vRealize Log Insight uses specific required services, ports, and external interfaces.
For information about the ports and protocols of vRealize Log Insight, see VMware Ports and Protocols.
vRealize Log Insight uses the communication ports and protocols listed in this topic. The required ports are organized based on whether they are required for sources, for the user interface, between clusters, for external services, or whether they can be safely blocked by a firewall. Some ports are used only if you enable the corresponding integration.
- Admin Workstation
- The machine that a system administrator uses to manage the vRealize Log Insight virtual appliance remotely.
- User Workstation
- The machine on which a vRealize Log Insight user uses a browser to access the Web interface of vRealize Log Insight.
- System sending logs
- The endpoint that sends logs to vRealize Log Insight for analysis and search. For example, endpoints include ESXi hosts, virtual machines or any system with an IP address.
- Log Insight Agents
- The agent that resides on a Windows or Linux machine and sends operating system events and logs to vRealize Log Insight over APIs.
- vRealize Log Insight appliance
- Any vRealize Log Insight virtual appliance, master or worker, where the vRealize Log Insight services reside. The base operating system of the appliance is SUSE 11 SP3.
Ports Required for Sources Sending Data
The following ports must be open to network traffic from sources that send data to vRealize Log Insight, both for connections from outside the cluster and connections load-balanced between cluster nodes.
|System sending logs||vRealize Log Insight appliance||514||TCP, UDP||Outbound syslog traffic configured as a Forwarder destination|
|System sending logs||vRealize Log Insight appliance||1514, 6514||TCP||Syslog data over SSL|
|vRealize Log Insight Agents||vRealize Log Insight appliance||9000||TCP||Log Insight Ingestion API|
|vRealize Log Insight Agents||vRealize Log Insight appliance||9543||TCP||Log Insight Ingestion API over SSL|
Ports Required for the User Interface
The following ports must be open to network traffic that needs to use the vRealize Log Insight user interface, both for connections outside the cluster and connections load-balanced between cluster nodes.
|Admin Workstation||vRealize Log Insight appliance||22||TCP||SSH: Secure Shell connectivity|
|User Workstation||vRealize Log Insight appliance||80||TCP||HTTP: Web interface|
|User Workstation||vRealize Log Insight appliance||443||TCP||HTTPS: Web interface|
Ports Required Between Cluster Nodes
The following ports should only be open on a vRealize Log Insight master node for network access from worker nodes for maximum security. These ports are in addition to those ports used for sources and UI traffic that are load-balanced between cluster nodes.
|vRealize Log Insight appliance||vRealize Log Insight appliance||7000||TCP||Cassandra replication and query|
|vRealize Log Insight appliance||vRealize Log Insight appliance||9042||TCP||Cassandra service for native protocol clients|
|vRealize Log Insight appliance||vRealize Log Insight appliance||59778, 16520–16580||TCP||vRealize Log Insight Thrift service|
Ports Required for External Services
The following ports must be open for outbound network traffic from vRealize Log Insight cluster nodes to remote services.
|vRealize Log Insight appliance||NTP server||123||UDP|| NTPD: Provides NTP time synchronization
Note: The port is open only if you select to use NTP time synchronization.
|vRealize Log Insight appliance||Mail Server||25||TCP||
SMTP: mail service for outbound alerts
|vRealize Log Insight appliance||Mail Server||465||TCP||SMTPS: mail service over SSL for outbound alerts|
|vRealize Log Insight appliance||DNS server||53||TCP, UDP||DNS: name resolution service|
|vRealize Log Insight appliance||AD server||389||TCP, UDP||Active Directory|
|vRealize Log Insight appliance||AD server||636||TCP||Active Directory over SSL|
|vRealize Log Insight appliance||AD server||3268||TCP||Active Directory Global Catalog|
|vRealize Log Insight appliance||AD server||3269||TCP||Active Directory Global Catalog SSL|
|vRealize Log Insight appliance||AD server||88||TCP, UDP||Kerberos|
|vRealize Log Insight appliance||vCenter Server||443||TCP||vCenter Server Web Service|
|vRealize Log Insight appliance||vRealize Operations Manager appliance||443||TCP||vRealize Operations Web service|
|vRealize Log Insight appliance||Third-party log manager||514||TCP, UDP||syslog data|
|vRealize Log Insight appliance||Third-party log manager||9000||CFAPI||Outbound Log Insight Ingestion API (CFAPI) traffic configured as a Forwarder destination|
|vRealize Log Insight appliance||Third-party log manager||9543||CFAPI||Outbound Log Insight Ingestion API (CFAPI) traffic configured as a Forwarder destination with encryption (SSL/TLS)|