Ports and External Interfaces

vRealize Log Insight uses specific required services, ports, and external interfaces.

To view information about the ports and protocols of vRealize Log Insight, see the VMware Ports and Protocols tool.

Communication Ports

vRealize Log Insight uses the communication ports and protocols listed in the Ports and Protocols tool. The required ports are organized based on whether they are required for sources, for the user interface, between clusters, for external services, or whether a firewall can safely block them. Some ports are used only if you enable the corresponding integration.

Note: vRealize Log Insight does not support WAN clustering (also called geo-clustering, high-availability clustering, or remote clustering). All nodes in the cluster should be deployed in the same Layer 2 LAN. Also, communication ports must be opened between nodes for proper exchange of information.

vRealize Log Insight network traffic has several sources.

Admin Workstation: The machine that an administrator uses to manage the vRealize Log Insight virtual appliance remotely.
User Workstation: The machine on which a vRealize Log Insight user uses a browser to access the Web interface of vRealize Log Insight.
System sending logs: The endpoint that sends logs to vRealize Log Insight for analysis and search. For example, endpoints include ESXi hosts, virtual machines or any system with an IP address.
Log Insight Agents: The agent that resides on a Windows or Linux machine and sends operating system events and logs to vRealize Log Insight over APIs.
vRealize Log Insight appliance: Any vRealize Log Insight virtual appliance, primary, or worker where the vRealize Log Insight services reside. The base operating system of the appliance is SUSE 11 SP3.

Ports Required for Sources Sending Data

These ports must be open to network traffic from sources that send data to vRealize Log Insight, both for connections from outside the cluster and connections load-balanced between cluster nodes.

Ports Required for the User Interface

These ports must be open to network traffic that must use the vRealize Log Insight user interface, both for connections outside the cluster and connections load-balanced between cluster nodes.

Ports Required Between Cluster Nodes

These ports should only be open on a vRealize Log Insight primary node for network access from worker nodes for maximum security. These ports are in addition to the ports used for sources and UI traffic that are load-balanced between cluster nodes.

Ports Required for External Services

These ports must be open for outbound network traffic from vRealize Log Insight cluster nodes to remote services.