Prerequisites applicable for Log360
Before starting Log360 in your environment, ensure that the following are taken care of.
Ports required for Log360
The following port has to be open in Log360 for Elasticsearch.
Port Number
|
Port Usage
|
9322 (TCP)
|
Communication with Elasticsearch server
|
Ports required for ADAudit Plus
The following ports need to be opened for event collection:
Port Number(s)
|
Port Usage
|
389
|
Communication with LDAP protocol
|
135
|
Communication with RPC
|
445,135
|
Communication with NetBIOS Session Service
|
The following ports are needed to access ADAudit Plus:
Port Number
|
Port Usage
|
8081
|
HTTP
|
8444
|
HTTPS
|
Ports required for EventLog Analyzer
EventLog Analyzer requires the below mentioned ports to be opened on the server:
Port Number(s)
|
Port Usage
|
8400 (TCP)
|
Web server port
|
513, 514 (UDP)
|
Syslog listener port
|
514 (TCP)
|
Syslog listener port
|
33335 (TCP)
|
PostgreSQL/MS SQL database port
|
Agentless log collection:
The below mentioned ports need to be opened on the server and the remote host machine for agentless log collection to be enabled.
EventLog Analyzer uses the following ports for WMI, RPC, and DCOM.
Port Number(s)
|
Port Usage
|
135, 445, 139 (TCP)
|
WMI, DCOM, RPC
|
49152-65534 (TCP)
|
WMI, DCOM, RPC
|
Agent-based Log collection:
EventLog Analyzer uses the following ports for local agent to server UDP communication.
Port Number(s)
|
Port Usage
|
5000, 5001, 5002 (UDP)
|
UDP ports for EventLog Analyzer local agent-server communication
|
EventLog Analyzer uses the following ports for remote agent to server TCP communication:
Port Number
|
Port Usage
|
8400 (TCP)
|
TCP port for EventLog Analyzer remote agent-server communication
|
For IBM AS/400
The below mentioned ports need to be opened on the server and the remote host machine.
Port Number(s)
|
Port Usage
|
446-449, 8470-8476, 9470-9476 (TCP)
|
Keep the mentioned ports opened for access to IBM AS/400 machines
|
Ports required for M365 Manager Plus
The following ports need to be opened for event collection:
Port Number
|
Port Usage
|
80 (TCP) (HTTP)
|
Communication with Exchange and Microsoft Online
|
443 (TCP) (HTTPS)
|
Communication with Exchange and Microsoft Online (SSL)
|
The following ports are needed to access M365 Manager Plus:
Port Number
|
Port Usage
|
8365 (TCP) (HTTP)
|
Default product port
|
9365 (TCP) (HTTPS)
|
Default product port (SSL)
|
Ports required for Exchange Reporter Plus
The following ports need to be opened for the product to communicate with Exchange Servers:
Port Number
|
Port Usage
|
135 (TCP)
|
RPC
|
5985 (TCP)
|
Windows PowerShell Default psSession
|
5986 (TCP) (HTTPS)
|
Windows PowerShell Default psSession SSL
|
80 (TCP)
|
PowerShell
|
443 (TCP) (HTTPS)
|
PowerShell SSL
|
The following ports need to be opened for the product to communicate with Active Directory:
Port Number
|
Port Usage
|
389 (TCP)
|
LDAP
|
636 (TCP) (HTTPS)
|
LDAP SSL
|
3268 (TCP)
|
LDAP GC
|
3269 (TCP) (HTTPS)
|
LDAP GC SSL
|
53 (TCP)
|
DNS
|
88 (TCP)
|
Kerberos
|
139 (TCP)
|
NetBIOS
|
The following ports are needed for Exchange Reporter Plus:
Port Number
|
Port Usage
|
8181
|
HTTPS
|
3309
|
ERP product database
|
Ports required for ADManager Plus
The following ports are required for ADManager Plus:
Port Number
|
Port Usage
|
33306
|
Communication with database
|
31000
|
Java wrapper service
|
22
|
Secure Shell (SSH)
|
8080/8443
|
Web server
|
2000
|
Email
|
389/639
|
LDAP/LDAPS
|
80
|
Exchange server
|
80,443
|
G Suite, Microsoft365
|
3268
|
LDAP search for Global Catalog (GC)
|
Ports required for Cloud Security Plus
The following ports are needed to access Cloud Security Plus:
Port Number
|
Port Usage
|
8055
|
HTTP
|
8056
|
HTTPS
|
514
|
Default Syslog listener
|
25
|
Default mail server SMTP
|
33355
|
PostgreSQL/MS SQL database
|
80, 443
|
Clouds and their data source
|
9300-9400 (any one TCP port) 9200-9300 (any one HTTP port)
|
Elastic Search
|
Using Log360 with Antivirus Applications
To ensure unhindered functioning of Log360, you need to add the following files to the exception list of your Antivirus application:
Path
|
Need for whitelisting
|
Impact if not whitelisted
|
<ME>/elasticsearch/ES/data
|
Elasticsearch indexed data is stored
|
Reports would be affected if the data is deleted.
|
<ME>/elasticsearch/ES/repo
|
Elasticsearch index snapshot is taken at this location.
|
Snapshots and Elasticsearch archival feature will fail if the files at this location are deleted.
|
<ME>/elasticsearch/ES/archive
|
Elasticsearch archives are stored here.
|
Data will not be available if the files located here are deleted.
|
<Log360_Home>/bin
|
All binaries are included here. Some Antivirus applications might block them as false positive.
|
Product might not function.
|
<Log360_Home>/pgsql/bin
|
Postgres binaries are included here. Might be detected as false positive by Antivirus applications.
|
Product might not start.
|
<Log360_Home>/lib/native
|
All binaries are included here. Some Antivirus applications might block them as false positive.
|
Product might not function.
|
<Log360_Home>/tools
|
All tools binaries are included here. Some Antivirus applications might block them as false positive.
|
Some tools might not work if the files are removed by Antivirus applications.
|
Ports required for Log360 UEBA
Web Server Port
|
PORT
|
INBOUND
|
OUTBOUND
|
Additional Rights and Permissions
|
HTTP/8096 (configurable)
|
UEBA Server
|
|
Ports Usage:
- The ports will by default be used for communication between the admin server and browser.
- The port can be customized by the user. The acceptable range for the value is between 1024–65535.
|
Elasticsearch
|
PORT
|
INBOUND
|
OUTBOUND
|
Additional Rights and Permissions
|
TCP/9230 (configurable)
|
UEBA Search Engine Management Node [ UEBA Node ]
|
|
Ports Usage:
- The Elasticsearch server in UEBA uses this port.
- The port can be customized by the user. The acceptable range for the value is between 9230-9290.
|
Database
|
PORT
|
Additional Rights and Permissions
|
TCP/33337
|
Ports Usage:
- Utilization of PostgressSQL/MSSQL database port in order to connect to the PostgreSQL database in UEBA.
- Firewall port need not be opened since the internal port is bound to localhost.
|
Redis Cache
|
PORT
|
Additional Rights and Permissions
|
TCP/8179
|
Ports Usage:
- Utilization of the port in order to connect to the Redis database in UEBA.
- The acceptable range for the value is between 8179-8189.
|
SSL Configured Server
|
PORT
|
Additional Rights and Permissions
|
SSL/8446
|
Ports Usage:
- Utilization of SSL to enhance the security between server and the client through HTTPS.
- The port can be customized by the user. The acceptable range for the value is between 1024–65535.
|
ActiveMQ
|
PORT
|
Additional Rights and Permissions
|
TCP/61616
|
Ports Usage:
- Fetches the real time events from integrated products.
- The acceptable range for the value is between 61616-61626.
|
Ports used by PAM360
The below table lists the set of all ports used by PAM360 for remote access:
Port Name
|
Port Number
|
Direction
|
PostgreSQL port |
3456 |
Outbound |
Web client port |
8282 |
Inbound |
SSH port |
22 |
Outbound |
Telnet port |
23 |
Outbound |
LDAP without SSL port |
389 |
Outbound |
LDAP with SSL port |
636 |
Outbound |
SMTP port |
25 |
Outbound |
MS SQL port |
1433 |
Outbound |
Oracle port |
1521 |
Outbound |
Sybase ASE port |
5000 |
Outbound |
Password Verification port |
135, 139, 445 |
Outbound |
Auto Logon Spark View Gateway port |
8283 |
Inbound |
RDP |
3389 |
Outbound |
SSH API |
6622 |
Inbound |
REST API |
8282 |
Inbound |
Private CA-OCSP Respoder Server port |
8080 |
Inbound |