Manualshelf

Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner
108109110111112113114115116117
116
After ownership and permissions are set, restart the “lce” service:
# service lce restart
To view the current selection and/or de-selection of auditable events through the new PRM file, log into SecurityCenter as
an Organization Head (you may wish to create a new unique Organization Head account specifically for this function).
Note that because SecurityCenter administrator accounts do not have access to log data under “Analysis >
Events” in SecurityCenter, an Organization Head account is best suited to perform this function. It is
recommended to create a new Organization Head account that is only accessible by SecurityCenter
administrators to view the logs in their selected form.
Once logged in, select “Analysis > Events. Under the Analysis Tool, select “Raw Syslog Data” from the drop-down
menu. Note that the filter conditions will need to be applied before the viewability of events in the new PRM file are applied
to the overall audit log data set.
To specifically target the SecurityCenter’s LCE client data, select a filter of “Type = [custom_type_name]”, where
[custom_type_name] is the unique event type (loginfo in the example above) created for the customized PRM file
(tenable_sc4_audit_logs.prm in the example above):
In the example screen capture below, only logout information is displayed for SecurityCenter users because the login
section of the newly-created PRM file has been commented out:
Other sections of the custom PRM file can be commented or uncommented by an authorized system administrator to
allow for selection of audited events per your organization’s logging requirements. Each change to the custom PRM file
will require a restart of the LCE services.