Ports for Windows server log collection
Which ports do I need to open for collecting logs from windows servers?
Far as I know it's 5985 or 5986, bi-directional, between the windows event source and rsa sa log collector. Do I also need to open port 80 or 443, bi-directional?
Also, is it TCP or UDP?
Please let me know what it is for port 514 as well - TCP or UDP?
- Community Thread
- Forum Thread
- Log Collector
- remote log collector
- RSA NetWitness
- RSA NetWitness Platform
- rsa sa
- virtual log collector
- windows event collection
- windows event logs
So I need both ports 80/443 and 5985/5986 open to collect logs from the windows event, correct?
Also, what of port 88? I've not had it open earlier. What exactly does it collect from KDC?
As far as I know only 5985/5986 is used and not 80/443. You may want to monitor this connection to validate this.
Port 88 is used for the log collector to collect a KDC to obtain a Kerberos ticket. This ticket is used to authentic the connection to your target windows hosts