The tables here show Loggregator internal network communication paths with other VMware Tanzu Application Service for VMs (TAS for VMs) components.
For more information about Loggregator components and architecture, see Loggregator components and architecture.
Loggregator communications
The following table lists network communication paths for Loggregator:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| Any* | loggregator_trafficcontroller | 8081 | TCP | HTTP/WebSocket | OAuth |
| Any VM running Loggregator Agent | doppler | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller | doppler | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller | uaa | 8443 | TCP | HTTPS | TLS |
| loggregator_trafficcontroller | cloud_controller | 9023 | TCP | HTTPS | Mutual TLS |
| loggregator_trafficcontroller (Reverse Log Proxy) | doppler | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller (Route Registrar) | nats | 4222 | TCP | NATS | Basic authentication |
| loggregator_trafficcontroller (Metrics Forwarder) | BOSH Director (Metrics Server) | 25555 and 8443 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller | log_cache | 8080 | TCP | gRPC over HTTP/2 | Mutual TLS |
| loggregator_trafficcontroller (Reverse Log Proxy Gateway) | cloud_controller | 9023 | TCP | HTTPS | Mutual TLS |
| Any* | loggregator_trafficcontroller (Reverse Log Proxy Gateway) | 8088 | TCP | HTTP/Server Sent Events | OAuth |
*Any source VM can send requests to the specified destination within its subnet.
**Any host configured through a user-provided service binding with a syslog URL.
***Any port configured through a user-provided service binding with syslog URL.
****Basic authentication only supported for HTTPS syslog drains.
Log Cache communications
The following table lists network communication paths for Log Cache:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| Any VM running Loggregator Syslog Agent* | log_cache | 6067 | TCP | Syslog | TLS or Mutual TLS (configurable) |
| Any** | log_cache | 8080 | TCP | gRPC over HTTP/2 | Mutual TLS |
| log_cache (Nozzle)*** | loggregator_trafficcontroller (Reverse Log Proxy) | 8082 | TCP | gRPC over HTTP/2 | Mutual TLS |
| gorouter | log_cache (Auth Proxy) | 8083 | TCP | HTTP | OAuth |
| log_cache (Auth Proxy) | uaa | 8443 | TCP | HTTPS | TLS |
| log_cache (Auth Proxy) | cloud_controller | 9024 | TCP | HTTPS | TLS |
*When Log Cache is configured to use Syslog ingestion.
**Any source VM can send requests to the specified destination within its subnet.
***When Log Cache is configured to use Reverse Log Proxy ingestion.
OpenTelemetry Collector communications
The OpenTelemetry Collector (OTel Collector) sends requests to destinations specified by the operator. Destination hostname, port, protocol, and security settings are configured in the exporters section of configuration code entered in the TAS for VMs tile > System Logging pane > OpenTelemetry Collector Configuration field.
Note that while exporters generally make egress requests to drain destinations, the prometheus exporter in particular will expose an endpoint for an external client to send scrape requests.
BOSH DNS communications
By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.
