Required Port number from Event Sources to Log collector and Vise Versa
Can any one help me to get the document to know about all the required ports to integrate event source with SA for event collection. Like esxi, windows, cisco, exchange etc.
- Community Thread
- Forum Thread
- RSA NetWitness Endpoint
- RSA NetWitness Platform
It will obviously depend on the event source type and whether or not the event source is using default ports or not. The guides to setting up supported event sources can be found here: https://community.rsa.com/community/products/netwitness/parser-network/event-sources
Windows collection for example; could use 80, 443, 5985 or 5986 for agentless log collection depending on the version of Windows you are running. If you are setting up database logging, you might be looking at port 1433-1434 for MSSQL or 1521 for an Oracle database. The ports aren't set in stone though, so you will need to talk with the event source owner to get the connection parameters as the defaults aren't always used. Hopefully that's useful!