The following notes describe the changes that are included in Log Correlation Engine (LCE) version 5.0.1, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.
Caution: If you are upgrading to LCE 5.0, review the increased hardware requirements. LCE 5.0 requires a minimum of 2x your licensed storage space, 16GB of RAM, and a 64-bit, 8-core, 3GHz processor. However, your actual hardware requirements will vary based on the number of events your LCE server is processing. If the system running your current LCE is operating near or at maximum capacity, you should not upgrade to LCE 5.0 until ensuring the hardware requirements are met.
General Upgrade Notes
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- Before upgrading from LCE Server 4.x to 5.x, please review the updated hardware requirements in the Log Correlation Engine 5.0 User Guide.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 5.0 User Guide.
- Supported upgrade paths:
- 4.6.x > 5.0.1
- 4.8.x > 5.0.1
- LCE version 5.0.1 is compatible with SecurityCenter version 184.108.40.206 or later. Older versions of SecurityCenter will work with LCE 5.0.1 without issues, but will not support some new features.
- LCE version 5.0.1 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 5.0.1.
- Please contact Tenable Support at firstname.lastname@example.org if you have any questions about compatibility issues.
File Names & MD5 Checksums
- Added a re-indexing function that allows users to re-process an index of data using the current plugin set. For usage, run /opt/lce/tools/re-indexer
- Removed case sensitivity from the user search filter
- Raised TASL virtual machine memory by 25% to 100 MB per script
- Removed 3DES from the list of supported ciphers on tcp port 1243
- Updated the LCE logo
- Ensured that the LCE logo would be visible for users using a high-contrast theme with Internet Explorer
- Updated libcurl to 7.53.1
- Fixed a search issue where normalized queries with wildcards returned no results, or port filters could return incorrect results
- Fixed a reporting issue where non-aggregate CSV reports with more than 10,000 events would contain multiple headers embedded within the reports
- Fixed a migration issue where some events would fail to migrate to Elasticsearch from the legacy database format
- Fixed an issue where some users could not change the archive directory via the UI
- Fixed an issue where the TASL service would stop unexpectedly
- Fixed a normalization issue where a user could be unnormalized even if a plugin extracted a user substring
- Fixed a file descriptor leak on restart
- Fixed a client management issue that could cause a server to restart
- Fixed an issue where the http_proxy and ~/.curlrc files were not ignored during Elasticsearch setup