You are here: Getting Started > Install > Files and Layout

Files and Layout

LCE resides in the /opt/lce directory, and contains various sub-directories. The contents of each subdirectory are summarized in the table below.




This directory contains all of the LCE log files. There is a subdirectory named log that contains various log files. System log file names are based on the format of year month, and date such as 2015May.log. Log files in the main log directory are general LCE log system files. The log directory contains sub-directories for specific components of LCE such as clientmanager, indexer, stats, queries, reporter, and importer.


This directory contains certificates and keys for LCE modules to authenticate remote connections. For example, the syslog sub-directory contains the default keys and certs to authenticate encrypted TCP syslog senders.


This directory contains the lced binary (the log engine) and all other helper daemons in LCE. The LCE Client Manager is also located here. The daemons directory also contains sub-directories for plugins, policies, and other items updated automatically via the LCE plugin feed.


When LCE starts, it will load all files in the plugins sub-directory unless they are disabled via the configuration.


LCE stores all event data in the db directory. Each silo will be labeled with a lce(number).ndb and log_store and db_index directories.

Note: The location of this directory will differ if the configuration was altered at some point.


This directory contains the LCE Software License Agreement.


This directory contains the tools utilized if LCE is configured for high availability.

For more information on this feature, review the Log Correlation Engine High Availability Large Scale Deployment Guide.


IDS signature mappings and host vulnerability information from Security Center is stored here for correlation.


This directory and its sub-directories contain certs and keys for the Nessus Transport Protocol interface for SecurityCenter to retrieve report information.


This directory contains host vulnerability information LCE has discovered by scanning logs.


Directory used for temporary data that is utilized by LCE.


This directory contains various tools that are utilized by LCE, and some can be utilized via the command line if required.


The db subdirectory under the var directory contains the following databases: lce_alert.db, lce_config.db, lce_status.db, lce_users.db, and pm.db. The www directory contains the web client, and web server information. The users subdirectory contains a directory for each user configured in the LCE GUI.

Copyright © 2017 - 2018. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.