Import LCE Data Manually

LCE data can be collected both via real-time logging and manually in batch mode using the import_logs tool. These events will show up in the normalized event view along with events collected in real-time. This command-line tool allows data to be imported into the LCE that may not be available in real-time, but is still important for correlation of vulnerability data and for analysis of security posture and events.

Log files must be in ASCII format or UTF8, not binary, and each log must be delimited by a single newline.

Note: Event silos in the LCE activeDb may not overlap in respective time spans of contained events.


# /opt/lce/tools/import_logs

--ASCII | --UTF8

[--now-as-timestamp | --may-guess-timestamps]

[--minimum-timestamp-epoch <N>]

[--maximum-timestamp-epoch <N>]



The following table describes the options available for import_logs:

Option Description


Do not apply LCE event rules to imported logs.


If no timestamp can be determined for an event, assign the most recent known timestamp.


Use the current system time for all imported logs rather than the timestamps contained within the event text.