TOC & Recently Viewed

Log Correlation Engine 3.6.0 Release Notes

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 3.6.0, significant enhancements to the LCE and information about upgrading. A PDF file of these release notes is also available here.

Upgrade Notes

  • A new license key is required for every LCE instance! Existing customers must contact licenses@tenable.com before upgrading. Only LCE instances need a new license, not SecurityCenter or PVS.
  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • LCE version 3.6 is required for use with the Asset Summary query in SecurityCenter 4.0.3.
  • LCE version 3.6 is compatible with Security Center version 3.4.5 or later. Older versions of Security Center may work with LCE 3.6 without issues, but will not support many of the new features. Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 3.6 Administration and User Guide.

File Names & MD5 Checksums

File MD5
lce-3.6.0-es4.i386.rpm 6dcd3dc013503a175cbcc6fbcb282ea5
lce-3.6.0-es5.i386.rpm 818840575ed2608d0eca71a3454a3972
lce-3.6.0-es5.x86_64.rpm 15a71ced0716096c9565c08747a61bb5

Application Notes

LCE Core Performance

  • Query caching daemon to improve the performance of browsing and searching log data. The LCE 3.6.0 query system is a replacement for the LCE showids and showids_db modules. Improvements are achieved through a new architecture that maintains memory state between queries and incorporates more efficient data processing algorithms that decrease query response times. Please note that this new query daemon utilizes approximately 1 GB of memory on a continual basis. For full system requirements, please refer to the LCE Administration and User Guide.
  • Improved silo rollover processing and indexing. Indexing now occurs as part of normal log processing instead of during silo rollover. The indexing scheme is also more efficient and stores fewer bytes per entry.
  • Replaced the POSIX regular expression API with PCRE to improve performance.
  • Asset Summary query efficiency improved (requires SC 4.0.3)
  • Relaxed port-based VA/IDS correlation

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.