Manage Clients in Tenable Log Correlation Engine
To access the Clients page:
- In the top navigation bar, click Clients.
-
The Clients page displays a table of authorized clients and clients requesting permission to communicate with the Tenable Log Correlation Engine server.
This table is referred to throughout this documentation as the client table.
Caution: The Tenable Log Correlation Engine Client Manager Interactive Mode is deprecated. Clients should be managed using the Clients page.
Additionally, the controls above the client table allow you to search the entries in the client table, apply filters, and show or hide table columns.
Client operations in Tenable Log Correlation Engine are performed using the client table that is displayed on this page. Certain operations can be performed on one or more clients simultaneously by selecting the check boxes in the rows corresponding to the clients with which you want to interact.
The following table lists the columns that appear on the Clients page, and provides a brief description of each. Only certain columns are visible by default.
Column | Description |
---|---|
IP |
The IP address of the Tenable Log Correlation Engine client host. If you have more than one client installed on a host, the same IP address will appear multiple times. |
Name |
The value in the name column will be one of the following, ordered by priority:
|
Type |
The type of Tenable Log Correlation Engine client. For example, LCE Splunk or LCE Client. |
OS |
The operating system supported by the installed Tenable Log Correlation Engine client package. Note: While it may correspond, this value does not reflect the operating system installed on the host. |
Policy |
The file name of the policy currently assigned to the Tenable Log Correlation Engine client. |
Version |
The version of the installed Tenable Log Correlation Engine client package. |
Last Heartbeat |
The last time the Tenable Log Correlation Engine server received a heartbeat from an authorized Tenable Log Correlation Engine client. Tip: If you hover your cursor over this value, the exact timestamp appears. Unauthorized clients do not send heartbeats. This can be used to identify Tenable Log Correlation Engine clients that are not reporting to the Tenable Log Correlation Engine server correctly. |
Server |
The IP address or hostname of the Tenable Log Correlation Engine server to which that Tenable Log Correlation Engine client is assigned. If the Tenable Log Correlation Engine client is installed on the same host as the Tenable Log Correlation Engine server, the IP addresses will be the same. By default, this column is not visible. |
Authorized |
Whether that Tenable Log Correlation Engine client is authorized to communicate with the Tenable Log Correlation Engine server. By default, this column is not visible. Tip: This can be used to identify Tenable Log Correlation Engine clients that are not be reporting to the Tenable Log Correlation Engine server correctly. |
Alive |
Whether a heartbeat or log was last received within the 5 minute reporting period from that client. By default, this column is not visible. |
Logs today |
The number of events received from that client today, including heartbeats. By default, this column is not visible. |
UUID |
The UUID of the client, if the client version supports UUIDs. The UUID is used to identify unique instances of Tenable Log Correlation Engine clients. By default, this column is not visible. |