TOC & Recently Viewed

Recently Viewed Topics

Statistics

In the Statistics section the amount of events are displayed by each source of event data. The LCE source shows the number of internally generated events from the LCE being administered. The TCP Syslog, and UDP syslog source displays the number of events received on the configured TCP syslog or UDP syslog listening port. Likewise the Clients source is the total amount of event data that all LCE clients produce. The IDS event source type is the total amount of event data from all IDS sources. The TASL source type is all the event data created by the LCE TASL scripts.

The source data is displayed in Average Events / Second and Average Bytes / Second since the LCE server was last started. The source data also displays the Total Events (today) for the day, and the Total Events (since startup) is the total number of events since the LCE server was last started.

Runtime statistics pertaining to logging and correlation are collected, including:

  • Logs/bytes per second
  • Number/percentage of logs matched/unmatched
  • Number of events correlating with vulnerabilities
  • Number/percentage of logs from clients, syslog, and IDS
  • Number of TASL alerts generated

This information is logged once per hour and is written both to the application log and to the normalized database under the event name LCE-Server_Statistics (type “lce”).

Example Correlation Statistics Output found in the LCE admin logs (e.g., /opt/lce/admin/log/2017Jul.log):

An average of 50 logs are being received each second.

A total of 5,778 logs (521,046 bytes) have been received.

2,232 logs have been matched by plugins (38.63%). 3,546 logs did not match (61.37%).

Log source breakdown: 5,774 from clients (99.93%), 2 via syslog (0.07%), 0 from IDS devices (0.00%).

No log events have correlated with vulnerabilities.

2 TASL alerts have been generated.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.