Installation guide

To configure LCE servers, select “Log Correlation Engines” under the “Resources” tab. A screen will be displayed

similar to the following:

Click “Add” to display the dialog in the screen capture below. Default viewable fields include Name, Description, Host,

Organizations, and an unchecked checkbox for Import Vulns. When the Import Vulns option is selected, additional

fields become available for Repositories selection and Vulnerability Log Host settings.

LCE server 4.2 will also generate vulnerability logs. Enabling the Import Vulns option allows SecurityCenter to collect and

import the vulnerability information from the LCE 4.2 server. The Repositories area defines the repositories to receive the

data. The Vulnerability Log Host section configures the IP address, port, username, and password to log into the LCE

4.2 server to retrieve the vulnerability information. The username and password are set when configuring the LCE server

and is typically different than the system username and password used to configure the SSH key exchange described in

the next section.

After submitting the information, the remote LCE login prompt will be displayed so that the SecurityCenter can

authenticate with the LCE server. This is a one-time process to exchange SSH keys for secure communication between

SecurityCenter and LCE. If remote root or root equivalent user login is prohibited in your environment, refer to Appendix 2

for instructions on how to manually configure the LCE server using SSH key authentication.

If organizational policy prohibits remote root login, a manual key exchange process can be used. See

Appendix 2: Manual LCE Key Exchange for detailed guidance.