Tenable Log Correlation Engine Software Requirements

Version Software Requirements
6.x
  • An active Log Correlation Engine license
  • RHEL7.x, 64-bit

Additionally, while Log Correlation Engine is active, it requires exclusive access to certain ports. The only services that are required to support remote users are SSH and the Log Correlation Engine interface (lce). If other services are active on the system, conflicts should be avoided on the following default ports:

Ports Log Correlation Engine Receives (Listens) On
Port Description
162/UDP SNMP
514/UDP  Syslog
22/TCP SSH, for requests from Tenable Security Center
601/TCP Syslog
1243/TCP Vulnerability detection, if enabled in Tenable Security Center
6514/TCP Encrypted syslog
8836/TCP Log Correlation Engine Administrative Web UI
31300/TCP Events from Log Correlation Engine Clients
  
Ports Log Correlation Engine Sends On
PortDescription
514/UDPSyslog (forwarded)
443/TCPPull requests to the plugins feed at plugins.nessus.org
601/TCPSyslog (forwarded)
  
Ports Log Correlation Engine Uses Over Loopback Interface
PortDescription
7091/TCPInternal communication, showids to lce_queryd
7092/TCPInternal communication, lce_tasld to lced
 

Caution: The system running the Log Correlation Engine can operate a syslog daemon, but the syslog daemon must not be listening on the same port(s) that the Log Correlation Engine server is listening on.