TOC & Recently Viewed

Log Correlation Engine 5.0.1 Release Notes - 4/17/2017

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 5.0.1, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.

Caution: If you are upgrading to LCE 5.0, review the increased hardware requirements. LCE 5.0 requires a minimum of 2x your licensed storage space, 16GB of RAM, and a 64-bit, 8-core, 3GHz processor. However, your actual hardware requirements will vary based on the number of events your LCE server is processing. If the system running your current LCE is operating near or at maximum capacity, you should not upgrade to LCE 5.0 until ensuring the hardware requirements are met.

General Upgrade Notes

  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • Before upgrading from LCE Server 4.x to 5.x, please review the updated hardware requirements in the Log Correlation Engine 5.0 User Guide.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 5.0 User Guide.
  • Supported upgrade paths:
    • 4.6.x > 5.0.1
    • 4.8.x > 5.0.1

Compatibility Notes

  • LCE version 5.0.1 is compatible with SecurityCenter version 4.6.2.2 or later. Older versions of SecurityCenter will work with LCE 5.0.1 without issues, but will not support some new features.
  • LCE version 5.0.1 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 5.0.1.
  • Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.

File Names & MD5 Checksums

File SHA256 MD5 SHA1
lce-5.0.1-el5.x86_64.rpm ebc07819c2d5148a5aa140c28a41b3cf5784d04b 17b23a8a7c6cdb5eac247a6ce2a6912c N/A
lce-5.0.1-el6.x86_64.rpm 46614d8e463b1781ba3bc295ea1e970782c1fc4b73141416a01aa96cd4849d42 c76e4010e50fe80547fd4cc5b14599cc N/A
lce-5.0.1-el7.x86_64.rpm 1c6b8b7f4c94cda80d67a4f68277fe54b5309c98 eed00f7c8fbea54ed42d2be89e533028 N/A
LCE-Server-HyperV-5.0.1-APP-LQV-48.zip 5f7b9bab98a1bb13e47e31b2a10c6087c13c3cf20d342031ddec59699d5aca64 f7ba8d4e7cbc26ee5fb7e97b24aa3d1f dd04a85efffa44d830c3e5e5c91a995f3cfaaabb
LCE-Server-VMware-5.0.1-APP-LQV-48.ova c4d7a20376129b62ceaa2e0a944c4d5b97fb431cb8d88d5e4d3b75b4920d8f5b 746801f0337342273d40abd900be29b3 46e6801ea3c17d4364dc24753bf9442018cc5aea

Improvements:

  • Added a re-indexing function that allows users to re-process an index of data using the current plugin set. For usage, run /opt/lce/tools/re-indexer
  • Removed case sensitivity from the user search filter
  • Raised TASL virtual machine memory by 25% to 100 MB per script
  • Removed 3DES from the list of supported ciphers on tcp port 1243
  • Updated the LCE logo
  • Ensured that the LCE logo would be visible for users using a high-contrast theme with Internet Explorer

Security Enhancements:

  • Updated libcurl to 7.53.1

Resolved Items:

  • Fixed a search issue where normalized queries with wildcards returned no results, or port filters could return incorrect results
  • Fixed a reporting issue where non-aggregate CSV reports with more than 10,000 events would contain multiple headers embedded within the reports
  • Fixed a migration issue where some events would fail to migrate to Elasticsearch from the legacy database format
  • Fixed an issue where some users could not change the archive directory via the UI
  • Fixed an issue where the TASL service would stop unexpectedly
  • Fixed a normalization issue where a user could be unnormalized even if a plugin extracted a user substring
  • Fixed a file descriptor leak on restart
  • Fixed a client management issue that could cause a server to restart
  • Fixed an issue where the http_proxy and ~/.curlrc files were not ignored during Elasticsearch setup

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.