TOC & Recently Viewed

Recently Viewed Topics


When LCE is installed, it includes a number of tools and utilities. By default, the tools are all installed in the /opt/lce/tools/ directory.

General Tools

The following table lists in alphabetical order each tool and describes its function.

Tool Description Usage
archival-manager Script that allows executing certain tasks relating to archive snapshots, and also allows forcefully rolling the current silo to start a fresh one.

--list-snapshots [<siloName>]

--archive <siloName>

--summarize <snapshotId>

--restore <snapshotId> [<into_siloName>] [--same-datastore-instance]

--remove-active <siloName> --remove-archived <snapshotId> --roll-currsilo-now

cache-filter-pointers The /opt/lce/tools/cache-filter-pointers utility can aid performance of certain drilldown queries; Tenable Support may instruct you to run it on as-needed basis, or perhaps to keep it running with aid of xinetd(8).

--filter <M> | --silo <N> | --ongoing

change-activeDb-location Changes the root directory of the operational LCE datastore from the default.

<absolute path of new location>

change-tracelogs-location Changes the root directory of the LCE tracelogs from the default.

<absolute path of new location>

create--make-current--silo If silo rolling is inoperable, this utility can be used (with all LCE daemons stopped) to switch to a new silo.

<siloNumber> | --take-next


Imports a directory of log files or a list of one or more logs on disk into the active database on the LCE server. You must specify whether the logs you are importing are encoded as ASCII (--ASCII) or UTF-8 (--UTF8).

Caution: import_logs will only accept the following arguments.

--ASCII | --UTF8

[--now-as-timestamp | --may-guess-timestamps]

[--minimum-timestamp-epoch <N>]

[--maximum-timestamp-epoch <N>]



install-PostgreSQL-man-pages   For the description and usage, see install-PostgreSQL-man-pages.

Used to generate and view self signed CA certificates in .pem format.

# /opt/lce/tools/lce_crypto_utils

--generate-LCE-Server-creds <into_dir> [<CA_dnSpec>] [<endEntity_dnSpec>]

(NB: any prior contents of <into_dir> will be erased!!)

--print-cert <cert_path>.pem

--print-CRL <CRL_path>.pem

--is-signed-by <cert_path>.pem <CA_cert_path>.pem

--is-revoked-per <cert_path>.pem <CRL_path>.pem

A <dnSpec> is: ,-separated list of K=V pairs, all optional save the last; \-escape as needed: 'C=<country>,ST=<state>,L=<city>,O=<org>,OU=<orgUnit>,CN=<name>'

list-clients Used to list clients since LCE 5.0.3.

# /opt/lce/tools/list-clients

Note: The --brief option can be used for brief output. The default output is verbose.
make_cert Creates an SSL certificate for LCE Proxy.

# /opt/lce/tools/make_cert



Creation of the LCE Proxy SSL Certificate


This script will now ask you the relevant information to create the SSL

certificate for LCE Proxy. Note that this information will *NOT* be sent to

anybody (everything stays local), but anyone with the ability to connect to your

LCE Proxy will be able to retrieve this information.


CA certificate life time in days [1460]:

Server certificate life time in days [365]:

Your country (two letter code) [US]:

Your state or province name [NY]:

Your location (e.g. town) [New York]:

Your organization [LCE Users]:

This host name [-----------]:

Note: The -q (quiet option) prevents the user from being prompted.
msmtp An SMTP client with a sendmail compatible interface.

To configure msmtp, update msmtp.conf and provide an smtp host, username, password, and port. Used to generate and view self signed CA certificates in .pem format

# /opt/lce/tools/

--generate-LCE-Server-creds <into_dir> [<CA_dnSpec>] [<endEntity_dnSpec>]

(NB: any prior contents of <into_dir> will be erased!!)

--print-cert <cert_path>.pem

--print-CRL <CRL_path>.pem

--is-signed-by <cert_path>.pem <CA_cert_path>.pem

--is-revoked-per <cert_path>.pem <CRL_path>.pem

A <dnSpec> is: ,-separated list of K=V pairs, all optional save the last; \-escape as needed: 'C=<country>,ST=<state>,L=<city>,O=<org>,OU=<orgUnit>,CN=<name>'

optimize-datastore The PostgreSQL maintenance commands requisite for best query performance have been collected into the /opt/lce/tools/optimize-datastore script. It is suggested that you run this script during off-peak (low-load) hours, triggered by a cron(1) job. The contained commands are resource-intensive and query performance will be poor while optimize-datastore is being run.

( --only-silo <N> | --all ) [--also-cluster | --also-reindex] [--max-runtime-hours <M>]

The LCE Disabled Plugins Management Tool is a script that generates a list of plugin libraries that contain no plugins that have ever matched an event processed by the system. You are prompted to automatically disable all of the unused plugin libraries. If this option is not chosen, the unused PRM files are simply listed for reference.

# /opt/lce/tools/

query-plan-explainer A convenient wrapper around the PostgreSQL EXPLAIN command, making its output both more concise and better readable.

[--estimate-only] <sqlFile> | "SQL query"

regenerate-lookup-aids LCE datastore contains events data proper and cached summaries of several kinds, the latter are collectively called lookup-aid tables. Unlike event data proper, integrity of the lookup-aid tables is not guaranteed in case of abnormal termination of PostgreSQL process. This ensures the best possible performance during normal operation, but after a cold host reboot or similar event, you will need to run /opt/lce/tools/regenerate-lookup-aids; query performance will be poor until this has been done.

--all | --one <siloId>

reset-login-account Reset the password for one of the secured accounts used to login to an LCE Server instance from outside the instance's host, if the LCE UI is for some reason unavailable or an operator simply prefers a console interaction for the purpose.

( --WebUI-administrator | --WebUI-readonly | --vuln-reporter ) <username>


NB: will prompt for <password> once running.

Note: Only the username is to be specified as a command-line argument. Once running, the utility will prompt you for password.
send_syslog Sends syslog messages to one or more servers.

# /opt/lce/tools/send_syslog (server address 1) [...] [server address N] -message "(message)"

[-port <port num>]

[-priority #]

[-facility <facility>]

[-severity <severity>]


Starts PostgreSQL daemon and all LCE daemons.

# /opt/lce/tools/start-all


Restarts PostgreSQL daemon and all LCE daemons.

Note: bar-pg is now an option.

# /opt/lce/tools/restart-all


Stops PostgreSQL daemon and all LCE daemons.

Note: bar-pg is now an option.

# /opt/lce/tools/stop-all


Used to identify the timestamp formats that appear for event timestamps in logs imported by import_logs. By default, this file includes a list of date formats.

If you are importing logs with timestamps in formats that are not included in this file, you can append the new formats to the list.
ts-test Used to check how a particular log would be tokenized for the purpose of text search indexing and whether a particular text search phrase would match it.

<rawDocument> [<tsQuery_inclStopwords>]




<path to file with rawDocument> [<tsQuery_inclStopwords>]

validate-PRM-regex To test matching, using exactly the same regex matching package, version, and settings, as used by the LCE engine.

<PRM_reg.ex._line> <sample_log>

Troubleshooting and Performance Tuning

See the Shortcuts for Running SQL Commands and Scripts section to easily invoke these SQL scripts.

Tool Description
pg-helper-sql/ locks.sql

Displays which objects the current transactions are waiting to lock.

  planner-estimate-basis.sql Displays the estimates that PostgreSQL's optimizer currently has collected, for the columns of a given table.
  cardinalities.sql <siloTableName> Computes and shows the actual cardinality of each column in the specified silo table. You can use this information to accurately inform PostgreSQL's optimizer.
  table-access-stats.sql--nonsilo.sql Tracks the accesses to each table and respective access path distribution.
  table-access-stats.sql-silo.sql Tracks the accesses to each table and respective access path distribution.


Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.