Manualshelf

User guide

ManualsBrandsQ-See ManualsComputer equipmentRemote Client Software V 4.0.1
12345678910
4
Introduction
This document describes various different clients that are available for Tenable Network Security’s Log Correlation
Engine 4.0. Please email any comments and suggestions to support@tenable.com.
A working knowledge of Secure Shell (SSH), regular expressions, and SecurityCenter operation and architecture is
assumed. Familiarity with general log formats from various operating systems, network devices and applications, as well
as a basic understanding of Linux/Unix is also assumed.
This document describes the current LCE server (daemon) version of 4.0.x. The LCE Clients described are all
version 4.0.x. Please refer to the Tenable Support Portal for the latest version of the LCE Client.
LCE 4.0.x clients are designed to connect to LCE 4.0.x servers. While some LCE 4.0.x clients may
successfully be configured to work with LCE 3.x, this is not an officially supported configuration and some or
all features may not work as expected.
This document is intended to be used with LCE Clients 4.0 and greater, however many of the concepts, with
the prominent exception of those relating to the LCE Client Manager, apply to legacy versions of the LCE
Clients. Clients prior to version 4.0 may connect to a LCE 4.0.x server using legacy configurations. Some of
those legacy clients are alluded to in this document and will be detailed here as 4.x versions become
available.
Standards and Conventions
Throughout the documentation, filenames, daemons, and executables are indicated with a courier bold font such as
gunzip, httpd, and /etc/passwd.
Command line options and keywords are also indicated with the courier bold font. Command line examples may or
may not include the command line prompt and output text from the results of the command. Command line examples will
display the command being run in courier bold to indicate what the user typed while the sample output generated by
the system will be indicated in courier (not bold). Following is an example running of the Linux/Unix pwd command:
# pwd
/opt/lce/
#
Important notes and considerations are highlighted with this symbol and grey text boxes.
Tips, examples, and best practices are highlighted with this symbol and white on blue text.
Log Correlation Engine Client Overview
Throughout this document we will continually refer to three primary LCE components: the LCE Client (the end
host that initially collects data and sends it on to the LCE server); the LCE server (or daemon), which is
installed on Red Hat/CentOS and performs the bulk of the processing; and the LCE host (LCE Manager or
SecurityCenter), which provides a graphical user interface to view and report on the LCE data.