Prerequisites


Prerequisites applicable for EventLog Analyzer version 8.0 (Build 8010) onwards

Before starting EventLog Analyzer in your environment, ensure that the following are taken care of.

What are the ports required for EventLog Analyzer?

EventLog Analyzer requires the following ports to be free for web server, syslog, and PostgreSQL/MySQL:

Port Numbers

Ports Usage

Description

8400 (TCP)

Web server port

This is the default web server port used by EventLog Analyzer. This port is used for connecting to EventLog Analyzer using a web browser.

513, 514 (UDP)

Syslog listener port

These are the default Syslog listener ports for UDP. Ensure that devices are configured to send Syslogs to any one of these ports.

514 (TCP)

Syslog listener port

This is the default Syslog listener port for TCP. Ensure that devices are configured to send Syslogs to this port.

33335 (TCP)

PostgreSQL/MySQL database port

This is the port used for connecting to the PostgreSQL/MySQL database in EventLog Analyzer.

 

EventLog Analyzer uses the following ports for WMI, RPC, and DCOM: 

Port Numbers

Ports Usage

Description

135, 445, 139

(TCP)

WMI, DCOM, RPC

Outgoing traffic ports in EventLog Analyzer server. The same ports will be used as incoming traffic ports in the devices and must be opened. Windows services DCOM, WMI, RPC uses these ports and EventLog Analyzer in turn uses these services to collect logs from Windows machines in default mode (Event Log mode).

49152-65534

(TCP)

WMI, DCOM, RPC

Incoming traffic ports in EventLog Analyzer server. The same ports will be used as outgoing traffic ports in the devices and must be opened. DCOM uses callback mechanism on random ports between 49152-65534 for Windows Server 2008 and 1024-65534 for previous versions.

 

EventLog Analyzer uses the following ports for local agent to server UDP communication: 

Port Numbers

Ports Usage

Description

5000, 5001, 5002 (UDP)

UDP ports for EventLog Analyzer local agent-server communication

EventLog Analyzer uses these UDP ports internally for agent to server communication. Ensure that the ports are free and not occupied by other local applications running in the machine. Some additional higher range ports (1024-65534) will be opened to connect with these ports for internal communication.

EventLog Analyzer uses the following ports for remote agent to server TCP communication: 

Port Numbers

Ports Usage

Description

8400 (TCP)

TCP port for EventLog Analyzer remote agent-server communication

EventLog Analyzer uses this TCP port for remote agent to server communication. Ensure that the port is free and not occupied by other local applications running in the machine. This port should be opened in the firewall.

Note: During automatic agent installation, the WMI, RPC, and DCOM ports are used once.

 

For IBM AS/400

Port Numbers

Ports Usage

446-449, 8470-8476, 9470-9476 (TCP)

Keep the mentioned ports opened for access to IBM AS/400 machines.

 

For IIS website autodiscovery

Port Numbers

Ports Usage

445 (TCP)

The Server Message Block (SMB) protocol uses this port to read the log files.

 

Procedure to change the default PostgreSQL port:

Permission to access PostgreSQL to troubleshoot

device all all <IP address of the remote machine to be used to troubleshoot>/32 trust

after the line

device all all 127.0.0.1/32 trust

and save the file. The edited part of the file looks like this:

# TYPE DATABASE USER ADDRESS METHOD

# IPv4 local connections:

device all all 127.0.0.1/32 trust

# IPv6 local connections:

device all all ::1/128 trust

to

# TYPE DATABASE USER ADDRESS METHOD

# IPv4 local connections:

device all all 127.0.0.1/32 trust

device all all <IP address of the remote machine to be used to troubleshoot>/32 trust

# IPv6 local connections:

device all all ::1/128 trust

 

 

Prerequisites applicable for EventLog Analyzer version 8.0 (Build 8000) or earlier

 

How to change the default ports used by EventLog Analyzer

Changing the default MySQL port:

  1. Edit the mysql-ds.xml file present in the <EventLog Analyzer Home>\server\default\deploy folder.

  2. Change the port number in the following line to the desired port number:
    <connection-url>jdbc:mysql://localdevice:33336/eventlog</connection-url>

  3. Save the file and restart the server.

Changing the default web server port:

  1. Edit the sample-bindings.xml file present in the <EventLog Analyzer Home>\server\default\conf folder.

  2. Change the port number in the following line to the desired port number:
    <binding port="8400"/>

  3. Save the file and restart the server.

 

Get download link