Required Ports for SL1
This section describes the ports that must be open on each SL1 appliance. These open ports allow communication between appliances in an SL1 system.
Some PowerPacks also require specific ports to be open for tasks such as monitoring, creating credentials, or gaining access through the firewall. Those ports are also described in this section.
Use the following menu options to navigate the SL1 user interface:
- To view a pop-out list of menu options, click the menu icon ().
- To view a page containing all of the menu options, click the Advanced menu icon ().
Open Ports on the ScienceLogic All-In-One Appliance
Name |
Description |
Protocol |
Port |
HTTP Interface |
HTTP from browser session on user workstation. ScienceLogic recommends disabling HTTP during deployment. |
TCP |
80 |
HTTPS Secure Interface |
Used for browser sessions on a user workstation, API requests from external systems, and requests from the ScienceLogic Agent running on a monitored device. |
TCP |
443 |
Database Web Admin |
Optional. Administrative Web Interface (phpMyAdmin) from browser session on user workstation to Database. |
TCP |
8008 |
SSH |
Optional. For ssh sessions from user workstation. |
TCP |
22
|
Web Configurator |
Configuration Utility from browser session on user workstation.
NOTE: For Military Unique Deployment (MUD) configurations, this utility and port are disabled by default. They can be enabled for initial configuration, but must be disabled again after the configuration process is complete.
|
TCP |
7700 |
SNMP |
Optional. SNMP information about the All-In-One Appliance can be collected by SL1. |
UDP |
161 |
SNMP Traps |
Optional. Can receive SNMP traps from managed devices. |
UDP |
162 |
Syslog messages |
Optional. Can receive syslog messages from managed devices. |
UDP |
514 |
SMTP |
Optional. To receive inbound Email for tickets, events, and email round-trip monitoring. |
TCP |
25 |
NTP |
Communication between the All-In-One Appliance and configured NTP server. |
TCP |
123 |
Open Ports on the ScienceLogic Database Server Appliance
Name |
Description |
Protocol |
Port |
HTTP Interface |
Optional. Can be used if the Database Server also serves as an Administration Portal. |
TCP |
80 |
HTTPS Secure Interface |
Optional. Can be used if the Database Server also serves as an Administration Portal. |
TCP |
443 |
Database Web Admin |
Optional. Administrative Web Interface (PHPMyAdmin) from browser session on user workstation. |
TCP |
8008 |
MariaDB |
Communication from Administration Portal.
Communication from HA-secondary and DR to HA primary.
If you are using HA/DR, you must keep this port open. This port is required for communication between the HA-secondary and DR to the HA-primary appliance. If this port is blocked, the em7service on these databases will fail and could lead to issues such as DR backup not working or inability to license the appliances.
|
TCP |
7706 |
SSH |
Optional. Can be manually closed. For ssh sessions from user workstation. |
TCP |
22
|
Web Configurator |
Configuration Utility from browser session on user workstation.
NOTE: For Military Unique Deployment (MUD) configurations, this utility and port are disabled by default. They can be enabled for initial configuration, but must be disabled again after the configuration process is complete.
|
TCP |
7700 |
SNMP |
Optional. SNMP information about the Database Server can be collected by SL1. |
UDP |
161 |
ScienceLogic HA |
Optional. Communication between Database Server and other Database Server(s) in a high-availability cluster.
|
TCP |
694 |
SMTP |
Optional. Can be manually closed. To receive inbound email for tickets, events, and email round-trip monitoring. |
TCP |
25 |
High Availability |
One of two ports used by the cluster management process to test cluster availability. This port is open only if your Database Server appliance is configured for High Availability. |
UDP |
5555 |
High Availability |
One of two ports used by the cluster management process to test cluster availability. This port is open only if your Database Server appliance is configured for High Availability. |
UDP |
5556 |
DRBD Replication |
This port is open only if your Database Server appliance is configured for High Availability, Disaster Recovery, or both. |
TCP |
7788 |
DRBD Replication |
This port is open only if your Database Server appliance is configured for High Availability, Disaster Recovery, or both. |
TCP |
7789 |
PhoneHome Configuration |
This port is open only if your Database Server appliance is configured for PhoneHome communication from Data Collectors and Message Collectors. The port number is configurable, but only for non-SaaS systems. |
TCP |
7705 |
Open Ports on the ScienceLogic Administration Portal Appliance
Name |
Description |
Protocol |
Port |
HTTP Interface |
HTTP from browser session on user workstation. |
TCP |
80 |
HTTPS Secure Interface |
Used for browser sessions on a user workstation and API requests from external systems. |
TCP |
443 |
SSH |
Optional. For ssh sessions from user workstation. |
TCP |
22
|
Web Configurator |
Configuration Utility from browser session on user workstation.
NOTE: For Military Unique Deployment (MUD) configurations, this utility and port are disabled by default. They can be enabled for initial configuration, but must be disabled again after the configuration process is complete.
|
TCP |
7700 |
SNMP |
Optional. SNMP information about the Administration Portal can be collected by SL1. |
UDP |
161 |
High Availability |
Required when using Quorum with High Availability or High Availability and Disaster Recovery. |
TCP |
5403 |
Open Ports on the ScienceLogic Data Collector Appliance
Name |
Description |
Protocol |
Port |
Data Pull |
Requests from Database Servers to retrieve collected data. In a PhoneHome configuration, this port is accessed via an SSH tunnel created by the Data Collector. |
TCP |
7707 |
SSH |
Optional. For ssh sessions from user workstation. |
TCP |
22
|
Web Configurator |
Configuration Utility from browser session on user workstation.
NOTE: For Military Unique Deployment (MUD) configurations, this utility and port are disabled by default. They can be enabled for initial configuration, but must be disabled again after the configuration process is complete.
|
TCP |
7700 |
SNMP |
Optional. SNMP information about the Data Collector can be collected by SL1. |
UDP |
161 |
SNMP Traps |
Optional. Can receive SNMP traps from managed devices. |
UDP |
162 |
Syslog messages |
Optional. Can receive syslog messages from managed devices. |
UDP |
514 |
HTTPS Secure Interface |
Optional. Data from the ScienceLogic Agent running on a monitored device. |
TCP |
443 |
Open Ports on the ScienceLogic Message Collector Appliance
Name |
Description |
Protocol |
Port |
Data Pull |
Requests from Database Servers to retrieve collected data. In a PhoneHome configuration, this port is accessed via an SSH tunnel created by the Message Collector. |
TCP |
7707 |
SSH |
Optional. For ssh sessions from user workstation. |
TCP |
22
|
Web Configurator |
Configuration Utility from browser session on user workstation.
NOTE: For Military Unique Deployment (MUD) configurations, this utility and port are disabled by default. They can be enabled for initial configuration, but must be disabled again after the configuration process is complete.
|
TCP |
7700 |
SNMP |
Optional. SNMP information about the Message Collector can be collected by SL1. |
UDP |
161 |
SNMP Traps |
Optional. Can receive SNMP traps from managed devices. |
UDP |
162 |
Syslog messages |
Optional. Can receive syslog messages from managed devices. |
UDP |
514 |
HTTPS Secure Interface |
Optional. Data from the ScienceLogic Agent running on a monitored device. |
TCP |
443 |
Open Ports for ScienceLogic Subscription Billing
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required. Secure interface must be open for the Subscription Billing process to send information to ScienceLogic. |
TCP |
443 |
Open Ports for ScienceLogic PowerPacks
ScienceLogic recommends reviewing the required port data for each PowerPack below. Some PowerPacks require specific ports for tasks such as monitoring, creating credentials, or gaining access through the firewall.
Many PowerPacks can be configured so that you can connect with the third-party platform via a proxy server. When you do so, you will need to open a port on that proxy server as well as in SL1 to establish communication between the two platforms.
For more information about the configuration requirements for the PowerPacks below or other PowerPacks that are not included in this section, see the SL1 PowerPacks documentation.
Apcon
Name |
Description |
Protocol |
Port |
SNMP |
Required for SNMP credential. |
UDP |
161 |
Cisco: Cloud Services Platform
Name |
Description |
Protocol |
Port |
SNMP |
Required for monitoring CSP clusters with SNMP community string read privileges, or if you have to create two SNMP credentials for CSP clusters. |
UDP |
161 |
SNMP |
Required if you have to create two SNMP credentials for CSP clusters. |
TCP |
1610 |
Cisco: Contact Center Enterprise
Name |
Description |
Protocol |
Port |
REST API |
Required for monitoring Contact Center Enterprise using REST API. |
TCP |
7890 |
Cisco: CUCM
Name |
Description |
Protocol |
Port |
PhoneHome Configuration |
Potentially required based on your configuration. Requests from the PhoneHome Collector to the Database Server to retrieve collected data. |
TCP |
7707 |
PhoneHome Configuration |
Potentially required based on your configuration. Requests from the Database Server to the Data Collector to retrieve collected data. |
TCP |
7705 |
SNMP |
Potentially required based on your configuration. Enables communication between SL1 Data Collector and the Cisco Unified CM cluster and CallManagers. |
UDP |
161 |
Cisco Unified Communications Manager |
Potentially required based on your configuration. Enables communication between SL1 Data Collector and the Cisco Unified CM cluster and CallManagers.
The example credential included in older versions of the Cisco: CUCM Unified Communications Manager PowerPack used "80" as the default port number. If your Cisco Unified CM credential specifies port 80, SL1 will automatically override that value and use port 8443 instead. If your Cisco Unified CM credential specifies any port other than 80, SL1 will use that specified port.
|
TCP |
8443 |
Cisco: ESA
Name |
Description |
Protocol |
Port |
SNMP |
Required for SNMP credential. |
UDP |
161 |
Cisco: Meeting Server
Name |
Description |
Protocol |
Port |
SNMP |
Required for creating an SNMP credential for one IP address. |
UDP |
161 |
SSH |
Required for creating a Basic/Snippet credential for one IP address or creating a Basic/Snippet credential on a system Mainboard Management Processor interface if monitoring more than one IP address. |
TCP |
22 |
HTTPS Secure Interface |
Required for creating a Basic/Snippet credential for the API interface if monitoring more than one IP address. |
TCP |
443 |
Cisco: UC Ancillary
Name |
Description |
Protocol |
Port |
SSH |
Required for SSH/Key credential. |
TCP |
22 |
Cisco: UC VOS Applications
Name |
Description |
Protocol |
Port |
Proxy Server |
Used for proxy server port in SOAP/XML credential. |
TCP |
0 |
HTTPS Secure Interface |
Required for creating a Basic/Snippet credential for REST API queries to Cisco Unity Connection servers and Cisco IM & Presence servers. |
TCP |
443 |
Cisco: UCS
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required for discovering UCS Manager over HTTPS. |
TCP |
443 |
Cisco: UCS Director
Name |
Description |
Protocol |
Port |
HTTP |
Required for discovering UCS Director over HTTP. |
TCP |
80 |
Cisco: UCS Standalone Rack Server
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required for discovering UCS Rack Server over HTTPS. |
TCP |
443 |
Cisco: Viptela
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required for discovering Viptela over HTTPS. |
TCP |
443 |
Citrix: Xen
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required for the Citrix: Xen Basic/Snippet credential. |
TCP |
443 |
Dell EMC: VMAX
Name |
Description |
Protocol |
Port |
HTTP |
Required for connecting to an SMI-S Provider over HTTP. |
TCP |
5988 |
HTTPS |
Required for connecting to an SMI-S Provider over HTTPS. |
TCP |
5989 |
Dell EMC: VNX
Name |
Description |
Protocol |
Port |
HTTP |
Required for connecting to an SMI-S Providerover HTTP. |
TCP |
5988 |
HTTPS |
Required for connecting to an SMI-S Provider over HTTPS. |
TCP |
5989 |
Dell EMC: XtremIO
Name |
Description |
Protocol |
Port |
Proxy Server |
Used for proxy server port in SOAP/XML credential. |
TCP |
0 |
HTTPS Secure Interface |
Required for discovering Dell EMC XtremIO devices. |
TCP |
443 |
ELK: AWS CloudTrail
Name |
Description |
Protocol |
Port |
Elasticsearch |
Required for the ELK: AWS Basic/Snippet credential. |
TCP |
9200 |
ELK: Azure Activity Log
Name |
Description |
Protocol |
Port |
Elasticsearch |
Required for the ELK: Azure Activity Log Basic/Snippet credential. |
TCP |
9200 |
Hitachi Data Systems: VSP
Name |
Description |
Protocol |
Port |
HTTPS |
Required for connecting to an SMI-S Provider over HTTPS. |
TCP |
5989 |
HP 3PAR: SMI-S
Name |
Description |
Protocol |
Port |
HTTPS |
Required for connecting to an SMI-S Provider over HTTPS. |
TCP |
5989 |
IBM: AIX Monitoring
Name |
Description |
Protocol |
Port |
SSH |
Required for SSH/Key credential. |
TCP |
22 |
Kubernetes
Name |
Description |
Protocol |
Port |
SSH |
Typically used for connecting to Kubernetes nodes via SSH. |
TCP |
22 |
HTTPS |
Can be used for connecting to Kubernetes cluster via HTTPS. |
TCP |
443 |
HTTPS |
Can be used for connecting to Kubernetes cluster via HTTPS. If you would prefer to configure a customized IP port other than 443 or 8443, you can do so. For more information, see the section on Configuring Customized IP Ports in the Monitoring Kubernetes manual. |
TCP |
8443 |
Linux: Base Pack
Name |
Description |
Protocol |
Port |
SSH |
Required for SSH/Key credential. |
TCP |
22 |
Linux: SSH Automations
Name |
Description |
Protocol |
Port |
SSH |
Required for SSH/Key credential. |
TCP |
22 |
Microsoft: Azure
Name |
Description |
Protocol |
Port |
SNMP |
When using the run book automations included in the PowerPack to discover physical devices, allows the discovery session to use SNMP credentials. |
UDP |
161 |
PowerShell (HTTP) |
When using the run book automations included in the PowerPack to discover physical devices, allows the discovery session to use PowerShell credentials over HTTP. |
TCP |
5985 |
PowerShell (HTTPS) |
When using the run book automations included in the PowerPack to discover physical devices, allows the discovery session to use PowerShell credentials over HTTPS. |
TCP |
5986 |
Microsoft: SQL Server Enhanced
Name |
Description |
Protocol |
Port |
PowerShell (HTTP) |
Required for users who want to connect to a SQL server using PowerShell credentials over HTTP. |
TCP |
5985 |
Microsoft: Automation PowerPacks
Name |
Description |
Protocol |
Port |
DNS Server |
Required for forward and reverse DNS server availability for the Windows server. |
TCP |
53 |
Kerberos Authentication |
Required for Kerberos authentication if using an Active Directory user account to access the Windows Domain Controller. |
UDP |
88 |
PowerShell (HTTP) |
Required if connecting using PowerShell credentials over HTTP. |
TCP |
5985 |
PowerShell (HTTPS) |
Required if connecting using PowerShell credentials over HTTPS. |
TCP |
5986 |
Mongo DB
Name |
Description |
Protocol |
Port |
MongoDB Server |
Required when creating a MongoDB credential. |
TCP |
27017 |
SSH |
Optional, but required if including SSH settings in the MongoDB credential. |
TCP |
22 |
Monitoring Switches, Routers, and Firewalls with SNMP
Name |
Description |
Protocol |
Port |
SNMP |
Required for SNMP credential. |
UDP |
161 |
Monitoring Windows Systems with PowerShell
Name |
Description |
Protocol |
Ports |
SNMP |
Required for SNMP credential |
UDP |
161 |
SNMP |
At least one of the additional listed ports must be open on the device to discover SNMP-enabled Windows devices. |
TCP |
21, 22, 23, 25, or 80 |
DNS Server |
Required for forward and reverse DNS server availability for the Windows server. |
TCP |
53 |
Kerberos Authentication |
Required for Kerberos authentication if using an Active Directory user account to access the Windows Domain Controller. |
UDP |
88 |
PowerShell (HTTP) |
Required if connecting using PowerShell credentials over HTTP. |
TCP |
5985 |
PowerShell (HTTPS) |
Required if connecting using PowerShell credentials over HTTPS. |
TCP |
5986 |
Monitoring Windows Systems with WMI
Name |
Description |
Protocol |
Ports |
SNMP |
Required for SNMP credential |
UDP |
161 |
SNMP |
At least one of the additional listed ports must be open on the device to discover SNMP-enabled Windows devices. |
TCP |
21, 22, 23, 25, or 80 |
DNS Server |
Required for forward and reverse DNS server availability for the Windows server. |
TCP |
53 |
WMI |
Required for incoming network traffic to the remote machine. |
TCP |
135 |
WMI |
Required for incoming network traffic to the remote machine. |
TCP |
445 |
WMI |
In addition to ports 135 and 445, additional dynamically assigned ports must be open, typically in the listed ranges. |
TCP |
1025-5000, 49152-65535 |
MySQL
Name |
Description |
Protocol |
Port |
MySQL Server SSL Certificate |
When configuring a SOAP/XML credential to support loading your SSL certificate on a database connection, you can specify one port or a range or ports. This will be based on your MySQL instance. For more information, see the section on Creating a SOAP/XML Credential for an SSL Certificate in the Monitoring MySQL manual. |
N/A |
N/A |
NetApp Base Pack
Name |
Description |
Protocol |
Port |
HTTP (FIPS Mode) |
Used for the NetAPP C-Mode appliance credential if SL1 is running in FIPS-compliant mode. |
TCP |
80 |
SNMP |
Required for SNMP credential. |
UDP |
161 |
OpenStack
Name |
Description |
Protocol |
Port |
Proxy Server |
Used for proxy server port in SOAP/XML credential. |
TCP |
0 |
Oracle: Database
Name |
Description |
Protocol |
Port |
SSH |
Required for SSH/Key credential for Linux users. |
TCP |
22 |
PowerShell (HTTP) |
Required for Windows users who want to connect using PowerShell credentials over HTTP. |
TCP |
5985 |
PowerShell (HTTPS) |
Required for Windows users who want to connect using PowerShell credentials over HTTPS. |
TCP |
5986 |
Palo Alto
Name |
Description |
Protocol |
Port |
SNMP |
Required for SNMP credential. |
UDP |
161 |
HTTPS Secure Interface |
Required for the Palo Alto Basic/Snippet credential. |
TCP |
443 |
Pure Storage: Flash Array
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required for discovering Pure Storage components over HTTPS or via API. |
TCP |
443 |
Restorepoint Automation PowerPack
Name |
Description |
Protocol |
Port |
SSH |
Required for SSH/Key credential. |
TCP |
22 |
SL1 PowerFlow
Name |
Description |
Protocol |
Port |
SSH |
Required for SSH/Key credential. |
TCP |
22 |
SMI-S: Array
Name |
Description |
Protocol |
Port |
HTTPS |
Required for connecting to an SMI-S Provider over HTTPS. |
TCP |
5989 |
SoftLayer: Cloud
Name |
Description |
Protocol |
Port |
HTTP |
Required for discovering Softlayer: Cloud over HTTP. |
TCP |
80 |
VMware: NSX
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required for the VMware: NSX Basic/Snippet credential.
|
TCP |
443 |
VMware: NSX-T
Name |
Description |
Protocol |
Port |
HTTPS Secure Interface |
Required for the VMware: NSX-T Basic/Snippet credential.
|
TCP |
443 |