Recently Viewed Topics
Log Correlation Engine Clients
The LCE server has the ability to manage configuration files for LCE 5.x clients remotely from the command line. SecurityCenter has the ability to manage the configuration files for LCE 5.x clients via a graphical interface.
The default view for the LCE Clients page displays all of the available clients for the selected LCE server in the “Filters” section, and may be changed by changing the LCE Server filter. Using the other filter options, the displayed clients for the selected server may be narrowed down by a mix of criteria based on combinations of the displayed columns.
Current LCE Client versions display information in the table including their name, host address, authorization status, client type, host OS, assigned policy file, date last updated, and client version. LCE Client configurations can be managed from SecurityCenter.
Tip: Note that configured clients prior to version 5.x are displayed on the list without OS and policy information. However, these clients cannot have their policy files centrally managed from SecurityCenter.
Each client may have a name assigned to it to help easily identify the client. The currently assigned name is displayed in the Name column. To change the name, click on the client to edit from the list, and enter the name. Client names may not contain spaces. Once set, click the Submit button to save the change.
LCE Clients are initially configured to send their data to a particular LCE server, but must be authorized by the LCE sever for the server to accept the data. The client’s authorization status is displayed in the left-side column. If there is no icon, the client is authorized to send data to the LCE server. If there is a broken link icon, the client is not authorized to send data to the LCE server. This may be toggled by selecting the gear icon for the client and clicking either the Authorize or Revoke Authorization from the list as appropriate.
Each client must have a policy assigned to it that specifies the appropriate data to send. The currently assigned policy is displayed in the Policy column. To change the assigned policy, click on the client to edit from the list, and select the appropriate policy from the drop-down list. The client policies may be searched by name by entering text into the Policy field. Once set, click the Submit button to save the change. The policy will be updated on the client on its next connection.