This document lists the prerequisites that have to be met to run the Log360 Cloud agent.
The Log360 Cloud Agent requires the following ports to communicate with the cloud application server and to listen to the syslogs.
| Port Numbers | Ports Usage | Description |
|---|---|---|
| 443 (TCP) | Communication with cloud server | This is the default port used by the Log360 Cloud agent to communicate with the cloud application server. |
| 513, 514 (UDP) | Syslog listener port | These are the default Syslog listener ports for UDP. Ensure that the devices are configured to send Syslogs to any one of these ports. |
| 514 (TCP) | Syslog listener port | This is the default Syslog listener port for TCP. Ensure that devices are configured to send Syslogs to this port. |
Log360 Cloud Agent and devices in your network use the following ports for WMI, RPC, SMB, LDAP and DCOM services.
| Port Numbers | Ports Usage | Description |
|---|---|---|
| 135, 445, 139 (TCP) | WMI, DCOM, RPC | These are the traffic ports for the Log360 Cloud agent. The same ports will be used as incoming traffic ports in the devices and must be opened. Windows services DCOM, WMI, and RPC use these ports, while Log360 Cloud agent uses these services to collect logs from Windows machines in default mode (Event Log mode). |
| 49152-65534 (TCP) | WMI, DCOM, RPC | These are the incoming traffic ports in the Log360 Cloud agent. The same ports will be used as outgoing traffic ports in the devices and must be opened. DCOM uses callback mechanism on random ports between 49152-65534 for Windows Server 2008 and 1024-65534 for previous versions. |
| 389 | LDAP | This port is used for domain discovery, it allows application to query directory services, such as Active Directory, to discover information about domains. |
| 139, 445, 135 1024-65535 |
SMB RPC |
These ports are used for workgroup discovery, SMB & RPC services are used to discover other computers in the workgroup. |
| 139 135, 137, 138 |
SMB RPC |
These ports are for event source discovery. SMB and RPC is used for interacting with remote machines and identifying event log sources. |
Log360 Cloud Agent is manually installed on Windows devices, following permissions needs to be enabled for agent installation.
| Action | Permissions | |
|---|---|---|
| Windows Agent Installation | User Permissions |
|
| Windows Agent Management | User Permissions |
|
Following permissions are needed for log collection using Log360 Coud.
| Action | Permissions | |
|---|---|---|
| WMI Log Collection | User Groups |
|
| User Permissions |
|
|
| Syslog Collection | Environmental variables | The "Syslog listener port" mentioned in "Ports Requirements" should be allowed in firewall. |
| Auto Log Forwarding | User Rights | Service restart rights for 'rsyslog' or 'syslog' service. |
| User Permissions | Enable "rw" permission to files (/etc/ rsyslog.conf or /etc/syslog.conf) | |
| Action | Permissions | |
|---|---|---|
| Event Source Discovery | User Permissions |
|
| Environmental Variables |
|
|
| Windows Domain Discovery | User Permissions |
|
| Windows Workgroup Discovery | User Permissions |
|
This section gives you information about the hardware requirements for the Log360 Cloud agent.
The Log360 Cloud agent can be installed and run on the following operating systems (both 32 Bit and 64 Bit architecture) and versions:
Log360 Cloud can collect, index, analyze, search, and report on logs from various devices, platforms and services. To know the latest supported logs and data sources, click here.
Note:
The recommended RAM size of the machine in which the Log360 Cloud agent has been installed is 1 GB.
The following URLs have to be whitelisted in all the devices that have the Log360 Cloud agents for the agents to function effectively:
For the US region:
For the EU region:
For the AU region:
For the IN region:
For the JP region:
Log360 Cloud requires a minimum browser resolution of 1280x720 to avoid UI distortion.