TOC & Recently Viewed

Recently Viewed Topics

LCE Troubleshooting

LCE server does not appear to be operational

  • Log in to the SecurityCenter UI as admin and confirm that the LCE server state is Working along with all attached LCE clients.
  • Check that you can SSH from the SecurityCenter host to the LCE host.
  • Check that the LCE daemon is running on its host and listening on the configured port (TCP port 31300 by default):

    # ss -pan | grep lced

    tcp        0      0 0.0.0.0:31300   0.0.0.0:*     LISTEN      30339/lced

  • Check that the listening ports can be reached from the network and are not blocked by a firewall.
  • If the LCE server is not operational, attempt to start the service:

    # service lce start

    Starting Log Correlation EngineLCE Daemon Configuration
    LICENSE: Tenable Log Correlation Engine 3-Silo Key for [user]
    EXPIRE: 11-10-2011
    REMAIN: 30 days
    MESSAGE: LCE (3-silo license)
    MESSAGE: Valid authorization
    --------------------------------------------------------
                                                               [  OK  ]

No events from an attached LCE server

  • Log in to the SecurityCenter UI as admin and confirm that the LCE server state is Working along with all attached LCE clients.
  • Confirm connectivity by checking that heartbeat events show up in the SecurityCenter UI.
  • Check the LCE configuration settings in accordance with the LCE documentation.
  • Check the individual LCE client configuration and authorization in the LCE Clients screen. If syslog is being used to collect information and events, ensure that the syslog service is running and configured correctly on the target syslog server in accordance with LCE documentation.
  • Check for NTP time synchronization between the SecurityCenter, LCE, and LCE clients.

Invalid LCE license

  • Check that an up-to-date license exists on the LCE server

LCE plugins fail to update

  • Manually test a plugin update under Plugins with Update Plugins. If successful, the line Passive Plugins Last Updated will update to the current date and time.
  • Ensure that the SecurityCenter host is allowed outbound HTTPS connectivity to the LCE Plugin Update Site.
  • For all other LCE plugin update issues, contact Tenable Support at support@tenable.com.

 

 

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.