Skip to content

Log Insight: Port Requirements

If you are in a secure environment where port requirements need to known, you may wonder what the port requirements are for Log Insight. While Log Insight has a security guide on the topic, it is sometimes easier to reference a specific table. Below are the ports that are used by Log Insight.

Incoming

Note: When using a cluster, all incoming traffic should point to the ILB VIP, allowing access directly to the nodes in a clustered environment is not required (though you may desire to enable some for administrative purposes such as SSH)

PortProtocolPurposeNotes
22TCPSSH
80TCPHTTP
443TCPHTTPS
514TCPSyslog
514UDPSyslog
1514TCPTLS Syslog
9000TCPIngestion APIAdded in 2.0
9543TCPTLS Ingestion APIAdded in 2.5

Outgoing

Note: When using a cluster, all outgoing traffic will originate from the individual notes and not from the ILB VIP. For example, archiving would happen from each node and vCenter Server event, task and alarm collection would happen from the master node.

PortProtocolPurposeNotes
25TCPSMTP
53TCPDNS
53UDPDNS
123UDPNTP
389TCPLDAP (AD)Added in 1.5
389UDPLDAP (AD)Added in 1.5
443TCPvSphere or vR Ops
integration
Added in 1.5
465TCPSMTPSOptional as port 25 is default
587TCPSMTPOptional as port 25 is default
636TCPLDAPS (AD)Added in 1.5, optional as port 389 is default
3268TCPLDAP (AD)
Global Catalog
Added in 1.5, optional as port 389 is default
3269TCPLDAPS (AD)
Global Catalog
Added in 1.5, optional as port 389 is default

Cluster (Node-to-Node)

PortProtocolPurposeNotes
59778, 16520-16580TCPLog Insight ServicesAdded in 2.0
12543TCPPostgresWorker to master only; added in 2.0, removed in 2.5
7000, 9042TCPCassandraAdded in 2.5

© 2014, Steve Flanders. All rights reserved.

Published inVMware

4 Comments

  1. Node to Node also uses TCP 80, about 4 packets to each of its peers every 15 min (discovered during micro-segmentation implementation)

    • Hmm, this should not be a requirement — let me investigate

  2. Jay Jay

    What ports should be opened for vCenter to send logs? I have 443 open and test was successful, I opened 514, 1514, 9000. Its still not showing one of my vCenters as a sending host. I have a 2nd vCenter that is working however its all behind the same switch, on the same network.

    • Well, it depends on how you configured vCenter to send logs. If you are taking about vSphere integration in LI (/admin/vsphere) then you only need port 443. If you are talking about log configuration from the VAMI on vCenter 6.5 then you need port 514. If you are talking about the LI agent on vCenter then by default you need TCP/9543 though you could also configure TCP/9000 depending on agent configuration. If you are talking rsyslog on vCenter then you need port 514. If it is not working as expected, check the logs. I hope this helps!

Leave a Reply

Your email address will not be published. Required fields are marked *