TOC & Recently Viewed

Recently Viewed Topics

Import LCE Data Manually

LCE data can be collected both via real-time logging and manually in batch mode using the import_logs tool. These events will show up in the normalized event view along with events collected in real-time. This command-line tool allows data to be imported into the LCE that may not be available in real-time, but is still important for correlation of vulnerability data and for analysis of security posture and events.

Usage:

# /opt/lce/tools/import_logs <list of log files and directories to import> [-d, --disable-rules] [-a, --approximate-timestamps] [-c, --current-time] [-o, --output-prefix <prefix>]

Each item in the <list of log files and directories to import> is a file name or directory name. A directory name may or not end with a slash. For example:

# /opt/lce/tools/import_logs /directory1 file1 file2 /directory2/

Directory imports are non-recursive.

The following table describes the options available for import_logs:

Option Description

-d, -disable-rules

Do not apply LCE event rules to imported logs.

-a, --approximate-timestamps

If no timestamp can be determined for an event, assign the most recent known timestamp.

-c, --current-time

Use the current system time for all imported logs rather than the timestamps contained within the event text.

-o, --output-prefix <prefix>

Use the specified prefix when naming newly generated silos. For example, the -o Snort option will generate silos with names like SnortJun142009-Aug242009.db.gz. The default prefix is lce. This option can aid in the process of searching for logs created by a particular import instance.

The log importer tool logs its actions to /opt/lce/admin/log/importer and archives within this directory can be checked in the event that an import does not execute as expected.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.