This topic lists the default ports and protocols used by the various product components, depending on user roles and permissions.
The following information is useful for one-time configurations, daily operations, and understanding how various product components communicate with one another. This information can also be used to decide which ports to open, depending on your security requirements.
Note
For a single server deployment, the Indexer and Configuration Database ports are not accessible from other hosts (by default). In this case, you do not need to set up a firewall for these ports.
From | To | Default Port | Protocol |
---|---|---|---|
Daily operations | |||
CLI/web browser | Console Server | 9797 (configurable) | HTTP |
CLI/web browser | Console Server | 9443 (configurable) | HTTPS |
Data collection | |||
Collection Agent | Collection Station (Configuration Channel) | 8080 (configurable) | HTTP |
Collection Agent | Collection Station (Payload Service) | 41414 (configurable) | Avro |
Collection Station OR Collection Agent | Managed node from which data must be collected remotely (Monitor File over SSH and Monitor Script over SSH data collector)
| 22 | SSH |
Collection Station OR Collection Agent | Managed node from which data must be collected remotely (Monitor file over windows share data collector) | 445 | SMB |
Collection Station OR Collection Agent | Managed node from which data must be collected remotely. (Remote windows event data collector) | 5985 | PowerShell Remoting Protocol |
Managed node from which data must be collected remotely (TCP/UDP data collector) | Collection Station OR Collection Agent | 514 (Configurable) | TCP/UDP |
Managed node from which data must be collected remotely (HTTP/HTTPS data collector) | Collection Station OR Collection Agent | 8888 (Configurable) | HTTP/HTTPS |
Internal communications between the product components *The following ports are internal and do not require any firewall changes for a single-server deployment. | |||
Console Server | Search | 9797 (configurable) | HTTP |
Search | 9443 (configurable) | HTTPS | |
Console Server | Configuration Database | 9999 (configurable) | JDBC |
Search | Configuration Database | 9999 (configurable) | JDBC |
Collection Station | Configuration Database | 9999 (configurable) | JDBC |
Console Server | Indexer | 9300 (configurable) | TCP |
Search | Indexer | 9300 (configurable) | TCP |
Collection Station | Indexer | 9300 (configurable) | TCP |
Console Server | Collection Station | 8080 (configurable) | HTTP |
Communication between product components and integrations | |||
Search | SMTP server (SMTP server used for sending email) | 25 | SMTP |
Console Server | SMTP server (SMTP server used for sending email) | 25 | SMTP |
Search | ProactiveNet server (Operations Console) | 80 (configurable) | HTTP |
Search | TrueSight Presentation Server | 443 (configurable) | HTTPS |
Collection Station | ProactiveNet server (Event management) | 1828 (configurable) | TCP |
Search | ProactiveNet server (Event management) | ||
Console Server | Atrium Single-Sign On server | 8443 (configurable) | HTTPS |
Search | Remedy AR Server | 8008 (configurable) | HTTP |
8443 (configurable) | HTTPS | ||
Internal firewalls to be opened for Indexer communications | |||
Indexer | Collection Station, Console Server, and Search | 9305 to 93991 | TCP |
1Note: Ensure that ports 9305, 9306, and 9307 are open. These ports are used in the order in which the Collection Station, Console Server, and Search services are started. Keep in mind, that if the Collection Station, Console Server, and Search components are located on the same host, then all the three ports are used. However, if the components are on separate hosts, then these components might use the same 9305 port. Example: On a single server, suppose the Collection Station was started first, followed by the Console Server, and finally followed by the Search component. In this scenario, the ports will be used in the following order:
You need to ensure that the preceding ports are not in use. If one or more of these ports are already in use, the next available ports will be used. These ports can fall in the range, 9305 to 9399. If you are not sure whether one or more of these ports is in use, you can open all the ports in the available range. |
For more information about the ports required for an HTTPS connection, see the instructions for configuring a secured connection.