If you are in a secure environment where port requirements need to known, you may wonder what the port requirements are for Log Insight. While Log Insight has a security guide on the topic, it is sometimes easier to reference a specific table. Below are the ports that are used by Log Insight.
Incoming
Note: When using a cluster, all incoming traffic should point to the ILB VIP, allowing access directly to the nodes in a clustered environment is not required (though you may desire to enable some for administrative purposes such as SSH)
| Port | Protocol | Purpose | Notes |
|---|---|---|---|
| 22 | TCP | SSH | |
| 80 | TCP | HTTP | |
| 443 | TCP | HTTPS | |
| 514 | TCP | Syslog | |
| 514 | UDP | Syslog | |
| 1514 | TCP | TLS Syslog | |
| 9000 | TCP | Ingestion API | Added in 2.0 |
| 9543 | TCP | TLS Ingestion API | Added in 2.5 |
Outgoing
Note: When using a cluster, all outgoing traffic will originate from the individual notes and not from the ILB VIP. For example, archiving would happen from each node and vCenter Server event, task and alarm collection would happen from the master node.
| Port | Protocol | Purpose | Notes |
|---|---|---|---|
| 25 | TCP | SMTP | |
| 53 | TCP | DNS | |
| 53 | UDP | DNS | |
| 123 | UDP | NTP | |
| 389 | TCP | LDAP (AD) | Added in 1.5 |
| 389 | UDP | LDAP (AD) | Added in 1.5 |
| 443 | TCP | vSphere or vR Ops integration |
Added in 1.5 |
| 465 | TCP | SMTPS | Optional as port 25 is default |
| 587 | TCP | SMTP | Optional as port 25 is default |
| 636 | TCP | LDAPS (AD) | Added in 1.5, optional as port 389 is default |
| 3268 | TCP | LDAP (AD) Global Catalog |
Added in 1.5, optional as port 389 is default |
| 3269 | TCP | LDAPS (AD) Global Catalog |
Added in 1.5, optional as port 389 is default |
Cluster (Node-to-Node)
| Port | Protocol | Purpose | Notes |
|---|---|---|---|
| 59778, 16520-16580 | TCP | Log Insight Services | Added in 2.0 |
| 12543 | TCP | Postgres | Worker to master only; added in 2.0, removed in 2.5 |
| 7000, 9042 | TCP | Cassandra | Added in 2.5 |
© 2014, Steve Flanders. All rights reserved.
Node to Node also uses TCP 80, about 4 packets to each of its peers every 15 min (discovered during micro-segmentation implementation)
Hmm, this should not be a requirement — let me investigate
What ports should be opened for vCenter to send logs? I have 443 open and test was successful, I opened 514, 1514, 9000. Its still not showing one of my vCenters as a sending host. I have a 2nd vCenter that is working however its all behind the same switch, on the same network.
Well, it depends on how you configured vCenter to send logs. If you are taking about vSphere integration in LI (/admin/vsphere) then you only need port 443. If you are talking about log configuration from the VAMI on vCenter 6.5 then you need port 514. If you are talking about the LI agent on vCenter then by default you need TCP/9543 though you could also configure TCP/9000 depending on agent configuration. If you are talking rsyslog on vCenter then you need port 514. If it is not working as expected, check the logs. I hope this helps!