Basic Configuration

The Basic Configuration section comprises the essential configuration needed for an Tenable Log Correlation Engine server to function. The items in this section are addressed in the initial Quick Setup, but can be changed in this section at a later time if the need arises.

Each menu option for the Basic section is covered in detail below.

Option Description

Server Address

The IP address of the network interface(s) that the Tenable Log Correlation Engine server listens on. More than one interface may be specified on separate lines:

 

127.0.0.1

192.0.2.2

 

By default, or if left blank the above Tenable Log Correlation Engine services will listen on all available network addresses.

Client Port

The port number that the Tenable Log Correlation Engine server listens on. By default, port 31300.

UDP Syslog Port

By default, the Tenable Log Correlation Engine server listens for UDP syslog traffic on port 514. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed.

Note: Only ASCII-encoded syslog is accepted.

TCP Syslog Port

By default, the Tenable Log Correlation Engine server listens for TCP syslog traffic on port 601. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed.

Note: Only ASCII-encoded syslog is accepted.

Encrypted TCP Syslog Listen Port

By default, the Tenable Log Correlation Engine server listens for encrypted TCP syslog traffic on port 6514. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed.

SNMP Port By default, the Tenable Log Correlation Engine server listens for SNMP traffic on port 162. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed.

Include Networks

Defines the internal network range. All networks specified in the first section are included.

Note: Make sure this range matches IP addresses that are considered internal from an event perspective. This range is used by a number of TASL scripts and the stats daemon to define inbound, outbound, and internal specifications for Tenable Log Correlation Engine events. This is different from the Directions filter on the Tenable Security Center events page, which uses the managed ranges of the active user to determine event direction.

Exclude Networks

Defines networks that should be excluded from the ranges specified for Include Networks.

Allow only TLSv1.2 Disables all SSL/TLS support prior to TLS 1.2 for all SSL interfaces for PCI DSS compliance.