TOC & Recently Viewed

Recently Viewed Topics

Tools

When LCE is installed, it includes a number of tools and utilities. By default, the tools are all installed in the /opt/lce/tools/ directory.

General Tools

The following table lists in alphabetical order each tool and describes its function.

Tool Description Usage
import_logs

Imports a directory of log files or a list of one or more logs on disk into the active database on the LCE server. You must specify whether the logs you are importing are encoded as ASCII (--ASCII) or UTF-8 (--UTF8).

lce_crypto_utils

Used to generate and view self signed CA certificates in .pem format.

# /opt/lce/tools/lce_crypto_utils

--generate-LCE-Server-creds <into_dir> [<CA_dnSpec>] [<endEntity_dnSpec>]

(NB: any prior contents of <into_dir> will be erased!!)

--print-cert <cert_path>.pem

--print-CRL <CRL_path>.pem

--is-signed-by <cert_path>.pem <CA_cert_path>.pem

--is-revoked-per <cert_path>.pem <CRL_path>.pem

A <dnSpec> is: ,-separated list of K=V pairs, all optional save the last; \-escape as needed: 'C=<country>,ST=<state>,L=<city>,O=<org>,OU=<orgUnit>,CN=<name>'

list-clients Used to list clients since LCE 5.0.3.

# /opt/lce/tools/list-clients


Note: The --brief option can be used for brief output. The default output is verbose.
make_cert Creates an SSL certificate for LCE Proxy.

# /opt/lce/tools/make_cert

 

-------------------------------------------------------------------------------

Creation of the LCE Proxy SSL Certificate

-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL

certificate for LCE Proxy. Note that this information will *NOT* be sent to

anybody (everything stays local), but anyone with the ability to connect to your

LCE Proxy will be able to retrieve this information.

 

CA certificate life time in days [1460]:

Server certificate life time in days [365]:

Your country (two letter code) [US]:

Your state or province name [NY]:

Your location (e.g. town) [New York]:

Your organization [LCE Users]:

This host name [-----------]:


Note: The -q (quiet option) prevents the user from being prompted.
msmtp An SMTP client with a sendmail compatible interface.

To configure msmtp, update msmtp.conf and provide an smtp host, username, password, and port.

openssl-utils.sh Used to generate and view self signed CA certificates in .pem format

# /opt/lce/tools/openssl-utils.sh

--generate-LCE-Server-creds <into_dir> [<CA_dnSpec>] [<endEntity_dnSpec>]

(NB: any prior contents of <into_dir> will be erased!!)

--print-cert <cert_path>.pem

--print-CRL <CRL_path>.pem

--is-signed-by <cert_path>.pem <CA_cert_path>.pem

--is-revoked-per <cert_path>.pem <CRL_path>.pem

A <dnSpec> is: ,-separated list of K=V pairs, all optional save the last; \-escape as needed: 'C=<country>,ST=<state>,L=<city>,O=<org>,OU=<orgUnit>,CN=<name>'

plugin_manager.sh

The LCE Disabled Plugins Management Tool is a script that generates a list of plugin libraries that contain no plugins that have ever matched an event processed by the system. You are prompted to automatically disable all of the unused plugin libraries. If this option is not chosen, the unused PRM files are simply listed for reference.

# /opt/lce/tools/plugin_manager.sh

query-plan-explainer A convenient wrapper around the PostgreSQL EXPLAIN command, making its output both more concise and better readable.

[--estimate-only] <sqlFile> | "SQL query"

send_syslog Sends syslog messages to one or more servers.

# /opt/lce/tools/send_syslog (server address 1) [...] [server address N] -message "(message)"

[-port <port num>]

[-priority #]

[-facility <facility>]

[-severity <severity>]

start

Starts PostgreSQL daemon and all LCE daemons.

# /opt/lce/tools/start

timestamp_formats.txt

Used to identify the timestamp formats that appear for event timestamps in logs imported by import_logs. By default, this file includes a list of date formats.

If you are importing logs with timestamps in formats that are not included in this file, you can append the new formats to the list.

 

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.