|
|
Before starting Log360 in your environment, ensure that the following are taken care of.
The following port has to be open in Log360 for Elasticsearch.
|
Port Number |
Port Usage |
|
9322 (TCP) |
Communication with Elasticsearch server |
The following ports need to be opened for event collection:
|
Port Number(s) |
Port Usage |
|
389 |
Communication with LDAP protocol |
|
135
|
Communication with RPC |
|
445,135 |
Communication with NetBIOS Session Service |
The following ports are needed to access ADAudit Plus:
|
Port Number |
Port Usage |
|
8081 |
HTTP |
|
8444 |
HTTPS |
EventLog Analyzer requires the below mentioned ports to be opened on the server:
|
Port Number(s) |
Port Usage |
|
8400 (TCP) |
Web server port |
|
513, 514 (UDP)
|
Syslog listener port |
|
514 (TCP) |
Syslog listener port |
|
33335 (TCP) |
PostgreSQL/MS SQL database port |
Agentless log collection:
The below mentioned ports need to be opened on the server and the remote host machine for agentless log collection to be enabled.
EventLog Analyzer uses the following ports for WMI, RPC, and DCOM.
|
Port Number(s) |
Port Usage |
|
135, 445, 139 (TCP) |
WMI, DCOM, RPC |
|
49152-65534 (TCP) |
WMI, DCOM, RPC |
Agent-based Log collection:
EventLog Analyzer uses the following ports for local agent to server UDP communication.
|
Port Number(s) |
Port Usage |
|
5000, 5001, 5002 (UDP)
|
UDP ports for EventLog Analyzer local agent-server communication |
EventLog Analyzer uses the following ports for remote agent to server TCP communication:
|
Port Number |
Port Usage |
|
8400 (TCP) |
TCP port for EventLog Analyzer remote agent-server communication |
For IBM AS/400
The below mentioned ports need to be opened on the server and the remote host machine.
|
Port Number(s) |
Port Usage |
|
446-449, 8470-8476, 9470-9476 (TCP) |
Keep the mentioned ports opened for access to IBM AS/400 machines |
The following ports need to be opened for event collection:
|
Port Number |
Port Usage |
|
80 (TCP) (HTTP) |
Communication with Exchange and Microsoft Online |
|
443 (TCP) (HTTPS) |
Communication with Exchange and Microsoft Online (SSL) |
The following ports are needed to access M365 Manager Plus:
|
Port Number |
Port Usage |
|
8365 (TCP) (HTTP) |
Default product port |
|
9365 (TCP) (HTTPS) |
Default product port (SSL) |
The following ports need to be opened for the product to communicate with Exchange Servers:
|
Port Number |
Port Usage |
|
135 (TCP) |
RPC |
|
5985 (TCP) |
Windows PowerShell Default psSession |
|
5986 (TCP) (HTTPS) |
Windows PowerShell Default psSession SSL |
|
80 (TCP) |
PowerShell |
|
443 (TCP) (HTTPS) |
PowerShell SSL |
The following ports need to be opened for the product to communicate with Active Directory:
|
Port Number |
Port Usage |
|
389 (TCP) |
LDAP |
|
636 (TCP) (HTTPS)
|
LDAP SSL |
|
3268 (TCP) |
LDAP GC |
|
3269 (TCP) (HTTPS) |
LDAP GC SSL |
|
53 (TCP) |
DNS |
|
88 (TCP) |
Kerberos |
|
139 (TCP) |
NetBIOS |
The following ports are needed for Exchange Reporter Plus:
|
Port Number |
Port Usage |
|
8181 |
HTTPS |
|
3309 |
ERP product database |
The following ports are required for ADManager Plus:
|
Port Number |
Port Usage |
|
33306 |
Communication with database |
|
31000 |
Java wrapper service |
|
22 |
Secure Shell (SSH) |
|
8080/8443 |
Web server |
|
2000 |
|
|
389/639 |
LDAP/LDAPS |
|
80 |
Exchange server |
|
80,443 |
G Suite, Microsoft365 |
|
3268 |
LDAP search for Global Catalog (GC) |
The following ports are needed to access Cloud Security Plus:
|
Port Number |
Port Usage |
|
8055 |
HTTP |
|
8056 |
HTTPS |
|
514 |
Default Syslog listener |
|
25 |
Default mail server SMTP |
|
33355 |
PostgreSQL/MS SQL database |
|
80, 443 |
Clouds and their data source |
|
9300-9400 (any one TCP port) |
Elastic Search |
To ensure unhindered functioning of Log360, you need to add the following files to the exception list of your Antivirus application:
|
Path |
Need for whitelisting |
Impact if not whitelisted |
|
<ME>/elasticsearch/ES/data |
Elasticsearch indexed data is stored |
Reports would be affected if the data is deleted. |
|
<ME>/elasticsearch/ES/repo |
Elasticsearch index snapshot is taken at this location. |
Snapshots and Elasticsearch archival feature will fail if the files at this location are deleted. |
|
<ME>/elasticsearch/ES/archive |
Elasticsearch archives are stored here. |
Data will not be available if the files located here are deleted. |
|
<Log360_Home>/bin |
All binaries are included here. Some Antivirus applications might block them as false positive. |
Product might not function. |
|
<Log360_Home>/pgsql/bin |
Postgres binaries are included here. Might be detected as false positive by Antivirus applications. |
Product might not start. |
|
<Log360_Home>/lib/native |
All binaries are included here. Some Antivirus applications might block them as false positive. |
Product might not function. |
|
<Log360_Home>/tools |
All tools binaries are included here. Some Antivirus applications might block them as false positive. |
Some tools might not work if the files are removed by Antivirus applications. |
|
Web Server Port |
|||
|
PORT |
INBOUND |
OUTBOUND |
Additional Rights and Permissions |
|
HTTP/8096 (configurable) |
UEBA Server |
|
Ports Usage:
|
|
Elasticsearch |
|||
|
PORT |
INBOUND |
OUTBOUND |
Additional Rights and Permissions |
|
TCP/9230 (configurable) |
UEBA Search Engine Management Node [ UEBA Node ] |
|
Ports Usage:
|
|
Database |
|
|
PORT |
Additional Rights and Permissions |
|
TCP/33337 |
Ports Usage:
|
|
Redis Cache |
|
|
PORT |
Additional Rights and Permissions |
|
TCP/8179 |
Ports Usage:
|
|
SSL Configured Server |
|
|
PORT |
Additional Rights and Permissions |
|
SSL/8446 |
Ports Usage:
|
|
ActiveMQ |
|
|
PORT |
Additional Rights and Permissions |
|
TCP/61616 |
Ports Usage:
|
|
|
| Copyright © 2023, ZOHO Corp. All Rights Reserved. |