Log Correlation Engine 3.6.0 Release Notes
The following notes describe the changes that are included in Log Correlation Engine (LCE) version 3.6.0, significant enhancements to the LCE and information about upgrading. A PDF file of these release notes is also available here.
- A new license key is required for every LCE instance! Existing customers must contact firstname.lastname@example.org before upgrading. Only LCE instances need a new license, not SecurityCenter or PVS.
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- LCE version 3.6 is required for use with the Asset Summary query in SecurityCenter 4.0.3.
- LCE version 3.6 is compatible with Security Center version 3.4.5 or later. Older versions of Security Center may work with LCE 3.6 without issues, but will not support many of the new features. Please contact Tenable Support at email@example.com if you have any questions about compatibility issues.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 3.6 Administration and User Guide.
File Names & MD5 Checksums
LCE Core Performance
- Query caching daemon to improve the performance of browsing and searching log data. The LCE 3.6.0 query system is a replacement for the LCE showids and showids_db modules. Improvements are achieved through a new architecture that maintains memory state between queries and incorporates more efficient data processing algorithms that decrease query response times. Please note that this new query daemon utilizes approximately 1 GB of memory on a continual basis. For full system requirements, please refer to the LCE Administration and User Guide.
- Improved silo rollover processing and indexing. Indexing now occurs as part of normal log processing instead of during silo rollover. The indexing scheme is also more efficient and stores fewer bytes per entry.
- Replaced the POSIX regular expression API with PCRE to improve performance.
- Asset Summary query efficiency improved (requires SC 4.0.3)
- Relaxed port-based VA/IDS correlation