Recently Viewed Topics
The following notes describe the changes that are included in Log Correlation Engine (LCE) version 5.0.2, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.
General Upgrade Notes
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- Before upgrading from LCE Server 4.x to 5.x, please review the updated hardware requirements in the Log Correlation Engine 5.0 User Guide.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 5.0 User Guide.
- Supported upgrade paths:
- 4.6.x > 5.0.2
- 4.8.x > 5.0.2
- LCE version 5.0.2 is compatible with SecurityCenter version 188.8.131.52 or later. Older versions of SecurityCenter will work with LCE 5.0.2 without issues, but will not support some new features.
- LCE version 5.0.2 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 5.0.2.
- Please contact Tenable Support at email@example.com if you have any questions about compatibility issues.
File Names & MD5 Checksums
- Improved install/upgrade robustness by checking more minimum requirements, ensuring group/user creation is successful in hardened environments, adding resilience to Elasticsearch failures, preventing OS VM fragmentation when Elasticsearch starts, and fixing Bash compatibility issues for users on older systems
- Added more resolution to disk space display in the Status UI
- Deprecated options from older installations are now hidden in the Configuration UI
- The normalized Sensor field is now available to TASL scripts
- Added more information to diagnostics files related to troubleshooting installation issues
- Improved visibility for username link selection and interaction for accessibility purposes
- Updated OpenSSL to 1.0.2l
- Fixed a resource leak in the TASL engine
- Fixed an issue where event searches could cause the Query service to consume too much CPU
- Fixed an issue where event searches with more than 1024 clauses would degrade Query performance
- Fixed an issue where, on RHEL 7 systems, LCE may not start automatically after reboot
- Fixed an issue where event searches by Asset could return more or fewer results than expected
- Fixed an issue where syslog forwarding via the Event Rules feature caused additional characters and an additional syslog header to be prepended to logs already containing a syslog header
- Fixed an issue where directional filters did not filter results as expected
- Fixed an issue that could cause corrupt sensor names in logs from LCE Agents
- Fixed an issue that could cause the engine to restart if an LCE Agent IP address changes via DHCP if other rare circumstances were met
- Fixed an issue that could cause the engine to restart if LCE internal events were created under certain circumstances
- Fixed an issue where the TASL event count function returned zero in some scripts
- Downgraded client IP changes from Alert severity to Debug severity to reduce Alert notifications in the LCE UI
- Fixed an issue where Data Sensors timestamp display dates would be significantly older than the correct date