Tenable Log Correlation Engine Clients

Note: Tenable Enclave Security does not support Tenable Log Correlation Engine.

The Log Correlation Engine server manages configuration files for Log Correlation Engine 5.x clients remotely from the command line. Tenable Security Center manages the configuration files for Tenable Log Correlation Engine 5.x clients via a graphical interface.

The default view for the Log Correlation Engine Clients page displays all of the available clients for the selected Tenable Log Correlation Engine server in the Filters section, and may be changed by updating the Log Correlation Engine Server filter. Use the other filter options, to narrow down the displayed clients for the selected server by a mix of criteria based on combinations of the displayed columns.

Current Log Correlation Engine Client versions display information in the table including their name, host address, authorization status, client type, host OS, assigned policy file, date last updated, and client version. Log Correlation Engine Client configurations can be managed from Tenable Security Center.

Tip: Configured clients prior to version 5.x appear in the list without OS and policy information. However, these clients cannot have their policy files centrally managed from Tenable Security Center.

Each client may have a name assigned to it to help easily identify the client. The currently assigned name appears in the Name column. To change the name, click on the client to edit from the list, and type the name. Client names may not contain spaces. Click the Submit button to save the change.

Log Correlation Engine Clients are initially configured to send their data to a particular Log Correlation Engine server, but must be authorized by the Log Correlation Engine sever for the server to accept the data. The client’s authorization status appears in the left-side column. If there is no icon, the client is authorized to send data to the Log Correlation Engine server. If there is a broken link icon, the client is not authorized to send data to the Log Correlation Engine server. To do this, right-click the row for the client or select the check box for the client, then click Authorize or Revoke Authorization.

Each client must have a policy assigned to it that specifies the appropriate data to send. The currently assigned policy appears in the Policy column. To change the assigned policy, select the client to edit and click the appropriate policy from the drop-down box. Search client policies by name by entering text into the Policy box. Click the Submit button to save the change. The policy updates on the client on its next connection.