You are here: Getting Started > Prerequisites

TOC & Recently Viewed

Recently Viewed Topics

Prerequisites

It is important to ensure that the prerequisite requirements for LCE are met before beginning installation. These requirements include:

  • A CentOS/RHEL OS 64 bit platform with all unnecessary services disabled

  • LCE license

  • LCE management installation (SecurityCenter)

  • LCE clients 4.0 or higher (if applicable)

  • Secure Shell (SSH) key generation

Licenses

LCE servers are licensed to the specific hostname of the system it is to be installed on. There is no licensed limit to the number of events or IPs that the LCE can be configured to monitor.

There are different licenses available for the LCE based on the total amount of storage used by the LCE. The licenses are based on 1 TB, 5 TB, and 10 TB storage sizes. A license for LCE is provided as a part of SecurityCenter Continuous View. The maximum number of silos available to each license size is 103, 512, and 1024, respectively. There is no difference in the LCE software that is installed, just the maximum storage size that can be used by the LCE.

Secure Shell Public Keys

LCE analysis is provided to SecurityCenter through the use of command execution across a Secure Shell (SSH) network session. When SecurityCenter queries an LCE server, it invokes an SSH session to the configured LCE server. All execution and analysis of LCE data occurs on the LCE server.

SSH public keys are configured such that SecurityCenter can invoke commands on the LCE server. Non system-administrator accounts are used to perform these queries. The trust relationship is only needed from SecurityCenter to the LCE server.

Secure the Log Correlation Engine Server System

It is recommended that the server operating system be locked down before installation to ensure that no unnecessary services are running. The only service that is required to support remote users is SSH and the LCE interface. While the LCE daemon is operational, by default it will listen on the following ports:

Port Description
UDP
162 SNMP
514 Syslog messages
TCP
601 Reliable syslog service messages
1243 Vulnerability detection (if enabled in SecurityCenter)
6514 Encrypted TCP syslog messages
8836 LCE interface
31300 LCE API
31302 Load-balanced LCE servers

Caution: The system running the LCE can operate a syslog daemon, but the syslog daemon must not be listening on the same port(s) that the LCE server is listening on.

Supported Platforms

If you are using an AWS instance in conjunction with LCE, it is required that you use an Elastic Network Interface (ENI). More information about using an ENI with an AWS instance can be found here.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.