- 12 minutes to read

Release Notes

Prerequisites for the Pickup LogEvents Service Logging Agent

This page describes the prerequisites to successfully install and run the Nodinite Pickup Log Events Service Logging Agent.

graph LR subgraph "Logging options" roLogSink("fal:fa-bolt Custom Logging Solution") --> roId1["fal:fa-list ActiveMQ Queue"] roLogSink --> roId5["fal:fa-folder File Folder (SMB)"] roLogSink --> roId2["fal:fa-list MSMQ Queue"] roLogSink --> roId8["fal:fa-database SQL Server"] roLogSink --> roId4["fal:fa-database PostgreSQL"] roLogSink --> roId6["fal:fa-list AnypointMQ"] roLogSink --> roId7["fal:fa-stream Azure Event Hub"] roLogSink --> roId3["fal:fa-list Service Bus Queue"] roLogSink --> roAMQP["fal:fa-list AMQP v1.0"] roAPIM["fal:fa-cloud-download APIM with Policy and Event Hub Logger"] roAPIM --> |<200KB| roPolicy1(Policy1) roAPIM --> |>200KB|roPolicy2(Policy2) roPolicy2 --> roBS["fal:fa-boxes Container"] roSLSB["Azure Service Bus Serilog sink"] roSLEH["Azure Event Hub Serilog sink"] roSLBS["Azure Blob Serilog sink"] end subgraph "Nodinite" roLogAPI(fal:fa-cloud-download LogAPI) roPS(fal:fa-truck-pickup Pickup Service)--> roLogAPI roPS -.- |High performance pipe|roDB(fal:fa-database Nodinite Configuration Database) roLogAPI --> roDB roId1 -->|Log Event| roPS roId2 -->|Log Event| roPS roId3 -->|Log Event| roPS roId4 -->|Log Event| roPS roId8 -->|Log Event| roPS roId5 -->|Log Event| roPS roId6 -->|Log Event| roPS roId7 -->|Log Event| roPS roBS -->|Log Event| roPS roSLBS ---> roBS roPolicy1 -->roId7 roSLEH ---> roId7 roSLSB ---> roId3 end

Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information MicrosoftServiceBusRelayingLink) as long as the Log API can be accessed on the configured port. For high performance installations where Log Events are sent directly to the database the Pickup Log Events Service Logging Agent should be installed near the database (i.e. on the same network as Nodinite).

We recommend that you keep this agent close to the Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite server)

Verified	Topic
	Software Requirements
	What ActiveMQ User rights does the Pickup LogEvents Service Logging Agent require?
	What AnypointMQ User rights does the Pickup LogEvents Service Logging Agent require?
	What Azure Event Hub User rights does the Pickup LogEvents Service Logging Agent require?
	What Azure Service Bus User rights does the Pickup LogEvents Service Logging Agent require?
	What File User rights does the Pickup LogEvents Service Logging Agent require?
	What MSMQ User rights does the Pickup LogEvents Service Logging Agent require?
	What PostgreSQL database User Rights does the Pickup LogEvents Service Logging Agent require?
	What SQL Server database User Rights does the Pickup LogEvents Service Logging Agent require?
	What Windows User Rights does the Pickup LogEvents Service Logging Agent require?
	What Firewall settings are required for the Pickup LogEvents Service Logging Agent?

Software Requirements

Product
Windows Server	Windows 2022 Windows 2019 Windows 2016 Windows 2012 R2 Windows 2012
.NET Framework	.NET Framework 4.8 or later ^{New 6.0} Our recommendation is .NET Framework 4.8.1 or later
ActiveMQ	Version 5.0	ActiveMQ using OpenWire
AMQP v1.0/ActiveMQ Artemis	Active MQ Version >=5.0	ActiveMQ using AMQP
AnypointMQ	Anypoint MQ License	One or more Queues must exist. This feature is not available on free trial version and to use this feature you need Anypoint MQ license.
Blobs	Active Azure subscription	Container + Storage account
Event Hub	Active Azure subscription	Event Hub + Storage account (syncpoint)
MSMQ	All MSMQ versions with Windows 2008 R2 and later	If you are using MSMQ
Service Bus	Active Azure subscription	One or more Queues must exist

Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.

What AnypointMQ User rights does the Pickup LogEvents Service Logging Agent require?

The agent uses either basic authentication or connected apps, and you must have configured an account with Admin* rights
- User name
- Password
- Client Id ^{New 6.0.2.0}
- Client Secret^{New 6.0.2.0}

Read more about Security for AnypointMQ here

What ActiveMQ User rights does the Pickup LogEvents Service Logging Agent require?

The agent uses basic authentication and you must have configured an account with Admin rights
- User name
- Password

Read more about Security for ActiveMQ here

What Azure Event Hub User rights does the Pickup LogEvents Service Logging Agent require?

The Pickup Log Events Service Logging Agent uses a Service Bus Connection string with SAS token credentials
The claims must be set as
- Manage
- Listen

For RBAC control: Assign an Azure role for access to blob data

Storage Blob Data Reader or Storage Blob Data Contributor.
The Azure Resource Manager Reader role, at a minimum.

What Azure Service Bus User rights does the Pickup LogEvents Service Logging Agent require?

The Pickup Log Events Service Logging Agent uses a Service Bus Connection string with SAS token credentials
The claims must be set as:
Manage
Listen

What MSMQ User rights does the Pickup LogEvents Service Logging Agent require?

The agent uses integrated security hence the Windows service account used for the Pickup Log Events Service Logging Agent must have appropriate user rights on target queues.
Peek
Read
Delete

What File User rights does the Pickup LogEvents Service Logging Agent require?

The agent uses integrated security hence the Windows service account used for the Pickup Log Events Service Logging Agent must have appropriate user rights on file shares
Read
Write
Delete

What PostgreSQL database User Rights does the Pickup LogEvents Service Logging Agent require?

The Pickup Log Events Service Logging Agent uses credentials provided by the Configuration.

The account being used to logon must have logon, read and write access to the table with the JSON Log Events

What SQL Server database User Rights does the Pickup LogEvents Service Logging Agent require?

The Pickup Log Events Service Logging Agent uses credentials provided by the Configuration. The account being used to logon must have logon, read and write access to the table with the JSON Log Events
public - right to logon
db_datareader - right to read
db_datawriter - right to write
db_ddladmin - better performance

Supported Versions

Cloud technologies are evolving fast and Microsoft deprecates older versions of their API's every now and then. Nodinite will always support the API's supported by Microsoft. This means you need to update Nodinite and our Pickup Log Events Service Logging Agent from time to time.

What Windows User Rights does the Pickup LogEvents Service Logging Agent require?

The agent is installed as a Windows Service usually on the Nodinite application server. Virtual machines are supported.

Local named account or domain account (preferred).
Access and run-time rights
- Follow the 'How to set logon as a Windows service right' user guide for detailed instructions.

What Nodinite SQL user rights does the Pickup LogEvents Service Logging Agent require?

IF you are bypassing the Log API for performance reasons (only valid reason) then the account running the Pickup Log Events Service Logging Agent must have the following rights assigned

Important
db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

All Nodinite specific databases

Configuration Database
- db_datareader
- db_datawriter
- db_ddladmin
- Grant Execute rights on all existing and future stored procedures:

GRANT EXECUTE TO [Domain\user]

Replace [Domain\user] with the Windows account being used for the Pickup Log Events Service Logging Agent

Log Databases (can be multiple )
- db_datareader
- db_datawriter
- db_ddladmin

What Firewall settings are required for the Pickup LogEvents Service Logging Agent?

Regardless of Source for Log Events the Pickup Log Events Service Logging Agent uses DNS.

DNS - Windows needs to know where your servers are (can of course also be solved using hosts)
- 53 both TCP/UDP

The Pickup LogEvents Service Logging Agent has both inbound and outbound communication:

Between the Pickup LogEvents Service Logging Agent and the ActiveMQ broker(s)
Between the Pickup LogEvents Service Logging Agent and the AMQP broker(s)
Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ service
Between the Pickup LogEvents Service Logging Agent and the Azure Event Hub and Storage
Between the Pickup LogEvents Service Logging Agent and Azure Management API (Service Bus)
Between the Pickup LogEvents Service Logging Agent and the File share(s)
Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s)
Between the Pickup LogEvents Service Logging Agent and the PostgreSQL database instances
Between the Pickup LogEvents Service Logging Agent and the SQL Server database instances
Between the Pickup LogEvents Service Logging Agent and the Configuration Database
Between the Pickup LogEvents Service Logging Agent and the Log API

___

1. Between the Pickup LogEvents Service Logging Agent and the ActiveMQ broker(s)

Port	Name	Inbound	Outbound	TCP	UDP	Comment
53	DNS					The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the `hosts` file in each Windows server instance), review the following 'Microsoft' user guide
61616	Remote connection port					Default, actual value may depend on your configuration

If you use SSL or custom ports then additional ports needs to be opened

2. Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ service

Port	Name	Inbound	Outbound	TCP	UDP	Comment
53	DNS					The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the `hosts` file in each Windows server instance), review the following 'Microsoft' user guide
443	HTTPS					default for HTTPS

3. Between the Pickup LogEvents Service Logging Agent and the Event Hub service

The following ports must be open for outbound communication with '*.servicebus.windows.net' from both on-premise and off-site Windows Servers where Agent is installed:

Event Hub

Port	Name	Inbound	Comment
443	HTTPS		Secure outbound traffic
5671, 5672	Secure AMQP
9350 - 9354	Net.TCP
104XX	IF EnableLinkRedirect=true (default) in the Configuration	This option is not yet in use	AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide

Troubleshooting guide: https://learn.microsoft.com/en-us/azure/event-hubs/troubleshooting-guide

Storage

The Administrator may have one or more rules in place in any of the following locations:

Virtual Machine
Storage Account
Virtual Network

If you have enabled rules, you may need to tune these to allow communication.

graph LR subgraph "Nodinite instance" roNI(fal:fa-monitor-waveform Azure Logic Apps
Logging and Monitoring Agent) end subgraph "Azure Virtual Network" roNI --> |Firewall whitelist| roEH(fal:fa-boxes Azure Storage) end

Troubleshooting guide: Configure Azure Storage firewalls and virtual networks

4. Between the Pickup LogEvents Service Logging Agent and Service Bus

Used for Event Hub and Azure Storage, review the Event Hubs frequently asked questions

Please review the Microsoft Azure Management API for additional information.

Port	Name	Inbound	Outbound	TCP	UDP	Comment
443	HTTPS					Secure outbound traffic to Event Hub and Azure Storage
5671, 5672	Secure AMQP					AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide

If you have secured your Azure Storage you may need to allow the IP address facing Internet from where the Pickup Log Events Service Logging Agent, please review the following user guide: Configure Azure Storage firewalls and virtual networks

5. Between the Pickup LogEvents Service Logging Agent and the File share(s)

If you write Log Events to file (a remote file share) then you the Pickup Log Events Service Logging Agent will use the SMB protocol to access the remote file share. The following TCP ports must be open

Port	Name	Comment
53	DNS	The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the `hosts` file in each Windows server instance), review the following 'Microsoft' user guide
135-139	SMB	Microsoft file sharing SMB
445	SMB	Direct-hosted SMB traffic

For the full documentation, please visit the Microsoft SMB: File and printer sharing ports should be open page and Internet firewalls can prevent browsing and file sharing

6. Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s)

Port	Name	Inbound	Outbound	TCP	UDP	Comment
1801	TCP
135	TCP
2101	RPC
2103	RPC
2105	RPC
1801
3527

´*´ Review the Microsoft guide here

7. Between the Pickup LogEvents Service Logging Agent and PostgreSQL instance

PostgreSQL is by default using TCP port 5432 to listen for incoming calls.

Port	Name	Inbound	Outbound	TCP	UDP	Comment
53	DNS					The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the `hosts` file in each Windows server instance), review the following 'Microsoft' user guide
5432	Remote connection port					Default, actual value may depend on your configuration

8. Between the Pickup LogEvents Service Logging Agent and SQL Server instance

Any SQL Server instance with the [LogEvents] table.

Port	Name	Comment
53	DNS	The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the `hosts` file in each Windows server instance), review the following 'Microsoft' user guide
88	Kerberos	Review 'Microsoft Kerberos' user guide
135	DTC/RPC	This port is shared between many Windows Services
1433/...	SQL Server instance ports (multiple)	Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

9. Between the Pickup LogEvents Service Logging Agent and the Log API

When Logging is enabled the Pickup LogEvents Service Logging Agent requires one of the following outbound TCP ports to be open for access the Log Api (configurable)

Port	Name	Comment
53	DNS	The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the `hosts` file in each Windows server instance), review the following 'Microsoft' user guide
80	HTTP	default for HTTP
443	HTTPS	default for HTTPS

Tip
If the Pickup LogEvents Service Logging Agent and the Log API is on the same server you should stick with http for performance since information is not visible outside the server

10. Between the Pickup LogEvents Service Logging Agent and the Configuration Database

In this paragraph you will learn about communcation between the Nodinite Pickup Log Events Service Logging Agent and the Nodinite Configuration Database.

Port	Name	Comment
53	DNS	The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the `hosts` file in each Windows server instance), review the following 'Microsoft' user guide
88	Kerberos	Review 'Microsoft Kerberos' user guide
135	DTC/RPC	This port is shared between many Windows Services
1433/...	SQL Server instance ports (multiple)	Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

Frequently asked questions

Additional solutions to common problems and the FAQ for the Nodinite Pickup Log Events Service Logging Agent exist in the Troubleshooting user guide.

Make sure to subscribe to our Release Notes

Next Step

Install the Pickup LogEvents Service Logging Agent

Administration

Explore Nodinite for 30 days – completely free

See how Nodinite resolves your technical issues, in a

LIVE Demo!