icon-pdfDownload PDF lhs-panel
lhs-panel Click here to expand

Prerequisites applicable for Log360

Before starting Log360 in your environment, ensure that the following are taken care of.

Ports required for Log360

The following port has to be open in Log360 for Elasticsearch.

Port Number

Port Usage

9322 (TCP)

Communication with Elasticsearch server

Ports required for ADAudit Plus

The following ports need to be opened for event collection:

Port Number(s)

Port Usage

389

Communication with LDAP protocol

135

Communication with RPC

445,135

Communication with NetBIOS Session Service

The following ports are needed to access ADAudit Plus:

Port Number

Port Usage

8081

HTTP

8444

HTTPS

Ports required for EventLog Analyzer

EventLog Analyzer requires the below mentioned ports to be opened on the server:

Port Number(s)

Port Usage

8400 (TCP)

Web server port

513, 514 (UDP)

Syslog listener port

514 (TCP)

Syslog listener port

33335 (TCP)

PostgreSQL/MS SQL database port

Agentless log collection:

The below mentioned ports need to be opened on the server and the remote host machine for agentless log collection to be enabled.

EventLog Analyzer uses the following ports for WMI, RPC, and DCOM.

Port Number(s)

Port Usage

135, 445, 139 (TCP)

WMI, DCOM, RPC

49152-65534 (TCP)

WMI, DCOM, RPC

Agent-based Log collection:

EventLog Analyzer uses the following ports for local agent to server UDP communication.

Port Number(s)

Port Usage

5000, 5001, 5002 (UDP)

UDP ports for EventLog Analyzer local agent-server communication

EventLog Analyzer uses the following ports for remote agent to server TCP communication: 

Port Number

Port Usage

8400 (TCP)

TCP port for EventLog Analyzer remote agent-server communication

For IBM AS/400

The below mentioned ports need to be opened on the server and the remote host machine.

Port Number(s)

Port Usage

446-449, 8470-8476, 9470-9476 (TCP)

Keep the mentioned ports opened for access to IBM AS/400 machines

Ports required for M365 Manager Plus

The following ports need to be opened for event collection:

Port Number

Port Usage

80 (TCP) (HTTP)

Communication with Exchange and Microsoft Online

443 (TCP) (HTTPS)

Communication with Exchange and Microsoft Online (SSL)

The following ports are needed to access M365 Manager Plus:

Port Number

Port Usage

8365 (TCP) (HTTP)

Default product port

9365 (TCP) (HTTPS)

Default product port (SSL)

Ports required for Exchange Reporter Plus

The following ports need to be opened for the product to communicate with Exchange Servers:

Port Number

Port Usage

135 (TCP)

RPC

5985 (TCP)

Windows PowerShell Default psSession

5986 (TCP) (HTTPS)

Windows PowerShell Default psSession SSL

80 (TCP)

PowerShell

443 (TCP) (HTTPS)

PowerShell SSL

The following ports need to be opened for the product to communicate with Active Directory:

Port Number

Port Usage

389 (TCP)

LDAP

636 (TCP) (HTTPS)

LDAP SSL

3268 (TCP)

LDAP GC

3269 (TCP) (HTTPS)

LDAP GC SSL

53 (TCP)

DNS

88 (TCP)

Kerberos

139 (TCP)

NetBIOS

The following ports are needed for Exchange Reporter Plus:

Port Number

Port Usage

8181

HTTPS

3309

ERP product database

Ports required for ADManager Plus

The following ports are required for ADManager Plus:

Port Number

Port Usage

33306

Communication with database

31000

Java wrapper service

22

Secure Shell (SSH)

8080/8443

Web server

2000

Email

389/639

LDAP/LDAPS

80

Exchange server

80,443

G Suite, Microsoft365

3268

LDAP search for Global Catalog (GC)

Ports required for Cloud Security Plus

The following ports are needed to access Cloud Security Plus:

Port Number

Port Usage

8055

HTTP

8056

HTTPS

514

Default Syslog listener

25

Default mail server SMTP

33355

PostgreSQL/MS SQL database

80, 443

Clouds and their data source

9300-9400 (any one TCP port)
9200-9300 (any one HTTP port)

Elastic Search

Using Log360 with Antivirus Applications

To ensure unhindered functioning of Log360, you need to add the following files to the exception list of your Antivirus application:

Path

Need for whitelisting

Impact if not whitelisted

<ME>/elasticsearch/ES/data

Elasticsearch indexed data is stored

Reports would be affected if the data is deleted.

<ME>/elasticsearch/ES/repo

Elasticsearch index snapshot is taken at this location.

Snapshots and Elasticsearch archival feature will fail if the files at this location are deleted.

<ME>/elasticsearch/ES/archive

Elasticsearch archives are stored here.

Data will not be available if the files located here are deleted.

<Log360_Home>/bin

All binaries are included here. Some Antivirus applications might block them as false positive.

Product might not function.

<Log360_Home>/pgsql/bin

Postgres binaries are included here. Might be detected as false positive by Antivirus applications.

Product might not start.

<Log360_Home>/lib/native

All binaries are included here. Some Antivirus applications might block them as false positive.

Product might not function.

<Log360_Home>/tools

All tools binaries are included here. Some Antivirus applications might block them as false positive.

Some tools might not work if the files are removed by Antivirus applications.

 

Ports required for Log360 UEBA


Web Server Port

PORT

INBOUND

OUTBOUND

Additional Rights and Permissions

HTTP/8096 (configurable)

UEBA Server

  • UEBA Technician Machine.

 Ports Usage:

  • The ports will by default be used for communication between the admin server and browser.
  • The port can be customized by the user. The acceptable range for the value is between 1024–65535.

 

Elasticsearch

PORT

INBOUND

OUTBOUND

Additional Rights and Permissions

TCP/9230 (configurable)

UEBA Search Engine Management Node [ UEBA Node ]

  • UEBA Server

 Ports Usage:

  • The Elasticsearch server in UEBA uses this port.
  • The port can be customized by the user. The acceptable range for the value is between 9230-9290.

 

Database

PORT

Additional Rights and Permissions

TCP/33337

 Ports Usage:

  • Utilization of PostgressSQL/MSSQL database port in order to connect to the PostgreSQL database in UEBA.
  • Firewall port need not be opened since the internal port is bound to localhost.

 

Redis Cache

PORT

Additional Rights and Permissions

TCP/8179

 Ports Usage:

  • Utilization of the port in order to connect to the Redis database in UEBA.
  • The acceptable range for the value is between 8179-8189.

 

SSL Configured Server

PORT

Additional Rights and Permissions

SSL/8446

 Ports Usage:

  • Utilization of SSL to enhance the security between server and the client through HTTPS.
  • The port can be customized by the user. The acceptable range for the value is between 1024–65535.

 

ActiveMQ

PORT

Additional Rights and Permissions

TCP/61616

 Ports Usage:

  • Fetches the real time events from integrated products.
  • The acceptable range for the value is between 61616-61626.

Ports used by PAM360

The below table lists the set of all ports used by PAM360 for remote access:

Port Name

Port Number

Direction
PostgreSQL port 3456 Outbound
Web client port 8282 Inbound
SSH port 22 Outbound
Telnet port 23 Outbound
LDAP without SSL port 389 Outbound
LDAP with SSL port 636 Outbound
SMTP port 25 Outbound
MS SQL port 1433 Outbound
Oracle port 1521 Outbound
Sybase ASE port 5000 Outbound
Password Verification port 135, 139, 445 Outbound
Auto Logon Spark View Gateway port 8283 Inbound
RDP 3389 Outbound
SSH API 6622 Inbound
REST API 8282 Inbound
Private CA-OCSP Respoder Server port 8080 Inbound

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link