Log Insight: Port Requirements

If you are in a secure environment where port requirements need to known, you may wonder what the port requirements are for Log Insight. While Log Insight has a security guide on the topic, it is sometimes easier to reference a specific table. Below are the ports that are used by Log Insight.

Incoming

Note: When using a cluster, all incoming traffic should point to the ILB VIP, allowing access directly to the nodes in a clustered environment is not required (though you may desire to enable some for administrative purposes such as SSH)

Port Protocol Purpose Notes
22 TCP SSH
80 TCP HTTP
443 TCP HTTPS
514 TCP Syslog
514 UDP Syslog
1514 TCP TLS Syslog
9000 TCP Ingestion API Added in 2.0
9543 TCP TLS Ingestion API Added in 2.5

Outgoing

Note: When using a cluster, all outgoing traffic will originate from the individual notes and not from the ILB VIP. For example, archiving would happen from each node and vCenter Server event, task and alarm collection would happen from the master node.

Port Protocol Purpose Notes
25 TCP SMTP
53 TCP DNS
53 UDP DNS
123 UDP NTP
389 TCP LDAP (AD) Added in 1.5
389 UDP LDAP (AD) Added in 1.5
443 TCP vSphere or vR Ops
integration
Added in 1.5
465 TCP SMTPS Optional as port 25 is default
587 TCP SMTP Optional as port 25 is default
636 TCP LDAPS (AD) Added in 1.5, optional as port 389 is default
3268 TCP LDAP (AD)
Global Catalog
Added in 1.5, optional as port 389 is default
3269 TCP LDAPS (AD)
Global Catalog
Added in 1.5, optional as port 389 is default

Cluster (Node-to-Node)

Port Protocol Purpose Notes
59778, 16520-16580 TCP Log Insight Services Added in 2.0
12543 TCP Postgres Worker to master only; added in 2.0, removed in 2.5
7000, 9042 TCP Cassandra Added in 2.5

© 2014, Steve Flanders. All rights reserved.

4 comments on “Log Insight: Port Requirements

Node to Node also uses TCP 80, about 4 packets to each of its peers every 15 min (discovered during micro-segmentation implementation)

Hmm, this should not be a requirement — let me investigate

Jay says:

What ports should be opened for vCenter to send logs? I have 443 open and test was successful, I opened 514, 1514, 9000. Its still not showing one of my vCenters as a sending host. I have a 2nd vCenter that is working however its all behind the same switch, on the same network.

Well, it depends on how you configured vCenter to send logs. If you are taking about vSphere integration in LI (/admin/vsphere) then you only need port 443. If you are talking about log configuration from the VAMI on vCenter 6.5 then you need port 514. If you are talking about the LI agent on vCenter then by default you need TCP/9543 though you could also configure TCP/9000 depending on agent configuration. If you are talking rsyslog on vCenter then you need port 514. If it is not working as expected, check the logs. I hope this helps!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top