User guide
7
Tenable
Network
Monitor
RHEL/CentOS 5, 6
32/64-bit
Designed to monitor network traffic and send session
information to the LCE server. Sniffs network traffic to
identify TCP sessions as well as UDP, ICMP and IGMP
activity.
The Tenable Network Monitor also has a very useful feature
of sniffing live syslog traffic in motion and sending it to the
LCE as if the traffic were originally destined for it. This
makes it very easy to centralize logs and not rely on
forwarding of events from a different log server.
FreeBSD 7, 8
32-bit
Quick Start Summary
Use these steps to get your LCE Clients up and running quickly:
1. Install and configure the clients with the IP address or hostname and port of the LCE server as per the
instructions in the Installing the LCE Linux Clients or Installing the Windows Client sections of this document.
Make sure the client is started.
2. Using SecurityCenter or LCE Manager 4.6, or the LCE client manager on the LCE server, grant authorization and
apply the appropriate configurations for the newly configured clients.
3. Exit the LCE Client Manager to save and apply the settings to the Policy Map.
Diagnosing Connection Problems
If the LCE Client cannot connect:
View the most recent LCE Client log file located in /opt/lce_client/ (or appropriate directory for the client in
question) to determine if any error messages exist. The log has a file name in the following format:
“YearMon.log”.
Check that the LCE server daemon is running and correctly licensed by running “service lce status”. If the
process is running, output similar to the following is displayed:
# service lce status
lced (pid 26868 26864) is running...
lce_queryd (pid 26876 26874) is running...
lce_indexerd (pid 26892) is running...
Check to see if there is a local firewall, network firewall, or other network issue that would prevent connection
from the LCE Client to the LCE server. To test this, run a sniffer on the LCE server monitoring TCP port 31300
(default port). If no connections are observed from the system running the LCE Client, something is blocking the
connection. Running a sniffer on the system of the LCE Client may also help determine if something is blocking.
If the LCE Client manager is being used to manage the affected client(s), confirm that the server has authorized
the client(s) to connect.
Verify that the passwords are correct. Both the LCE Client and LCE server will log failed authentication errors
(pre-4.0 clients).
Verify that the IP addresses of the LCE Client and LCE server are correct. The client will not connect to the LCE
server if it has the wrong IP address or cannot correctly resolve the hostname, and the LCE server will not accept
a random client unless it is specifically configured in the LCE Client Manager or lce.conf file (pre-4.0 clients).