Overview
Setting up
- Account setup
- Starting Log360 Cloud
- Supported log sources
- Adding Syslog devices
- Subscription
- Prerequisites
- Service Level Agreement (SLA)
- Amazon Web Services (AWS)
- Microsoft 365 Auto Configuration
- Microsoft 365 Manual Configuration
Dashboard
Reports
- Available Reports
- Manage Predefined Reports
- Manage Report Views
- Custom Reports
- Types of Report Views
- Report Exporting
- Schedule exports
- Advanced Active Directory reports
  - User Work Hours
  - Account lockout analyzer
Compliance Reports
Search
- Search
- Search tool
- Save searches
- Share searches
- Export searches
- Add or remove fields from the search results
- Tagging tool
Cloud correlation
- Understanding correlation
- Generating correlation reports
- Managing correlation rules
Alerts
- Creating alert profiles
- View log alerts
- Ticketing tool integration
- Manage profiles
Incident Workbench
- Overview
- Access
- User analytics
- Process Analytics
- Advanced Threat Analytics
- Incident building
- Device summary
Incident management
- Incident management
Configuration settings
- Devices
- Applications
- Manage Cloud Sources
- Vulnerability data
- vCenter
- Threat management solutions
  - Threat Source
- File Monitoring
- Import log data
Admin settings
- Manage Agents
- Agent Settings
- Log Source Groups
- User management
- Accounts Management
- Configuring object level auditing
- Configuring audit policies
- Configuring Windows member server audit policies
- Technician audit
- Advanced Threat Analytics
- Bulk actions for Agents
- Privacy settings
- Notification settings
- Notification Templates
- Working Hour Settings
- Reload Historical Logs
- My account settings
- Product settings
- Log Collection Filter
- Custom log parsing
- License
- Cloud Storage Estimator
- Listener ports
- Log forwarding
Developer space
- Custom Widgets
- Extension Profile Generation
- Extension Builder
Marketplace
- Installing Extensions
- Compliance Extensions
- Nginx
- Veeam
Cloud protection
- Cloud Protection in Log360 Cloud
- Gateway Cluster
- Gateway Server
- Prerequisites for Gateway Server configuration
- Installing Gateway Server
- Endpoint Configuration
- Certificate Authority Configuration
- Manage Certificate Trust Store
- Two-way SSL Support
- Manage Banned Applications
- Manage Sanctioned Applications
- Gateway Server Failover
- Application Insight
- User Access Insight
- Cloud Access Reports
- CASB application reports
- Shadow Cloud Application Reports
- Reports on Banned Cloud Applications
- File Upload Reports
- Threat Analytics in Cloud Protection
- Regenerate Access Key
- Troubleshooting gateway server errors
API Support
Teams
- Overview
- Managing Teams
MSSP Edition
- Introduction
- MSSP Account Setup
- Dashboard
- Manage Clients
- Evaluation Clients
- My Account Settings
- Technician Management
- License
Troubleshooting
- Overview
- WMI-based errors
Encryption at Rest (EAR)
Contact us

Related Products
Log360

Comprehensive SIEM and UEBA
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo

Log360 Cloud
Setting up
Prerequisites

Prerequisites for Log360 Cloud Agent

This document lists the prerequisites that have to be met to run the Log360 Cloud agent.

Required ports
Required permissions
Hardware Requirements
Operating System Requirements
Supported log and data sources
RAM Requirement Approximation
URL whitelisting
Resolution requirement

Required ports

The Log360 Cloud Agent requires the following ports to communicate with the cloud application server and to listen to the syslogs.

Port Numbers	Ports Usage	Description
443 (TCP)	Communication with cloud server	This is the default port used by the Log360 Cloud agent to communicate with the cloud application server.
513, 514 (UDP)	Syslog listener port	These are the default Syslog listener ports for UDP. Ensure that the devices are configured to send Syslogs to any one of these ports.
514 (TCP)	Syslog listener port	This is the default Syslog listener port for TCP. Ensure that devices are configured to send Syslogs to this port.

Log360 Cloud Agent and devices in your network use the following ports for WMI, RPC, SMB, LDAP and DCOM services.

Port Numbers	Ports Usage	Description
135, 445, 139 (TCP)	WMI, DCOM, RPC	These are the traffic ports for the Log360 Cloud agent. The same ports will be used as incoming traffic ports in the devices and must be opened. Windows services DCOM, WMI, and RPC use these ports, while Log360 Cloud agent uses these services to collect logs from Windows machines in default mode (Event Log mode).
49152-65534 (TCP)	WMI, DCOM, RPC	These are the incoming traffic ports in the Log360 Cloud agent. The same ports will be used as outgoing traffic ports in the devices and must be opened. DCOM uses callback mechanism on random ports between 49152-65534 for Windows Server 2008 and 1024-65534 for previous versions.
389	LDAP	This port is used for domain discovery, it allows application to query directory services, such as Active Directory, to discover information about domains.
139, 445, 135 1024-65535	SMB RPC	These ports are used for workgroup discovery, SMB & RPC services are used to discover other computers in the workgroup.
139 135, 137, 138	SMB RPC	These ports are for event source discovery. SMB and RPC is used for interacting with remote machines and identifying event log sources.

Required permissions

Agent orchestration

Log360 Cloud Agent is manually installed on Windows devices, following permissions needs to be enabled for agent installation.

Action	Permissions
Windows Agent Installation	User Permissions	Agent Installation:Enable read,write and modify files in "C:/Program Files (x86)" for 64-bit Windows systems and "C:\Program Files" for 32-bit Windows systems. Agent Upgrade: Enable read, write and modify permission to files in "C:\ProgramData"
Windows Agent Management	User Permissions	Access/Read/Write registry keys - SOFTWARE\Wow6432Node\ZOHO Corp\Log360Cloud\(or) SOFTWARE\ZOHO Corp\Log360Cloud\

Log collection

Following permissions are needed for log collection using Log360 Coud.

Action	Permissions
WMI Log Collection	User Groups	Event Log Readers Distributed COM Users
WMI Log Collection	User Permissions	Enable Account Remote Enable Read Security Execute Methods
Syslog Collection	Environmental variables	The "Syslog listener port" mentioned in "Ports Requirements" should be allowed in firewall.
Auto Log Forwarding	User Rights	Service restart rights for 'rsyslog' or 'syslog' service.
Auto Log Forwarding	User Permissions	Enable "rw" permission to files (/etc/ rsyslog.conf or /etc/syslog.conf)

Discovery

Action	Permissions
Event Source Discovery	User Permissions	At least read control should be granted for winreg registry key. (Computer\HKEY_LOCAL _MACHINE\SYSTEM\CurrentControl Set\Control\SecurePipe Servers\winreg) Full control permission should be granted for credentials in the EventLog registry key. (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog).
Event Source Discovery	Environmental Variables	Remote registry service should be running. Should have files in event file location. (C:\Windows\System32\winevt\Logs). "C$" should be enabled in remote device in order to configure event source files.
Windows Domain Discovery	User Permissions	User should have read permission to Active Directory Domain Objects. Permission to run LDAP query in ADS_SECURE_AUTHENTICATION mode should be present.
Windows Workgroup Discovery	User Permissions	Permission to run WinNT query in ADS_SECUREAUTHENTICATION mode.

Hardware Requirements

This section gives you information about the hardware requirements for the Log360 Cloud agent.

For 32 bit machines

1 GHz, 32-bit (x86) Pentium Dual Core processor or equivalent
2 GB RAM

For 64 bit machines

2.80 GHz, 64-bit (x64) Xeon® LV processor or equivalent
2 GB RAM

Operating System Requirements

The Log360 Cloud agent can be installed and run on the following operating systems (both 32 Bit and 64 Bit architecture) and versions:

Windows®

Windows 7 & above
Windows Server 2008 & above

Supported Logs and Data Sources

Log360 Cloud can collect, index, analyze, search, and report on logs from various devices, platforms and services. To know the latest supported logs and data sources, click here.

Note:

For analyzing logs from Windows NT machine, WMI core should be installed on the Windows NT machine.
Syslogs received from SNARE agents for Windows will be displayed as Windows devices.

RAM Requirement Approximation

The recommended RAM size of the machine in which the Log360 Cloud agent has been installed is 1 GB.

URL whitelisting

The following URLs have to be whitelisted in all the devices that have the Log360 Cloud agents for the agents to function effectively:

For the US region:

log360cloud.manageengine.com
upload.zoho.com
*dms.zoho.com
staticdownloads-log360cloud.zohodl.com

For the EU region:

log360cloud.manageengine.eu
upload.zoho.eu
*dms.zoho.eu
staticdownloads-log360cloud.zohodl.com

For the AU region:

log360cloud.manageengine.com.au
upload.zoho.com.au
*dms.zoho.com.au
staticdownloads-log360cloud.zohodl.com

For the IN region:

log360cloud.manageengine.in
upload.zoho.in
*dms.zoho.in
staticdownloads-log360cloud.zohodl.com

For the JP region:

log360cloud.manageengine.jp
upload.zoho.jp
*dms.zoho.jp
staticdownloads-log360cloud.zohodl.com

For the CA region:

log360cloud.manageengine.ca
upload.zohocloud.ca
*dms.zohocloud.ca
staticdownloads-log360cloud.zohodl.com

Resolution requirement

Log360 Cloud requires a minimum browser resolution of 1280x720 to avoid UI distortion.