Listener ports overview

Overview

The Listener Port console provides an interface for configuring and managing ports used to receive incoming logs and messages. Log360 supports both Syslog listener ports (UDP/TCP/TLS) and SNMP Traps listener ports (UDP) for receiving logs. With these ports, external devices and applications send logs and traps to the collector/agent.

Prerequisites

• Port availability: Ensure that the configured ports are not used by any other applications or services on the Log360 server.
• Firewall and antivirus rules:
• Allow all incoming traffic on the specified ports on the agent/machine running the Log360 server's firewall.
• Some antivirus software may block unknown or custom ports by default. Ensure that your antivirus tool is also configured to permit traffic on the configured listener ports.
• Network devices configuration: Configure the external devices to send Syslog messages/SNMP Traps to the server's IP address and the designated port.

Need for listener port configuration

Without properly configured listener ports, the server cannot receive, process, or analyze the incoming log data.

Key functionalities

• Seamless log collection: Logs from the network devices can be received only when the appropriate ports are open and listening.
• Protocol flexibility: You can configure multiple ports for different protocols (UDP, TCP, TLS) based on your network's security and reliability requirements.
• Security and access control: By selectively enabling or disabling ports per collector/agent, you can restrict log intake to trusted sources and minimize your attack surface.

Configuring Syslog listener ports

The Listener Ports module lets you manage the ports used to receive incoming logs from external devices. You can assign protocols (UDP, TCP, TLS), configure default Syslog ports, and control which collectors or agents listen on specific ports. This section explains how to access the configuration interface for the Syslog listener ports and perform actions like adding new Syslog listener ports, editing existing ones, and managing port-to-collector/agent mappings to streamline log intake.

Accessing Syslog listener ports settings

1. In the product console, navigate to the Settings tab and click on Listener ports listed under System Settings as shown in the below image.

   

2. The Listener Ports module for Syslog ports configuration provides you with:
   • Port: Displays the port number
   • Action: Option to enable/disable, edit, delete or make default the listener port(s).
   • Protocol: Displays the operating protocol for that particular port.
   • Associated Collectors/Agents: Displays all the collectors/agents associated with the corresponding port number.

   

Manage Syslog listener ports

The following are the available actions for the syslog ports under listener port configuration:

• Add a Syslog port
• Manage default Syslog port
• Delete a Syslog port
• Enable/disable a Syslog port
• Enable/disable a Syslog port for selective collectors/agents
• Edit an existing Syslog port

Adding a Syslog port

1. Navigate to the Listener Ports module in the product console and click on the +Listener Port button as highlighted below.

   

2. The Add Listener Port pop-up slides in.

   

3. Fill in the required fields:
   • Protocol: Select the protocol from the drop-down.

     

   • Port: Specify the port number for log collection.
     • Fill in the check-box provided if you wish to make that specific port the default port number that will be automatically associated to newly added collector/agents in future configurations. Ensure the pre-requisites are met before filling in the port number.
   • Add Collector/Agent: Select the Collector/Agent(s) on which this port can be enabled.
NOTE
• The Select Collector/Agent option will be visible only if a remote collector/agent has been added in the server.
• For each protocol, you can add only 6 ports.
4. Click on Add.
5. Upon successful completion of the action, the below pop-up appears.

   

Manage default Syslog listener port

1. To make a port as a default port for syslog collection, click the icon under the Actions tab.
2. Upon successful completion of the action, the below pop-up appears.

   

3. Similarly, to remove a port from being default, click on the remove as default port icon .
4. Upon successful completion of the action, the below pop-up appears.

   

Once you make the port default, all collector/agent(s) will listen through that specific port.

Deleting a Syslog port

1. Click on the Delete icon under the Actions column to delete a listener port.
2. A Confirm Action pop-up appears. Click on Yes.

   

3. Upon successful completion of the action, the below pop-up appears.

   

Enable/disable a Syslog listener port

Enabling a Syslog listener port

1. Click on the currently disabled icon under the Actions column to enable the port.
2. As soon as you perform this action, the icon indicates that the port is now enabled and the below pop-up message appears briefly.

   

Disabling a Syslog listener port

1. Click on the currently enabled icon under the Actions column to disable the port.
2. As soon as you perform this action, the icon indicates that the port is now disabled and the below pop-up message appears briefly.

   

Enable/disable a Syslog listener port for selective collectors/agents

1. Click on the corresponding number in the Associated Collectors/Agents column for the port you wish to view the associated collectors/agents for.

   

2. This will open the list of Collectors/Agents and their status along with a troubleshooting link , in the case of an error.

   

To enable:

1. Click on the currently disabled icon under the Actions column to enable the port for that specific collector/agent.
2. As soon as you perform this action, the icon indicates that the port is now enabled for that particular collector/agent, and the below pop-up message appears briefly.

To disable:

1. Click on the currently enabled icon under the Actions column to disable the port for that specific collector/agent.
2. As soon as you perform this action, the icon indicates that the port is now disabled for that particular collector/agent, and the below pop-up message appears briefly.

To enable/disable a port for multiple collectors at once:

1. Select the desired collectors by clicking on the checkboxes provided and click on the enable/disable icon at the top.
2. Upon successfully enabling, the below pop-up appears.

   

3. Upon successfully disabling, the below pop-up appears.

   

Edit a Syslog listener port

1. Click on the Edit icon under the Actions column to edit the respective port.
2. The Edit Listener Port box will be displayed. Make the necessary edits and click on Save.

   

3. The changes are updated instantly. Upon successful completion of the action, the below pop-up appears.

   

Associating a collector/agent for a device

Use this interface to select a collector or agent while configuring the device/application or the listener port(s).

1. In the product console, navigate to the Settings tab and click on Devices.

   

2. Click on the +Add Device(s) button as highlighted below.

   

3. The Add device pop-up box appears. In the Collector/Agent field as highlighted below, click the plus + icon to display the list of available collectors/agents.

   

4. Select the appropriate collector/agent from the list that appears on the screen.

   

5. Click on Add to confirm your choice and proceed.

Read also

This document explained how to configure and manage listener ports (Syslog listener ports) in the product console, covering prerequisites, key features, and selective control options. For more on enhancing log collection and device integration, refer to the related pages below:

• SNMP Traps port management