Firewall Rules

This topic applies to both Software Logger and the Logger Appliance.

Before Logger can receive data, some ports must be opened through the firewall.

For Software Logger, you are responsible for setting up the firewall. After you first install or upgrade to Logger 7.2.2, configure the firewall to be open only for the ports described in Default Inbound Ports, and any other ports required for your configuration.

Caution: Micro Focus ArcSight strongly recommends that you configure your firewall so that only the required ports are open.
For the Logger Appliance, the firewall is preconfigured. Micro Focus ArcSight provides a script you can use to update the firewall. See Configuring the Firewall on Logger Appliance for more information.

Tip: Be sure to update the firewall configuration whenever you add or remove any service that requires an open port for incoming traffic, such as a Logger receiver or SNMP polling.

You can configure the firewall on your Logger as you would on any server, by white-listing the appropriate ports in firewalld (for CentOS and RHEL 7.X).

Default Inbound Ports
Service	Logger Appliance	Software Logger root install	Software Logger non-root install
SSH	22/TCP	—	—
HTTPS	443/TCP	443/TCP	9000/TCP *
NTP	123/UDP	—	—
UDP receiver	514/UDP *	514/UDP *	8514/UDP *
TCP receiver	515/TCP *	515/TCP *	8515/UDP *

* Configured port may vary.