f3e4908819a589290b78

New Features:

  • Added support for receiving, storing, and querying Unicode characters via syslog and the LCE Windows Agent 5.0.0
  • Replaced backend database with Elasticsearch to increase scalability and flexibility
  • Added an Event Rule editor to simplify immediate alerting, forwarding, and filtering capabilities

Improvements:

  • Improved clarity of Health and Status / Advanced reporting by adding active/archive database sizes on disk and oldest event reporting to show the timeframe covered by each database
  • Improved configuration of database usage in Configuration / Storage by allowing users to directly specify the maximum space allowed to be used by LCE for the active/archive databases
  • Clarified debug log options in Configuration > Advanced
  • Simplified client configuration by preserving column selection and sort options after refresh and update
  • Simplified client policy management by adding a "Hide Default" policies button to show only user-defined policies
  • Added sub-second precision to event timestamps
  • Reduced overhead in processing UDP syslog payloads on RHEL / CentOS 6 and 7 systems
  • Greatly increased application data collected in debug files

Removed Features:

  • Native load balancing and high availability are no longer supported. Elasticsearch should instead be leveraged for scalability with LCE 5.0.0.

Security Enhancements:

  • Updated OpenSSL to 1.0.2k
  • Updated libcurl to 7.52.1
  • Updated jQuery UI to 1.12
  • Added a lockout for administrator users after 5 unsuccessful password guesses
  • See advisory TNS-2017-02 for more details

Resolved Items:

  • Fixed an issue where client policies were truncated in some cases when creating client assignment rules in Configuration > Advanced

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.