Basic Configuration
The Basic Configuration section comprises the essential configuration needed for an Tenable Log Correlation Engine server to function. The items in this section are addressed in the initial Quick Setup, but can be changed in this section at a later time if the need arises.
Each menu option for the Basic section is covered in detail below.
Option | Description |
---|---|
Server Address |
The IP address of the network interface(s) that the Tenable Log Correlation Engine server listens on. More than one interface may be specified on separate lines:
127.0.0.1 192.0.2.2
By default, or if left blank the above Tenable Log Correlation Engine services will listen on all available network addresses. |
Client Port |
The port number that the Tenable Log Correlation Engine server listens on. By default, port 31300. |
UDP Syslog Port |
By default, the Tenable Log Correlation Engine server listens for UDP syslog traffic on port 514. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed. Note: Only ASCII-encoded syslog is accepted. |
TCP Syslog Port |
By default, the Tenable Log Correlation Engine server listens for TCP syslog traffic on port 601. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed. Note: Only ASCII-encoded syslog is accepted. |
Encrypted TCP Syslog Listen Port |
By default, the Tenable Log Correlation Engine server listens for encrypted TCP syslog traffic on port 6514. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed. |
SNMP Port | By default, the Tenable Log Correlation Engine server listens for SNMP traffic on port 162. If the environment requires the Tenable Log Correlation Engine server to listen on a different port, this setting may be changed. |
Include Networks |
Defines the internal network range. All networks specified in the first section are included. Note: Make sure this range matches IP addresses that are considered internal from an event perspective. This range is used by a number of TASL scripts and the |
Exclude Networks |
Defines networks that should be excluded from the ranges specified for Include Networks. |
Allow only TLSv1.2 | Disables all SSL/TLS support prior to TLS 1.2 for all SSL interfaces for PCI DSS compliance. |