User guide

35
selects which network packets will be processed. This expression relies on the
syslog monitoring settings being enabled.
lce-server
Directs the Tenable Network Monitor to the IP address or hostname of the LCE, and
specifies the password used to connect.
server-port
The port the LCE listens to as designated by the lce-server directive.
interface
The network interface(s) from which the Tenable Network Monitor will report traffic.
monitor-syslog-port
The protocol/port designation that is used to forward syslog messages to the LCE
server.
syslog-only
Directive to only report syslog messages; yes or no.
include-networks
Specify which networks are to be included in monitoring activity.
exclude-networks
Designate specific networks to exclude from monitoring activity.
Functionality
The tnmd tool will report on TCP sessions it sees. For example, if there is an FTP session, it will report when the session
starts and when it is completed. If the session has no activity for a certain amount of time, tnmd will “time out” the session
and log it as complete. For UDP and ICMP protocols, tnmd will log the individual packets. An example TNM alert is
included in the screen capture below:
Available fields within this raw output include (from left to right within the “Message” field):
Alert date/time
Alert name
Amount of traffic captured
Source IP:port
Destination IP:port