Configure the Log Correlation Engine Splunk Client

Note: All shell commands need to be executed by a user with root privileges.

To configure the Splunk Client, you can execute the set-server-ip.sh script and include the Log Correlation Engine Server IP address and port number as arguments, or execute the script and, when prompted, enter the IP address and port number individually.

Finally, you will need to authorize the Tenable Log Correlation Engine Splunk Client.

To execute the script using arguments:

  1. Type /opt/lce_splunk/set-server-ip.sh <IP> <Port>, where <IP> is the IP address of an Log Correlation Engine Server and <Port> is the port number assigned to the server. By default, the port number is 31300.

    The Log Correlation Engine Server IP address and port number are updated, and the Log Correlation Engine Splunk Client daemon is restarted.

    Example:

    # /opt/lce_splunk/set-server-ip.sh 192.168.22.11 31300

    Updating LCE Server IP from 192.0.2.66 to 192.0.2...

    Updating LCE Server Port from 31300 to 31300...

    Done

    Stopping LCE Splunk Client daemon                               [  OK  ]

    Starting LCE Splunk Client daemon                               [  OK  ]

To execute the script without arguments:

  1. Type /opt/lce_splunk/set-server-ip.sh

    You are prompted to enter the Log Correlation Engine Server IP address or hostname.

  2. Type the IP address or hostname of an Log Correlation Engine server.

    You are prompted to enter the Log Correlation Engine server port.

  3. Type the port number assigned to the server for Log Correlation Engine client communication. By default, the port number is 31300.

    The Log Correlation Engine Server IP address and port number are updated, and the Log Correlation Engine Splunk Client daemon is restarted.

    Example:

    # /opt/lce_splunk/set-server-ip.sh

     

    Enter the new desired LCE server IP or hostname.

    >>

    192.168.22.11

     

     

    Enter the new desired LCE server port [31300].

    >>

    31300

    Updating LCE Server IP from 203.0.113.1 to 192.168.22.11...

    Updating LCE Server Port from 31300 to 31300...

    Done

    Stopping LCE Splunk Client daemon                               [  OK  ]

    Starting LCE Splunk Client daemon                               [  OK  ]