Manualshelf

User guide

ManualsBrandsQ-See ManualsComputer equipmentRemote Client Software V 4.0.1
31323334353637383940
39
On most Unix or Linux systems, running the command “ps -e | grep lce_clientd will provide output
similar to “32321 ? 00:00:15 lce_clientd”. The first set of numbers is the process ID. Once
the process ID is known, the command “kill 32321” can be used to kill the client process.
Monitoring Log Correlation Engine Client Status
While running, the lced process will keep track of LCE Client status in a file named client.status located in the
/opt/lce/admin/log directory. Below is an example listing:
# cat /opt/lce/admin/log/client.status
Client[192.168.14.9]: Not logged in (state: PREVIOUSLY_CONNECTED status:Alive), LCE
Client 4.0.0.0 20120620 0
Client[192.168.14.42]: Not logged in (state: PREVIOUSLY_CONNECTED status:Alive),
NetFlow Monitor 4.0.0.0 20120620 0
Client[192.168.14.55]: Not logged in (state: PREVIOUSLY_CONNECTED status:Alive), WMI
Monitor 4.0.0.0 20120615 0
Client[192.168.14.157]: Not logged in (state: PREVIOUSLY_CONNECTED status:Alive), LCE
Client 4.0.0.0 20120615 0
For each configured LCE Client, the IP address specified in the LCE Client Manager or the lce.conf file will be
displayed as well as if it is logged in, the type of client, version of client and if it is “alive” or “dead”.
The tail -f command is not effective on this log file since it is completely re-written each time the lced
process detects a change in a client’s status.
Log Correlation Engine Client Reconnection Attempts
The LCE Client will attempt to reconnect every minute until it can re-establish a connection with the server if the following
conditions occur:
The LCE server lced process stops
The network connection between the client and the server breaks
The client is removed from the LCE Client Manager or server’s configuration file (changing the server’s
configuration file requires a restart of the service to take affect)
Log Correlation Engine Windows Client
The Log Correlation Engine Windows Client monitors events, as well as specific log files or directories, for new event
data. Tenable currently has two Windows LCE Clients: one for Windows XP/2003 platforms and one for Windows
Vista/2008/7 platforms.
Platform
LCE Client Type
Install File Name and Utility
MS Windows XP Professional,
Windows Server 2003
LCE Log Agent
lce_client-4.x.x-windows_2003_x86.msi
MS Windows Server 2008,
Windows Vista, Windows 7
LCE Log Agent
lce_client-4.x.x-windows_2008_x86.msi
lce_client-4.x.x-windows_2008_x64.msi