Basic Configuration

Server Address

The IP address of the network interface(s) that the LCE server listens on. More than one interface may be specified on separate lines:

127.0.0.1

192.0.2.2

By default, or if left blank the above LCE services will listen on all available network addresses.

Client Port

The port number that the LCE server listens on. By default, port 31300.

UDP Syslog Port

By default, the LCE server listens for UDP syslog traffic on port 514. If the environment requires the LCE server to listen on a different port, this setting may be changed.

Note: Only ASCII-encoded syslog is accepted.

TCP Syslog Port

By default, the LCE server listens for TCP syslog traffic on port 601. If the environment requires the LCE server to listen on a different port, this setting may be changed.

Note: Only ASCII-encoded syslog is accepted.

Encrypted TCP Syslog Listen Port

By default, the LCE server listens for encrypted TCP syslog traffic on port 6514. If the environment requires the LCE server to listen on a different port, this setting may be changed.

Include Networks

Defines the internal network range. All networks specified in the first section are included.

Note: Make sure this range matches IP addresses that are considered internal from an event perspective. This range is used by a number of TASL scripts and the stats daemon to define inbound, outbound, and internal specifications for LCE events. This is different from the Directions filter on the Tenable.sc events page, which uses the managed ranges of the active user to determine event direction.

Exclude Networks

Defines networks that should be excluded from the ranges specified for Include Networks.