User guide
6
The LCE Clients written for 32-bit platforms will run on 64-bit systems as long as the 32-bit libraries are
installed. However, native 64-bit support is only available for certain platforms. See the table below for more
details.
LCE Client
Platform
Architecture
Function
LCE Client (Log
Agent)
RHEL/CentOS 5, 6
32/64-bit
Linux and Mac OS X Client:
Events sent encrypted to the LCE
Process accounting event monitoring
Directory and file tailing
File integrity and directory change monitoring
CPU, memory and disk statistics collection
Heartbeats
Windows Client:
Events sent encrypted to the LCE
Configurable Windows event log collection
Remote collection of Windows event logs via WMI
Collection of process execution through event log
Directory and file tailing
File integrity and directory change monitoring
USB insert and remove events
CD-ROM/DVD insert and remove events
CPU, memory and disk statistics collection
Heartbeats
The LCE Clients are designed to send log data
to the LCE server. Accepted log data is
normally in ASCII text format and will not
include binary files (with the exception of
process accounting data). The LCE Log
Agents will check all data before sending,
specifically omitting binary files such as .zip,
.gz, .tar, .lzh, .bz2, etc. If a binary file is
sent to the LCE, it has the potential to corrupt
the database. This filtering is automatically
performed by the LCE Client software.
Mac OS X
32/64-bit
MS Windows XP
Professional,
Server 2003
32-bit
MS Windows
Server 2008, Vista,
and Windows 7
Ultimate
32/64-bit
LCE WMI
Monitor
RHEL/CentOS 5, 6
32/64-bit
Retrieves Windows Event Logs (e.g., System, Application,
Security, All, etc.) from one or more Windows hosts using
the Windows Management Instrumentation (WMI) protocol.
Tenable
NetFlow Monitor
RHEL/CentOS 5, 6
32/64-bit
Receives NetFlow messages for logging to the LCE.
Messages can be sent from multiple NetFlow sources to a
single TNS_Netflow client. The client supports NetFlow
versions 5 and 9.
FreeBSD 7, 8
32-bit