TOC & Recently Viewed

Recently Viewed Topics

Tools

When LCE is installed, it includes a number of tools and utilities. By default, the tools are all installed in the /opt/lce/tools/ directory. The following table lists in alphabetical order each tool and describes its function.

Tool Description Usage
import_logs

Imports a directory of log files or a list of one or more logs on disk into the active database on the LCE server. You must specify whether the logs you are importing are encoded as ASCII (--ASCII) or UTF-8 (--UTF8).

# /opt/lce/tools/import_logs

Usage: /opt/lce/tools/import_logs <list of log files and directories to import>

[--ASCII or --UTF8] (required)

[-d, --disable-rules] (optional)

[-c, --current-time] (optional)

[-j <N>, --jobs <N>] (optional)

[-n, --not-approximate-timestamps] (optional)

[debug] (optional)

[--cleanup] (optional)

lce-common.sh Contains various shell functions that are used to control and display LCE services and values.

The following functions are included:

am_i_root()

is_lce_running()

kill_running_lce()

restart_lce_services()

get_config_value()

update_config_value()

write_lce_log()

make_lce_timestamp()

pretty_print_time()

pretty_print_kbytes()

lce-reload-conf.sh Contains functions to reload the configuration for various LCE daemons.

The following LCE daemons can be commanded to reload configuration:

lced

lce_queryd

lce_report_proxy

stats

lce_tasl

lce_www

lce_crypto_utils

Used to generate, and view, self signed CA certificates in .pem format.

# /opt/lce/tools/lce_crypto_utils

--generate-LCE-Server-creds <into_dir> [<CA_dnSpec>] [<endEntity_dnSpec>]

(NB: any prior contents of <into_dir> will be erased!!)

--print-cert <cert_path>.pem

--print-CRL <CRL_path>.pem

--is-signed-by <cert_path>.pem <CA_cert_path>.pem

--is-revoked-per <cert_path>.pem <CRL_path>.pem

A <dnSpec> is: ,-separated list of K=V pairs, all optional save the last; \-escape as needed: 'C=<country>,ST=<state>,L=<city>,O=<org>,OU=<orgUnit>,CN=<name>'

make_cert Creates an SSL certificate for LCE Proxy.

# /opt/lce/tools/make_cert

 

-------------------------------------------------------------------------------

Creation of the LCE Proxy SSL Certificate

-------------------------------------------------------------------------------

This script will now ask you the relevant information to create the SSL

certificate for LCE Proxy. Note that this information will *NOT* be sent to

anybody (everything stays local), but anyone with the ability to connect to your

LCE Proxy will be able to retrieve this information.

 

CA certificate life time in days [1460]:

Server certificate life time in days [365]:

Your country (two letter code) [US]:

Your state or province name [NY]:

Your location (e.g. town) [New York]:

Your organization [LCE Users]:

This host name [-----------]:

msmtp An SMTP client with a sendmail compatible interface.

To configure msmtp, update msmtp.conf and provide an smtp host, username, password, and port.

# msmtp recipent@domain.com

openssl-utils.sh Used to generate, and view, self signed CA certificates in .pem format

# /opt/lce/tools/openssl-utils.sh

--generate-LCE-Server-creds <into_dir> [<CA_dnSpec>] [<endEntity_dnSpec>]

(NB: any prior contents of <into_dir> will be erased!!)

--print-cert <cert_path>.pem

--print-CRL <CRL_path>.pem

--is-signed-by <cert_path>.pem <CA_cert_path>.pem

--is-revoked-per <cert_path>.pem <CRL_path>.pem

A <dnSpec> is: ,-separated list of K=V pairs, all optional save the last; \-escape as needed: 'C=<country>,ST=<state>,L=<city>,O=<org>,OU=<orgUnit>,CN=<name>'

plugin_manager.sh

The Log Correlation Engine Disabled Plugins Management Tool is a script that generates a list of plugin libraries that contain no plugins that have ever matched an event processed by the system. The user is prompted to automatically disable all of the unused plugin libraries. If this option is not chosen, the unused PRM files are simply listed for reference.

# /opt/lce/tools/plugin_manager.sh

send_syslog Sends syslog messages to one or more servers.

# /opt/lce/tools/send_syslog (server address 1) [...] [server address N] -message "(message)"

[-port <port num>]

[-priority #]

[-facility <facility>]

[-severity <severity>]

setup-single-node.sh

Configures Elasticsearch in a single node configuration. An ES index is created. Ensure ES analysis-icu is installed. The appropriate user level credentials are checked.

Caution: Do not use this tool unless directed by Tenable Network Security or the product itself to do so.

start_lce Starts all LCE daemons.

# /opt/lce/tools/start_lce

stop_lce Stops all LCE daemons.

# /opt/lce/tools/stop_lce

timestamp_formats.txt

Used to identify the timestamp formats that appear for event timestamps in logs imported by import_logs. By default, this file includes a list of date formats.

If you are importing logs with timestamps in formats that are not included in this file, you can append the new formats to the list.
utilities.sh

Caution: This script is used by the tools that are installed with LCE, and should not be interacted with directly.

None

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.