Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Any Log From Any Event

Tenable Log Correlation Engine® collects and aggregates data from firewalls, intrusion detection and prevention systems, and data loss prevention solutions, as well as raw network traffic, application logs and user activity.

Centralized Log Management

Significantly reduce deployment and administration time with centralized Log Correlation Engine client administration and management functions, for efficient deployment and real-time configuration modifications.

Flexible, Scalable Deployment

The Log Correlation Engine's scalable architecture supports up to enterprise-wide deployments with high availability requirements.

Analytics & Reporting

Rapid query performance and powerful, customizable analytics give network, security and compliance teams near-instant visibility - pinpointing threats, misconfigurations, audit violations and never-before-seen activity.

Broad Device Type Support

Tenable Log Correlation Engine stores, compresses and analyzes any type of ASCII log generated by thousands of network devices and applications. The table below includes supported platforms, and new devices are continuously added for broad network coverage.

Anomaly Detection

  • Arbor
  • Tenable Log Correlation Engine anomalies
  • Stealthwatch


  • Asterisk
  • Arpwatch
  • Citrix
  • CounterTack Sentinel
  • Dovecot
  • Exim
  • IMAP
  • IRCd
  • Microsoft Exchange
  • ncFTP
  • Nessus
  • OpenSSH
  • Pointsec
  • POP
  • Postfix
  • proFTP
  • Pure FTP
  • Qpopper
  • Sendmail
  • all Tenable Products
  • UPS
  • wu-FTP
  • wu-IMAP
  • Xpient credit card transaction processing

Audit Trails

  • Support for auditing of all system and user commands for Windows
  • Linux, FreeBSD, macOS and Solaris is supported by all Tenable Log Correlation Engine clients
  • Oracle Audit Trails

Authentication and Network Access

  • BlueSocket
  • Cisco ACS
  • Cisco ISE
  • Cisco NAC
  • Entrust IdentityGuard
  • ForeScout CounterACT
  • Microsoft ISA
  • RSA SecurID
  • Steel Belted Radius
  • Thycotic Secret Server


  • Microsoft SQL Database and Audit Logs
  • MySQL
  • Oracle Database and Audit Logs
  • Postgres
  • sniffed SQL transactions observed by the Tenable Nessus Network Monitor


  • Bind
  • all supported web proxies
  • sniffed DNS lookups observed by the Tenable Nessus Network Monitor

File Integrity

  • Honeycomb Technologies
  • Tenable Log Correlation Engine Agents for Windows and Unix
  • Tripwire

Firewalls & IPS

  • Adtran
  • Arkoon
  • Astaro
  • Checkpoint
  • Cisco ASA
  • Cisco PIX
  • CyberGuard
  • D-Link
  • FireEye
  • Fortigate
  • Fortinet
  • F5 Big IP Application Firewall
  • Gauntlet
  • GNATBox
  • Ipchains
  • Ipfilter
  • Iptables
  • Juniper
  • vShieldEdge
  • Microsoft ISA
  • Kerio
  • NetGear
  • OpenBSD's pf
  • Palo Alto
  • PortSentry
  • SecureSphere Database Firewall
  • SideWinder
  • SonicWall
  • Stonegate
  • Sygate
  • Symantec
  • WebSense
  • Windows XP, Vista, etc.
  • ZoneAlarm

Honey Pots

  • ForeScout
  • Honeyd
  • La Brea
  • Multipot
  • Nepenthes
  • Symantec Decoy Server
  • WebLabyrinth

Intrusion Detection/Prevention

  • AirMagnet
  • Bro
  • Cisco IDS/IPS
  • Dragon
  • IntruSheild
  • Juniper
  • Checkpoint
  • Portaledge
  • Proventia
  • Snort
  • Sourcefire
  • Suricata
  • TippingPoint
  • Toplayer IPS


  • Bit9
  • ClamAV
  • eTrust
  • FireEye
  • McAfee
  • Microsoft ForeFront
  • Sophos
  • Symantec
  • Trend Micro
  • Windows Defender

Network Devices

  • 3Com
  • Apple Airport
  • Buffalo
  • Cisco 3000 VPN Concentrator
  • Cisco ACE
  • Cisco Aironet
  • Cisco IOS
  • Citrix Access Gateway
  • DHCP leases
  • D-Link
  • Enterasys
  • Extreme
  • Foundry
  • Juniper

Network Monitors

  • McAfee DLP
  • RNA
  • Tenable NetFlow Monitor (v5 and v9)
  • Tenable Network Monitor
  • forensic logging from the Tenable Nessus Network Monitor

Operating Systems

  • AIX
  • AS400 (via PowerTech)
  • FreeBSD
  • IBM z/OS (via Type80 SMA_RT syslogs)
  • Linux (Red Hat, Fedora, CentOS, SUSE)
  • macOS
  • Solaris
  • Windows (NT, 2000, XP, 2003, Vista, 2008, 7, 2012)

Patch Management Systems

  • Microsoft Windows Update Service (WSUS)


  • Amavis
  • Barracuda
  • MailScanner

Web Servers

  • Apache 1.x/2.x
  • Microsoft IIS
  • Oracle HTTP Server
  • PHP Suhosin extensions
  • WC3/NCSA compatible log formats

Web Proxies

  • BlueCoat
  • Internet Content Adaptation Protocol (ICAP)
  • McAfee Web Gateway
  • Squid
  • Sniffed web browsing sessions observed by the Tenable Nessus Network Monitor

Centralized Management

  • Log Correlation Engine client administration and management allow for efficient deployments and real-time configuration modifications.
  • Integrate the Log Correlation Engine with SecurityCenter®, Nessus® and Nessus Network Monitor to implement a continuous security and compliance monitoring architecture for real-time analytics and reporting.
  • Store, compress and search logs from thousands of network devices and applications, and save specific searches as tamper-proof forensic evidence.

Flexible, Scalable Deployment

  • Intelligent load balancing and redundancy mechanism enable "log mirroring" and high availability deployments.
  • Logs can be stored locally in 1TB, 5TB and 10TB data stores, on a dedicated syslog server, or a SAN/NAS for unlimited data retention.
  • Server-client architecture allows thousands of Log Correlation Engine clients to operate from a single Log Correlation Engine server.
  • Data may be rotated and archived or saved in a compressed format, which may be searched from a Log Correlation Engine interface or SecurityCenter.

Powerful Analytics & Reporting

  • IDS Correlation notifies users if vulnerabilities are actively being attacked, which greatly improves situational awareness.
  • Customizable detection provides the ability to write your own parsers for events.


SecurityCenter CV

True Continuous Monitoring

Learn More

Nessus Network Monitor

Passively analyzes network traffic

Learn More


Request more information

Live Chat
Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets