Recently Viewed Topics
Hardware and Software Requirements
Before deploying LCE, confirm that the prerequisite software and hardware requirements have been met and that you have an operational instance of Tenable.sc. Depending on the size of your organization and the way you deploy LCE, the hardware requirements for LCE change. All deployments have a common set of minimum software requirements.
This section contains the following:
- Software Requirements
- Hardware Requirements
- System Specifications
- File System Recommendations
All deployments of LCE require the following:
- An active LCE license
- RHEL/CentOS 5.x, 6.x, or 7.x, 64-bit
Additionally, while LCE is active, it requires exclusive access to certain ports. The only services that are required to support remote users are SSH and the LCE interface (lce_wwd). If other services are active on the system, conflicts should be avoided on the following default ports:
|Ports LCE Receive (Listen) On|
|22/TCP||SSH, for requests from Tenable.SC|
|1243/TCP||Vulnerability detection, if enabled in Tenable.SC|
|8836/TCP||LCE Administrative Web UI|
|31300/TCP||Events from LCE Clients|
|Ports LCE Sends On|
|443/TCP||Pull requests to the plugins feed at plugins.nessus.org|
|Ports LCE uses over Loopback Interface|
|7091/TCP||Internal communication, |
|7092/TCP||Internal communication, |
Caution: The system running the LCE can operate a syslog daemon, but the syslog daemon must not be listening on the same port(s) that the LCE server is listening on.
The hardware requirements for LCE change based on the number of events being processed.
The following table provides the estimated average number of events from various sources.
Number of Estimated Events
1 web-facing app server
1 web-facing firewall/IDS/IPS
1 internal application server (low volume)
1 internal application server (high volume: IIS, Exchange, AD)
1 internal network device
To convert your event rate to bytes per day, it is recommended that you multiply your total events/second by 250 bytes/event and multiply by 86,400 seconds/day.
Tip:You can use the following calculator to determine the total number of events per second as well as the bytes per day.
The following table specifies the system requirements based on the number of events the LCE server is processing.
|Installation scenario||RAM||Processor||Hard disk||Hard disk space|
One LCE server with PostgreSQL processing less than 5,000 events per seconds
| ||8 cores||10,000 RPM HD, or SSD of equiv. IOPS capability; RAID 0/10 configuration|| |
One LCE server with PostgreSQL processing between 5,000 and 20,000 events per second
| ||16 cores||15,000 RPM HD, or SSD of equiv. IOPS capability; RAID 0/10 configuration|
One LCE server with PostgreSQL process greater than 20,000 events per second
| ||24 cores or more||SSD of IOPS capability at least equiv. to a 15,000 RPM HD; RAID 0/10 configuration|
The LCE server requires a minimum of 20 GB of storage space to continue running and storing logs. If less than 1 GB is available, the Log Engine (lced) process will stop gracefully and refuse to store additional logs. The current system disk space is visible on the Health and Status page of the LCE interface.
Placing your activeDb on a networked file system (e.g. NFS) will result in inadequate system performance. Tenable recommends that you use EXT3, EXT4, XFS, or ZFS; and that you pay close attention to the mount options. Here are the mount options that Tenable suggest using, and the mount options Tenable suggest staying away from:
|If your file system is:||It is recommended that you use:||It is not recommended to use:|
|EXT3, EXT4, XFS|
There is no licensed limit to the number of events or IPs that the LCE can be configured to monitor.
There are different licenses available for LCE based on the total amount of storage used by LCE. The licenses are based on 1 TB, 5 TB, and 10 TB storage sizes. A license for LCE is provided as a part of Tenable.sc Continuous View. There is no difference in the LCE software that is installed, just the maximum storage size that can be used by LCE. Data that exceeds your license limit will be