TOC & Recently Viewed

Recently Viewed Topics

Import LCE Data Manually

LCE data can be collected both via real-time logging and manually in batch mode using the import_logs tool. These events will show up in the normalized event view along with events collected in real-time. This command-line tool allows data to be imported into the LCE that may not be available in real-time, but is still important for correlation of vulnerability data and for analysis of security posture and events.

Log files must be in ASCII format or UTF8, not binary, and each log must be delimited by a single newline.

Usage:

# /opt/lce/tools/import_logs

--ASCII | --UTF8

[--now-as-timestamp | --may-guess-timestamps]

[--minimum-timestamp-epoch <N>]

[--maximum-timestamp-epoch <N>]

[--no-eval-event-rules]

<inputFileAbsolutePath>

The following table describes the options available for import_logs:

Option Description

--no-eval-event-rules

Do not apply LCE event rules to imported logs.

--may-guess-timestamps

If no timestamp can be determined for an event, assign the most recent known timestamp.

--now-as-timestamp

Use the current system time for all imported logs rather than the timestamps contained within the event text.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.