Port Assignments

A list of ports, directions, and description.

LogLogic LMI Port Assignments
Port	Socket Interface	Transport	Process Name	Description	LogLogic LMI or OS	Direction
22	all (IPv4)	tcp	sshd	CLI access for root/toor using Secure Shell (SSH) / TCP syslog and LLTCP with encryption.	OS	inbound
68	all (IPv4)	udp	dhclient	Manages DHCP client IP settings.	LogLogic LMI	outbound
80	all (IPv6)	tcp	java(Tomcat)	HTTP access to the web GUI. Redirects to 443. Also used for Web Services API. Does not redirect to 443 for WSAPI.	LogLogic LMI	inbound
123	all (IPv4) IPv6 local link	udp	ntpd	Network Time Protocol (NTP) service for using the appliance as a time source.	OS	inbound
161	all (IPv4)	udp	snmpd	Listens for poll requests by SNMP monitoring applications gathering SNMP-related info about appliance.	OS	inbound
162	all (IPv4)	udp	engine_trapcollectoer	To receive SNMP traps from log sources.	OS	inbound
199	localhost (IPv4)	tcp	snmpd	SNMP Unix Multiplexer.	OS	n/a
443	all (IPv6)	tcp	java(Tomcat)	HTTPS access to the web GUI.	LogLogic LMI	inbound
514	all (IPv4)	udp	engine_collector	Receives syslog (UDP syslog) messages.	LogLogic LMI	inbound
514, 6514	all (IPv4)	tcp	engine_tcpcollector	Receives syslog (TCP syslog) messages and TLS syslog messages.	LogLogic LMI	inbound
768	all (IPv4)	raw	engine_collector	Used for internal logging	LogLogic LMI	n/a
768	all (IPv4)	raw	engine_higpri_reader	Used for internal logging	LogLogic LMI	n/a
768	all (IPv4)	raw	engine_lx_scheduler	Used for internal logging	LogLogic LMI	n/a
768	all (IPv4)	raw	engine_lx_parser	Used for internal logging	LogLogic LMI	n/a
768	all (IPv4)	raw	engine_tcpcollector	Used for internal logging	LogLogic LMI	n/a
768	all (IPv4)	raw	engine_tcpforwarder	Used for internal logging	LogLogic LMI	n/a
768	all (IPv4)	raw	engine_trapcollector	Used for internal logging	LogLogic LMI	n/a
768	all (IPv4)	raw	engine_uldpcollector	Used for internal logging	LogLogic LMI	n/a
1099	all (IPv6)	tcp	java (LogLogic LSP)	Used for LogLogic LSP core communication to Java RMI registry.	LogLogic LMI	n/a
1514	all (IPv6)	udp	engine_collector	Used for logs with Domain ID	LogLogic LMI	n/a
2055 9555 9995	all	tcp	LogLogic LSP Collector	LogLogic LSP Collector for Netflow	LogLogic LMI	inbound
2098	all (IPv6)	tcp	java (MC Agent)	Java RMI Registry service for Tomcat (only when MC Agent installed).	LogLogic LMI	n/a
2099	all (IPv6)	tcp	java (MC Agent)	Java instance listening for Shutdown/Reboot command (only when MC Agent installed).	LogLogic LMI	n/a
2508		tcp	java (MC Agent)	MCAgent	LogLogic LMI	n/a
3306	all (IPv4)	tcp	mysqld	MySQL database.	LogLogic LMI	inbound
4400	all (IPv4)	tcp	engine_cluster_membership	Rsync replication failover service (receives connection from peer node) (HA mode only).	LogLogic LMI	inbound
4401	all (IPv4)	tcp	engine_cluster_membership	Cluster membership monitor (receives connection from cluster_membership and mysqld engines) (HA mode only).	LogLogic LMI	n/a
4433	all (IPv4)	tcp	engine_http_collector	File-based message routing	LogLogic LMI	outbound
4433	all (IPv4)	tcp	engine_http_collector	http-based log collection (Blue Coat, NetApp, and so on).	LogLogic LMI	inbound
4433	all (IPv6)	tcp	java (Tomcat)	Management station: Used to send requests to a remote appliance.	LogLogic LMI	outbound
4433	all (IPv6)	tcp	java (Tomcat)	Management station: Used to receive updates from a remote appliance	LogLogic LMI	inbound
4443	all	tcp	java (Tomcat)	HTTPS Remote Control	LogLogic LMI	n/a
4514	all (IPv6)	tcp	java (Tomcat)	real-time viewing of logs (Search->Real-Time Viewer).	LogLogic LMI	inbound
5514	all (IPv4)	tcp	engine_rcollector	ULDP prior to LogLogic LMI 5.2	LogLogic LMI	inbound
5514	all (IPv4)	tcp	engine_rcollector	LogLogic TCP-based message routing.	LogLogic LMI	inbound
5515	all (IPv4)	tcp	stunnel	Secure ULDP collection.	LogLogic LMI	inbound
5516	all (IPv4)	tcp	engine_uldpcollector	ULDP for LogLogic LMI 5.2 and later.	LogLogic LMI	inbound
6000 - 7000	localhost (IPv4 & v6)	tcp	ssh	Used as the tunnel mechanism by engine_stunnel for forwarding to downstream appliances when authentication and encryption are enabled. Four ports are used at a time. The specific 4 ports used will increment each time when a particular tunnel is started so that there are no conflicts. The first port of the set is for forwarding syslog traffic, the second port is for http data, the third is for file data using rcollector and the fourth is for Checkpoint data.	LogLogic LMI	n/a
8005	localhost (IPv6)	tcp	java (Tomcat)	Tomcat administration port.	LogLogic LMI	n/a
8080	all (IPv6)	tcp	java (Tomcat)	Provides a destination for web browser redirects during LogLogic LMI upgrade.	LogLogic LMI	inbound
8180	localhost (IPv6)	tcp	java (MC Agent)	SSH port for Karaf - (only when MC agent is installed).	LogLogic LMI	n/a
9000	all	tcp	engine_filecollector	Used by HDFS client to connect to HDFS cluster. See how to change the port number.	LogLogic LMI	outbound
9013	all (IPv6)	tcp	java		LogLogic LMI
9600	all (IPv4)	tcp	llzk	Used by zookeper for TIBCO	LogLogic LMI	n/a
9611	all	tcp	logu-datanode	Ingest service	LogLogic LMI
9620	all	tcp	logu-querynode	Query node query service	LogLogic LMI
9621	all	tcp	logu-datanode	Data node query service	LogLogic LMI
9622	all	tcp	logu-datanode	Streaming service	LogLogic LMI
9680	all	tcp	logu-web	Webapp service	LogLogic LMI
9681	all	tcp	logu-querynode	Query node REST service	LogLogic LMI
9683	all	tcp	logu-datanode	Data node REST service	LogLogic LMI
11965	default gw	tcp	ll_tunnel	Message forwarding when using LogLogic TCP with encryption. Note: This is deprecated for 5514/tcp w/o encryption and 22/tcp with encryption.	LogLogic LMI	inbound
31000	localhost (IPv6)	tcp	java (LogLogic LSP)	LogLogic LSP Core.	LogLogic LMI	n/a
32000	localhost	tcp	java (LogLogic LSP)	Wrapper binary for LogLogic LSP.	LogLogic LMI	n/a
32001	localhost	tcp	java (MC Agent)	Wrapper binary for MC Agent (only when MC Agent installed).	LogLogic LMI	n/a
32768-61000	all (IPv6)	tcp	java (LogLogic LSP)		LogLogic LMI	n/a
32768-61000	all (IPv6)	tcp	java (LogLogic LSP)		LogLogic LMI	n/a
32768-61000	all (IPv6)	udp	java (LogLogic LSP)		LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_archive	Performs archiving on ST appliances.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_collector	Manages real-time syslog collection	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_filecollector	Manages file Xfer rules, deep parses file-based log data, assists with forwarding of file-data.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_highpri_reader	Handles message forwarding, search filter alerts (LX only), real-time view feeds.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_lx_scheduler	Handles periodic tasks such as aggregation, cleanup, alerts.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_rsender	Handles forwarding when LogLogic TCP is used as the protocol.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_st_reporter	Handles regex searches.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_syslog	Replays /var/log/sys.log file back into UDP collector so we can parse our own syslog messages.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_sysmon	Monitors system and issues system alerts. Monitors memory, system load avg, # of zombie processes and logs to sys.log file every 5 minutes.	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_tcpcollector	Involved in collection when using syslog-ng (TCP syslog).	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_tcpforwarder	Used for internal logging	LogLogic LMI	n/a
32768-61000	all (IPv4)	tcp	engine_tcpforwarder	Perform message routing when using syslog-ng (TCP syslog).	LogLogic LMI	outbound
32768-61000	all (IPv4)	udp	engine_trapcollector	Used for internal logging	LogLogic LMI	n/a
32768-61000	all (IPv4)	udp	engine_uldpcollector	Process and forward SNMP traps to remote hosts.	LogLogic LMI	n/a

LogLogic LMI Destination Port Assignments
Dest Port	Socket Interface	Transport	Process Name	Description	LogLogic LMI or OS	Direction
22	default gateway	tcp	ssh	SSH-based backups	OS	outbound
25	default gateway	tcp	llmail, msmtp, or Tomcat	Sends emails to an SMTP server. The process used is dictated by what is being sent (alerts, reports, and so on).	LogLogic LMI	outbound
49	default gateway	tcp	java (Tomcat)	TACACS authentication (but no authorization) for users.	LogLogic LMI	outbound
88	default gateway	udp	java (Tomcat)	Kerberos feature when using LDAP.	LogLogic LMI	outbound
111	default gateway	tcp	Sun RPC portmapper	LogLogic LMI NFS backups and archiving: mount command will communicate to Sun RPC Port mapper to get port # for mountd (NFS v3 only).	OS	outbound
123	default gateway	udp	ntpd	Network Time Protocol (NTP) service for using the appliance as a time source.	OS	outbound
389	default gateway	tcp	java (Tomcat)	LDAP to Active Directory.	LogLogic LMI	outbound
636	default gateway	tcp	java (Tomcat)	LDAP to Active Directory.	LogLogic LMI	outbound
>1023	default gateway	tcp	various	Interact with multiple server daemons (statd, lockd, rquotad, mountd) for using NFS.	OS	outbound
1433	default gateway	tcp	java (LogLogic LSP)	Microsoft SQL Server GDBC collection.	LogLogic LMI	outbound
1521	default gateway	tcp	java (LogLogic LSP)	Oracle Database GDBC collection.	LogLogic LMI	outbound
1812	default gateway	tcp	java (Tomcat)	RADIUS	LogLogic LMI	outbound
2049	default gateway	tcp	nfs	LogLogic LMI NFS backups and archiving: data transfer occurs using this port.	OS	outbound
3306	default gateway	tcp	java (LogLogic LSP)	MySQL Database GDBC collection.	LogLogic LMI	outbound
9000	all	tcp	engine_filecollector	Used by HDFS client to connect to HDFS cluster. See how to change the port number.	LogLogic LMI	outbound
9600	all (IPv4)	tcp	llzk	Used by zookeeper for TIBCO	LogLogic LMI	n/a
18184	default gateway	tcp	chkpt_agent	Used by LEA for log export from LEA server.	LogLogic LMI	outbound
18190	default gateway	tcp	chkpt_agent	Used by CheckPoint Mgmt Interface (CPMI) for communication between LogLogic LMI and Mgmt Module.	LogLogic LMI	outbound
18210	default gateway	tcp	chkpt_agent	Used by Secure Internal Communication (SIC) for pulling certificates from Mgmt Module.	LogLogic LMI	outbound
21616	default gateway	tcp	java (MCAgent)	Notification port used with TIBCO LogLogic^® Management Center server (only when MC Agent installed).	LogLogic LMI	outbound
dynamic port	default gateway	tcp	rpc.mountd	NFS sharing: port used by the mount command over TCP outbound to an NFS server	OS	outbound
dynamic port	default gateway	tcp	NFS client	NFS file sharing: used for file locking	OS	outbound

LogLogic LMI Processes not requiring ports

The following LogLogic LMI processes are not listed previously because they do not need to bind to any port for accepting data from other components.

Process	Description
engine_alerting	Manages some types of alerts such as baseline ratio-based, message rate alerts, and so on
engine_backup	Mirrors the existing data stores (MySQL database, raw logs in /loglogic/data/vol1, system configuration files) to a remote host.
engine_cluster_monitor	Monitors the replication of data and the replication configuration, and restarts it if it does not respond.
engine_mysqld	Monitors mysqld and restarts it if it does not respond
engine_ntp	Monitors ntp and restarts it if it does not respond.
engine_tcp_scheduler	Monitors the data files created by engine_rsender in /loglogic/data/rsender/ready so they can be transmitted to their destination.
ll_opsec_manager	Manages OPSEC suite of protocols for CheckPoint log sources. Uses chkpt_agent for the actual work and manages the startup and shutdown of those agent processes.

Contents

Index

Search Results

Port Assignments

LogLogic LMI Processes not requiring ports