TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engine 5.0.2 Release Notes - 8/14/2017

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 5.0.2, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.

Caution: If you are upgrading to LCE 5.0, review the increased hardware requirements. LCE 5.0 requires a minimum of 2x your licensed storage space, 16GB of RAM, and a 64-bit, 8-core, 3GHz processor. However, your actual hardware requirements will vary based on the number of events your LCE server is processing. If the system running your current LCE is operating near or at maximum capacity, you should not upgrade to LCE 5.0 until ensuring the hardware requirements are met.

General Upgrade Notes

  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • Before upgrading from LCE Server 4.x to 5.x, please review the updated hardware requirements in the Log Correlation Engine 5.0 User Guide.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 5.0 User Guide.
  • Supported upgrade paths:
    • 4.6.x > 5.0.2
    • 4.8.x > 5.0.2

Compatibility Notes

  • LCE version 5.0.2 is compatible with SecurityCenter version 4.6.2.2 or later. Older versions of SecurityCenter will work with LCE 5.0.2 without issues, but will not support some new features.
  • LCE version 5.0.2 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 5.0.2.
  • Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.

File Names & MD5 Checksums

File SHA256 MD5 SHA1
lce-5.0.2-el5.x86_64.rpm a53f26b57dea88cb669395d6b28c640f535f2a6e610ac7288a5ef4d5701a8cde 908924e27383a28cbc4e93c9e0598cb6 N/A
lce-5.0.2-el6.x86_64.rpm 96d3a8ab8126776a0de5be18e0ecf210c9efdd1422a911e5af9b11b9429784c8/td> 4e4d4384bdd833cbd79d0f8fd3a24cd7 N/A
lce-5.0.2-el7.x86_64.rpm 705ab467b65f612af83da177c43d284073afe646b344de6f37c0937488d81e96 0d9dde7b24b24bb5948df8d6b3b071ca N/A

Improvements:

  • Improved install/upgrade robustness by checking more minimum requirements, ensuring group/user creation is successful in hardened environments, adding resilience to Elasticsearch failures, preventing OS VM fragmentation when Elasticsearch starts, and fixing Bash compatibility issues for users on older systems
  • Added more resolution to disk space display in the Status UI
  • Deprecated options from older installations are now hidden in the Configuration UI
  • The normalized Sensor field is now available to TASL scripts
  • Added more information to diagnostics files related to troubleshooting installation issues
  • Improved visibility for username link selection and interaction for accessibility purposes

Security Enhancements:

  • Updated OpenSSL to 1.0.2l

Resolved Items:

  • Fixed a resource leak in the TASL engine
  • Fixed an issue where event searches could cause the Query service to consume too much CPU
  • Fixed an issue where event searches with more than 1024 clauses would degrade Query performance
  • Fixed an issue where, on RHEL 7 systems, LCE may not start automatically after reboot
  • Fixed an issue where event searches by Asset could return more or fewer results than expected
  • Fixed an issue where syslog forwarding via the Event Rules feature caused additional characters and an additional syslog header to be prepended to logs already containing a syslog header
  • Fixed an issue where directional filters did not filter results as expected
  • Fixed an issue that could cause corrupt sensor names in logs from LCE Agents
  • Fixed an issue that could cause the engine to restart if an LCE Agent IP address changes via DHCP if other rare circumstances were met
  • Fixed an issue that could cause the engine to restart if LCE internal events were created under certain circumstances
  • Fixed an issue where the TASL event count function returned zero in some scripts
  • Downgraded client IP changes from Alert severity to Debug severity to reduce Alert notifications in the LCE UI
  • Fixed an issue where Data Sensors timestamp display dates would be significantly older than the correct date

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.