Help Document

Prerequisites for Log360 Cloud Agent

This document lists the prerequisites that have to be met to run the Log360 Cloud agent.

Required ports

The Log360 Cloud Agent requires the following ports to communicate with the cloud application server and to listen to the syslogs.

Port Numbers Ports Usage Description
443 (TCP) Communication with cloud server This is the default port used by the Log360 Cloud agent to communicate with the cloud application server.
513, 514 (UDP) Syslog listener port These are the default Syslog listener ports for UDP. Ensure that the devices are configured to send Syslogs to any one of these ports.
514 (TCP) Syslog listener port This is the default Syslog listener port for TCP. Ensure that devices are configured to send Syslogs to this port.

Log360 Cloud Agent and devices in your network use the following ports for WMI, RPC, SMB, LDAP and DCOM services.

Port Numbers Ports Usage Description
135, 445, 139 (TCP) WMI, DCOM, RPC These are the traffic ports for the Log360 Cloud agent. The same ports will be used as incoming traffic ports in the devices and must be opened. Windows services DCOM, WMI, and RPC use these ports, while Log360 Cloud agent uses these services to collect logs from Windows machines in default mode (Event Log mode).
49152-65534 (TCP) WMI, DCOM, RPC These are the incoming traffic ports in the Log360 Cloud agent. The same ports will be used as outgoing traffic ports in the devices and must be opened. DCOM uses callback mechanism on random ports between 49152-65534 for Windows Server 2008 and 1024-65534 for previous versions.
389 LDAP This port is used for domain discovery, it allows application to query directory services, such as Active Directory, to discover information about domains.
139, 445, 135
1024-65535
SMB
RPC
These ports are used for workgroup discovery, SMB & RPC services are used to discover other computers in the workgroup.
139
135, 137, 138
SMB
RPC
These ports are for event source discovery. SMB and RPC is used for interacting with remote machines and identifying event log sources.

Required permissions

Agent orchestration

Log360 Cloud Agent is manually installed on Windows devices, following permissions needs to be enabled for agent installation.

Action Permissions
Windows Agent Installation User Permissions
  • Agent Installation:Enable read,write and modify files in "C:/Program Files (x86)" for 64-bit Windows systems and "C:\Program Files" for 32-bit Windows systems.
  • Agent Upgrade: Enable read, write and modify permission to files in "C:\ProgramData"
Windows Agent Management User Permissions
  • Access/Read/Write registry keys - SOFTWARE\Wow6432Node\ZOHO Corp\Log360Cloud\(or) SOFTWARE\ZOHO Corp\Log360Cloud\

Log collection

Following permissions are needed for log collection using Log360 Coud.

Action Permissions
WMI Log Collection User Groups
  • Event Log Readers
  • Distributed COM Users
User Permissions
  • Enable Account
  • Remote Enable
  • Read Security
  • Execute Methods
Syslog Collection Environmental variables The "Syslog listener port" mentioned in "Ports Requirements" should be allowed in firewall.
Auto Log Forwarding User Rights Service restart rights for 'rsyslog' or 'syslog' service.
User Permissions Enable "rw" permission to files (/etc/ rsyslog.conf or /etc/syslog.conf)

Discovery

Action Permissions
Event Source Discovery User Permissions
  • At least read control should be granted for winreg registry key. (Computer\HKEY_LOCAL _MACHINE\SYSTEM\CurrentControl Set\Control\SecurePipe Servers\winreg)
  • Full control permission should be granted for credentials in the EventLog registry key. (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog).
Environmental Variables
  • Remote registry service should be running.
  • Should have files in event file location. (C:\Windows\System32\winevt\Logs).
  • "C$" should be enabled in remote device in order to configure event source files.
Windows Domain Discovery User Permissions
  • User should have read permission to Active Directory Domain Objects.
  • Permission to run LDAP query in ADS_SECURE_AUTHENTICATION mode should be present.
Windows Workgroup Discovery User Permissions
  • Permission to run WinNT query in ADS_SECUREAUTHENTICATION mode.

Hardware Requirements

This section gives you information about the hardware requirements for the Log360 Cloud agent.

For 32 bit machines

  • 1 GHz, 32-bit (x86) Pentium Dual Core processor or equivalent
  • 2 GB RAM

For 64 bit machines

  • 2.80 GHz, 64-bit (x64) Xeon® LV processor or equivalent
  • 2 GB RAM

Operating System Requirements

The Log360 Cloud agent can be installed and run on the following operating systems (both 32 Bit and 64 Bit architecture) and versions:

Windows®

  • Windows 7 & above
  • Windows Server 2008 & above

VMware

  • VMware environment

Supported Logs and Data Sources

Log360 Cloud can collect, index, analyze, search, and report on logs from various devices, platforms and services. To know the latest supported logs and data sources, click here.

Note:

  • For analyzing logs from Windows NT machine, WMI core should be installed on the Windows NT machine.
  • Syslogs received from SNARE agents for Windows will be displayed as Windows devices.

RAM Requirement Approximation

The recommended RAM size of the machine in which the Log360 Cloud agent has been installed is 1 GB.

URL whitelisting

The following URLs have to be whitelisted in all the devices that have the Log360 Cloud agents for the agents to function effectively:

For the US region:

  • log360cloud.manageengine.com
  • upload.zoho.com
  • *dms.zoho.com
  • staticdownloads-log360cloud.zohodl.com

For the EU region:

  • log360cloud.manageengine.eu
  • upload.zoho.eu
  • *dms.zoho.eu
  • staticdownloads-log360cloud.zohodl.com

For the AU region:

  • log360cloud.manageengine.com.au
  • upload.zoho.com.au
  • *dms.zoho.com.au
  • staticdownloads-log360cloud.zohodl.com

For the IN region:

  • log360cloud.manageengine.in
  • upload.zoho.in
  • *dms.zoho.in
  • staticdownloads-log360cloud.zohodl.com

For the JP region:

  • log360cloud.manageengine.jp
  • upload.zoho.jp
  • *dms.zoho.jp
  • staticdownloads-log360cloud.zohodl.com

Resolution requirement

Log360 Cloud requires a minimum browser resolution of 1280x720 to avoid UI distortion.