Prerequisites for the Pickup LogEvents Service Logging Agent
Get ready for a seamless, high-performance logging experience with the Nodinite Pickup LogEvents Service Logging Agent. This page provides everything you need to prepare your environment for secure, reliable, and scalable integration—whether on-premises or in the cloud.
On this page, you will learn how to:
✅ Ensure your environment meets all software and platform requirements
✅ Configure user rights and firewall settings for secure operation
✅ Optimize for high-performance, on-premises or cloud deployments
✅ Apply best practices for integrating with message brokers, databases, and file systems
This page details the prerequisites for successfully installing and running the Nodinite Pickup Log Events Service Logging Agent.
The diagram above illustrates the supported logging options and how the Pickup LogEvents Service Logging Agent integrates With Nodinite, message brokers, file systems, and databases.
You can install this agent on-premises using TCP/IP for local network access or in the cloud/off-site using Service Bus Relaying. As long as the Log API is accessible on the configured port, you can deploy flexibly. For high-performance installations, install the agent close to the database (ideally on the same network as Nodinite).
We recommend installing this agent near the Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite server).
Software Requirements
|Product|||
|---|---|---|
|Windows Server|Windows 2025
Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012||
|.NET Framework |.NET Framework 4.8 or later
Our recommendation is .NET Framework 4.8.1 or later||
|ActiveMQ |Version 5.0| ActiveMQ using OpenWire|
|AMQP v1.0/ActiveMQ Artemis |Active MQ Version >=5.0|ActiveMQ using AMQP|
|AnypointMQ |Anypoint MQ License | One or more Queues must exist.
This feature is not available on free trial version and to use this feature you need Anypoint MQ license.|
|Blobs|Active Azure subscription | Container + Storage account|
|Event Hub |Active Azure subscription | Event Hub + Storage account (syncpoint)|
|MSMQ |All MSMQ versions with Windows 2008 R2 and later |If you are using MSMQ|
|Service Bus |Active Azure subscription | One or more Queues must exist|
Versions 6.0 and later require .NET Framework 4.8 or later.
Versions 5.4 and later require .NET Framework 4.6.2 or later.
Versions before 5.4 require .NET Framework 4.5.2 or later.
What AnypointMQ User rights does the Pickup LogEvents Service Logging Agent require?
- The agent uses either basic authentication or connected apps, and you must configure an account with Admin rights
- User name
- Password
- Client Id
- Client Secret
Read more about security for AnypointMQ here
What ActiveMQ User rights does the Pickup LogEvents Service Logging Agent require?
- The agent uses basic authentication and you must configure an account with Admin rights
- User name
- Password
Read more about security for ActiveMQ here
What Azure Event Hub User rights does the Pickup LogEvents Service Logging Agent require?
- The Pickup Log Events Service Logging Agent uses a Service Bus Connection string with SAS token credentials.
The claims must be set as:- Manage
- Listen
For RBAC control:
Assign an Azure role for access to blob data
- Storage Blob Data Reader or Storage Blob Data Contributor.
- The Azure Resource Manager Reader role, at a minimum.
What Azure Service Bus User rights does the Pickup LogEvents Service Logging Agent require?
- The Pickup Log Events Service Logging Agent uses a Service Bus Connection string with SAS token credentials.
The claims must be set as: - Manage
- Listen
What MSMQ User rights does the Pickup LogEvents Service Logging Agent require?
- The agent uses integrated security, so the Windows service account for the Pickup Log Events Service Logging Agent must have appropriate user rights on target queues.
- Peek
- Read
- Delete
What File User rights does the Pickup LogEvents Service Logging Agent require?
- The agent uses integrated security, so the Windows service account for the Pickup Log Events Service Logging Agent must have appropriate user rights on file shares.
- Read
- Write
- Delete
What PostgreSQL database User Rights does the Pickup LogEvents Service Logging Agent require?
- The Pickup Log Events Service Logging Agent uses credentials provided by the Configuration.
The account must have logon, read, and write access to the table with the JSON Log Events.
What SQL Server database User Rights does the Pickup LogEvents Service Logging Agent require?
The Pickup Log Events Service Logging Agent uses credentials provided by the Configuration.
The account must have logon, read, and write access to the table with the JSON Log Events.public - right to logon
db_datareader - right to read
db_datawriter - right to write
db_ddladmin - better performance
Supported Versions
Cloud technologies evolve rapidly, and Microsoft deprecates older API versions periodically. Nodinite always supports the APIs supported by Microsoft. You must update Nodinite and the Pickup Log Events Service Logging Agent as needed.
What Windows User Rights does the Pickup LogEvents Service Logging Agent require?
The agent is installed as a Windows Service, usually on the Nodinite application server. Virtual machines are supported.
- Local named account or domain account (preferred).
- Access and run-time rights
- Follow the 'How to set logon as a Windows service right' user guide for detailed instructions.
What Nodinite SQL user rights does the Pickup LogEvents Service Logging Agent require?
If you are bypassing the Log API for performance reasons (the only valid reason), then the account running the Pickup Log Events Service Logging Agent must have the following rights assigned:
db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially for remote servers (linked servers). Read more here. Contact our support if you have any questions.
All Nodinite specific databases:
- Configuration Database
- db_datareader
- db_datawriter
- db_ddladmin
- Grant Execute rights on all existing and future stored procedures:
GRANT EXECUTE TO [Domain\user]
Replace [Domain\user] with the Windows account used for the Pickup Log Events Service Logging Agent.
- Log Databases (can be multiple)
- db_datareader
- db_datawriter
- db_ddladmin
What Firewall settings are required for the Pickup LogEvents Service Logging Agent?
Regardless of the source for Log Events, the Pickup Log Events Service Logging Agent uses DNS.
- DNS - Windows must know where your servers are (this can also be solved using hosts)
- 53 both TCP/UDP
The Pickup LogEvents Service Logging Agent has both inbound and outbound communication:
- Between the Pickup LogEvents Service Logging Agent and the ActiveMQ broker(s)
- Between the Pickup LogEvents Service Logging Agent and the AMQP broker(s)
- Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ service
- Between the Pickup LogEvents Service Logging Agent and the Azure Event Hub and Storage
- Between the Pickup LogEvents Service Logging Agent and Azure Management API (Service Bus)
- Between the Pickup LogEvents Service Logging Agent and the File share(s)
- Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s)
- Between the Pickup LogEvents Service Logging Agent and the PostgreSQL database instances
- Between the Pickup LogEvents Service Logging Agent and the SQL Server database instances
- Between the Pickup LogEvents Service Logging Agent and the Configuration Database
- Between the Pickup LogEvents Service Logging Agent and the Log API
- ActiveMQs
- AMQP
- AnypointMQs
- BlobContainers
- EventHubs
- Service Bus Queues
- Folders
- MSMQs
- PostgreSQLs
- SQLServers
The diagram above shows the network communication paths and required ports for the Pickup LogEvents Service Logging Agent, Nodinite, and related services.
1. Between the Pickup LogEvents Service Logging Agent and the ActiveMQ Broker(s)
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The agent must know where your other servers/services are (can also be solved with user-defined entries in the hosts file in each Windows server instance). Review the 'Microsoft' user guide. |
||||
| 61616 | Remote connection port | Default, actual value may depend on your configuration |
If you use SSL or custom ports, additional ports must be opened.
2. Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ Service
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The agent must know where your other servers/services are (can also be solved with user-defined entries in the hosts file in each Windows server instance). Review the 'Microsoft' user guide. |
||||
| 443 | HTTPS | Default for HTTPS |
3. Between the Pickup LogEvents Service Logging Agent and the Event Hub Service
The following ports must be open for outbound communication with '*.servicebus.windows.net' from both on-premises and off-site Windows Servers where the agent is installed:
Event Hub
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 443 | HTTPS | Secure outbound traffic | ||||
| 5671, 5672 | Secure AMQP | |||||
| 9350 - 9354 | Net.TCP | |||||
| 104XX | IF EnableLinkRedirect=true (default) in the Configuration | This option is not yet in use | AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide |
Troubleshooting guide: https://learn.microsoft.com/en-us/azure/event-hubs/troubleshooting-guide
Storage
The administrator may have one or more rules in place in any of the following locations:
- Virtual Machine
- Storage Account
- Virtual Network
If you have enabled rules, you may need to tune these to allow communication.
Logging and Monitoring Agent) end subgraph "Azure Virtual Network" roNI --> |Firewall whitelist| roEH(fal:fa-boxes Azure Storage) end
Troubleshooting guide: Configure Azure Storage firewalls and virtual networks
4. Between the Pickup LogEvents Service Logging Agent and Service Bus
Used for Event Hub and Azure Storage. Review the Event Hubs frequently asked questions.
Please review the Microsoft Azure Management API for additional information.
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 443 | HTTPS | Secure outbound traffic to Event Hub and Azure Storage | ||||
| 5671, 5672 | Secure AMQP | AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide |
If you have secured your Azure Storage, you may need to allow the IP address facing the Internet from where the Pickup Log Events Service Logging Agent runs. Please review the following user guide: Configure Azure Storage firewalls and virtual networks
5. Between the Pickup LogEvents Service Logging Agent and the File Share(s)
If you write Log Events to a file (a remote file share), the Pickup Log Events Service Logging Agent will use the SMB protocol to access the remote file share.
The following TCP ports must be open:
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The agent must know where your other servers/services are (can also be solved with user-defined entries in the hosts file in each Windows server instance). Review the 'Microsoft' user guide. |
||||
| 135-139 | SMB | Microsoft file sharing SMB | ||||
| 445 | SMB | Direct-hosted SMB traffic |
For the full documentation, visit the Microsoft SMB: File and printer sharing ports should be open page and Internet firewalls can prevent browsing and file sharing
6. Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s)
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 1801 | TCP | |||||
| 135 | TCP | |||||
| 2101 | RPC | |||||
| 2103 | RPC | |||||
| 2105 | RPC | |||||
| 1801 | ||||||
| 3527 |
Review the Microsoft guide here.
7. Between the Pickup LogEvents Service Logging Agent and PostgreSQL Instance
PostgreSQL by default uses TCP port 5432 to listen for incoming calls.
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The agent must know where your other servers/services are (can also be solved with user-defined entries in the hosts file in each Windows server instance). Review the 'Microsoft' user guide. |
||||
| 5432 | Remote connection port | Default, actual value may depend on your configuration |
8. Between the Pickup LogEvents Service Logging Agent and SQL Server Instance
Any SQL Server instance with the [LogEvents] table.
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The agent must know where your other servers/services are (can also be solved with user-defined entries in the hosts file in each Windows server instance). Review the 'Microsoft' user guide. |
||||
| 88 | Kerberos | Review 'Microsoft Kerberos' user guide | ||||
| 135 | DTC/RPC | This port is shared between many Windows Services | ||||
| 1433/... | SQL Server instance ports (multiple) | Depends on policies and settings on the target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide |
9. Between the Pickup LogEvents Service Logging Agent and the Log API
- When logging is enabled, the Pickup LogEvents Service Logging Agent requires one of the following outbound TCP ports to be open to access the Log API (configurable):
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The agent must know where your other servers/services are (can also be solved with user-defined entries in the hosts file in each Windows server instance). Review the 'Microsoft' user guide. |
||||
| 80 | HTTP | Default for HTTP | ||||
| 443 | HTTPS | Default for HTTPS |
Tip
If the Pickup LogEvents Service Logging Agent and the Log API are on the same server, you should use HTTP for performance, since information is not visible outside the server.
10. Between the Pickup LogEvents Service Logging Agent and the Configuration Database
This section describes the communication between the Nodinite Pickup Log Events Service Logging Agent and the Nodinite Configuration Database.
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The agent must know where your other servers/services are (can also be solved with user-defined entries in the hosts file in each Windows server instance). Review the 'Microsoft' user guide. |
||||
| 88 | Kerberos | Review 'Microsoft Kerberos' user guide | ||||
| 135 | DTC/RPC | This port is shared between many Windows Services | ||||
| 1433/... | SQL Server instance ports (multiple) | Depends on policies and settings on the target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide |
Frequently Asked Questions
Find additional solutions to common problems and the FAQ for the Nodinite Pickup Log Events Service Logging Agent in the Troubleshooting user guide.
Make sure to subscribe to our Release Notes.
Next Step
Install the Pickup LogEvents Service Logging Agent