Tenable Log Correlation Engine Software Requirements
| Version |
Software Requirements |
| 6.x |
- An active Log Correlation Engine license
- RHEL7.x, 64-bit
|
Additionally, while Log Correlation Engine is active, it requires exclusive access to certain ports. The only services that are required to support remote users are SSH and the Log Correlation Engine interface (lce). If other services are active on the system, conflicts should be avoided on the following default ports:
| Ports Log Correlation Engine Receives (Listens) On |
| Port |
Description |
| 162/UDP |
SNMP |
| 514/UDP |
Syslog |
| 22/TCP |
SSH, for requests from Tenable Security Center |
| 601/TCP |
Syslog |
| 1243/TCP |
Vulnerability detection, if enabled in Tenable Security Center |
| 6514/TCP |
Encrypted syslog |
| 8836/TCP |
Log Correlation Engine Administrative Web UI |
| 31300/TCP |
Events from Log Correlation Engine Clients |
| Ports Log Correlation Engine Sends On |
|---|
| Port | Description |
| 514/UDP | Syslog (forwarded) |
| 443/TCP | Pull requests to the plugins feed at plugins.nessus.org |
| 601/TCP | Syslog (forwarded) |
| Ports Log Correlation Engine Uses Over Loopback Interface |
|---|
| Port | Description |
| 7091/TCP | Internal communication, showids to lce_queryd |
| 7092/TCP | Internal communication, lce_tasld to lced |
Caution: The system running the Log Correlation Engine can operate a syslog daemon, but the syslog daemon must not be listening on the same port(s) that the Log Correlation Engine server is listening on.