TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engine 5.0.3 Release Notes - 02/22/2018

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 5.0.3, significant enhancements to LCE, and information about upgrading.


  • Metadata support for document-lifecycle compliance use cases:
    • For every silo, now track the provenance of events therein; for new silo, this is “recordLive”, “migrateDst”, or “importLogs”.
    • Events of distinct provenance can enter the system concomitantly, but are never stored in the same silo as had been the case with LCE 5.0.0-5.0.2 (for legacy silos created with LCE 5.0.0-5.0.2, upgrader sets provenance “mixed”).
    • For customers with a regulatory or policy obligation to erase events older than N years, dedicated silos mean a vastly simplified erasure process.
  • Elasticsearch performance and storage efficiency:
    • Instead of just handing Elasticsearch all the memory reserved for it without any detailed directions, we now issue directives explicitly allocating:
      • 13% to direct (i.e. not abstracted as objects within JVM heap) buffers, for decreased overhead of I/O operations in general.
      • 25% to JVM-hosted heap buffers dedicated to indexing operations, for higher and more stable indexing throughput.
      • 17% to JVM-hosted query cache, for better performance of frequent queries.
    • Optimized event data representation in the Lucene indexes underlying an Elasticsearch datastore, decreasing (by 19% with our testing data) the disk space required to store event data. Besides increasing storage ROI for our customers, this also improves query latency and indexing throughput.
  • Clients/policies administration:
    • Decreased response time for lce_client_manager, the general CLI clients/policies administration utility.
    • Added list-clients, a dedicated lightweight CLI utility for the very common operation of querying status of connected clients, with minimal overhead.
  • Datastore administration (for advanced users):
    • Added the multi-use CLI utility es-helper-scripts/archival, for a way to:

      • restore all silos within a specified date range, a much-requested feature.
      • view, for an archived snapshot, the provenance (see above) and count of events contained in that snapshot.
      • cancel a started, but incomplete, archive job.
    • Added the dedicated CLI utility es-helper-scripts/move-activeDb, for changing location of active DB from the default.
    • Added the dedicated CLI utility es-helper-scripts/register-archiveDb, for setting up location of archive DB.
  • Site status data collection (for troubleshooting by Dev/CS/Pre-sales):
    • The largest files in directories commonly responsible for low-disk conditions.
    • Elasticsearch-internal: discrete operations, currently running tasks, queued tasks.
    • Operating parameters, garbage collection status of JVM running Elasticsearch.

Security Enhancements:

  • Upgraded OpenSSL to 1.0.2n

Resolved Items:

  • Fixed issue where an LCE instance becomes unregistered after restart
  • Fixed unexpected results being returned for queries using Asset filters
  • Fixed an issue that caused LCE clients to go offline
  • Fixed several related issues causing lce_status.db, pm.db corruption
  • Fixed an issue where ElasticSearch could not be started from GUI
  • Fixed the Java version not being detected properly
  • Performance and stability fixes to migration utility
  • Fixed an issue where queries would remain open until a restart
  • Fixed events messages being shown in the wrong columns of SC
  • Fixed an issue where a single sensor could be tracked as 2+ sensors
  • Fixed occasional corruption/elision of initial bytes in logs from Windows clients
  • Fixed crash occurring if, with archiving on, active-size limit was reached
  • Identified cause of zombie processes piling up at one particular customer site
  • Fixed multiple installer issues


File Names & MD5 Checksums

File SHA256 MD5 SHA1
lce-5.0.3-el5.x86_64.rpm 288727b2777716afcd9cb137149c50e930af0d242c7518345ed666fcec9561b5 820598d13c78c640ca4d0442e692a625 N/A
lce-5.0.3-el6.x86_64.rpm c04a1fb67d03d51ce1b2144db6e7fe611964a9f1da445b81fb874b29438e6c4c c048688f9f0f2f2eb9807877c6815433 N/A
lce-5.0.3-el7.x86_64.rpm d60266b840eaa2805b48ee532178d7f22fb1664090b1d9d64ce95333a723b0ac f1d5a0075606684eab4257f2f75b1fdb N/A

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.