- 12 minutes to read

Prerequisites for the Pickup LogEvents Service Logging Agent

This page describes the prerequisites to successfully install and run the Nodinite Pickup Log Events Service Logging Agent.

graph LR subgraph "Logging options" roLogSink("fal:fa-bolt Custom Logging Solution") --> roId1["fal:fa-list ActiveMQ Queue"] roLogSink --> roId5["fal:fa-folder File Folder (SMB)"] roLogSink --> roId2["fal:fa-list MSMQ Queue"] roLogSink --> roId8["fal:fa-database SQL Server"] roLogSink --> roId4["fal:fa-database PostgreSQL"] roLogSink --> roId6["fal:fa-list AnypointMQ"] roLogSink --> roId7["fal:fa-stream Azure Event Hub"] roLogSink --> roId3["fal:fa-list Service Bus Queue"] roLogSink --> roAMQP["fal:fa-list AMQP v1.0"] roAPIM["fal:fa-cloud-download APIM with Policy and Event Hub Logger"] roAPIM --> |<200KB| roPolicy1(Policy1) roAPIM --> |>200KB|roPolicy2(Policy2) roPolicy2 --> roBS["fal:fa-boxes Container"] roSLSB["Azure Service Bus Serilog sink"] roSLEH["Azure Event Hub Serilog sink"] roSLBS["Azure Blob Serilog sink"] end subgraph "Nodinite" roLogAPI(fal:fa-cloud-download LogAPI) roPS(fal:fa-truck-pickup Pickup Service)--> roLogAPI roPS -.- |High performance pipe|roDB(fal:fa-database Nodinite Configuration Database) roLogAPI --> roDB roId1 -->|Log Event| roPS roId2 -->|Log Event| roPS roId3 -->|Log Event| roPS roId4 -->|Log Event| roPS roId8 -->|Log Event| roPS roId5 -->|Log Event| roPS roId6 -->|Log Event| roPS roId7 -->|Log Event| roPS roBS -->|Log Event| roPS roSLBS ---> roBS roPolicy1 -->roId7 roSLEH ---> roId7 roSLSB ---> roId3 end

Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information MicrosoftServiceBusRelayingLink) as long as the Log API can be accessed on the configured port. For high performance installations where Log Events are sent directly to the database the Pickup Log Events Service Logging Agent should be installed near the database (i.e. on the same network as Nodinite).

We recommend that you keep this agent close to the Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite server)

Verified Topic
Software Requirements
What ActiveMQ User rights does the Pickup LogEvents Service Logging Agent require?
What AnypointMQ User rights does the Pickup LogEvents Service Logging Agent require?
What Azure Event Hub User rights does the Pickup LogEvents Service Logging Agent require?
What Azure Service Bus User rights does the Pickup LogEvents Service Logging Agent require?
What File User rights does the Pickup LogEvents Service Logging Agent require?
What MSMQ User rights does the Pickup LogEvents Service Logging Agent require?
What PostgreSQL database User Rights does the Pickup LogEvents Service Logging Agent require?
What SQL Server database User Rights does the Pickup LogEvents Service Logging Agent require?
What Windows User Rights does the Pickup LogEvents Service Logging Agent require?
What Firewall settings are required for the Pickup LogEvents Service Logging Agent?

Software Requirements

Product
Windows Server Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012
.NET Framework .NET Framework 4.8 or later New 6.0
Our recommendation is .NET Framework 4.8.1 or later
ActiveMQ Version 5.0 ActiveMQ using OpenWire
AMQP v1.0/ActiveMQ Artemis Active MQ Version >=5.0 ActiveMQ using AMQP
AnypointMQ Anypoint MQ License One or more Queues must exist.
This feature is not available on free trial version and to use this feature you need Anypoint MQ license.
Blobs Active Azure subscription Container + Storage account
Event Hub Active Azure subscription Event Hub + Storage account (syncpoint)
MSMQ All MSMQ versions with Windows 2008 R2 and later If you are using MSMQ
Service Bus Active Azure subscription One or more Queues must exist

Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.


What AnypointMQ User rights does the Pickup LogEvents Service Logging Agent require?

  • The agent uses either basic authentication or connected apps, and you must have configured an account with Admin* rights
    • User name
    • Password
    • Client Id New 6.0.2.0
    • Client SecretNew 6.0.2.0

Read more about Security for AnypointMQ here


What ActiveMQ User rights does the Pickup LogEvents Service Logging Agent require?

  • The agent uses basic authentication and you must have configured an account with Admin rights
    • User name
    • Password

Read more about Security for ActiveMQ here


What Azure Event Hub User rights does the Pickup LogEvents Service Logging Agent require?

For RBAC control: Assign an Azure role for access to blob data

  • Storage Blob Data Reader or Storage Blob Data Contributor.
  • The Azure Resource Manager Reader role, at a minimum.

What Azure Service Bus User rights does the Pickup LogEvents Service Logging Agent require?


What MSMQ User rights does the Pickup LogEvents Service Logging Agent require?


What File User rights does the Pickup LogEvents Service Logging Agent require?


What PostgreSQL database User Rights does the Pickup LogEvents Service Logging Agent require?

The account being used to logon must have logon, read and write access to the table with the JSON Log Events


What SQL Server database User Rights does the Pickup LogEvents Service Logging Agent require?


Supported Versions

Cloud technologies are evolving fast and Microsoft deprecates older versions of their API's every now and then. Nodinite will always support the API's supported by Microsoft. This means you need to update Nodinite and our Pickup Log Events Service Logging Agent from time to time.


What Windows User Rights does the Pickup LogEvents Service Logging Agent require?

The agent is installed as a Windows Service usually on the Nodinite application server. Virtual machines are supported.


What Nodinite SQL user rights does the Pickup LogEvents Service Logging Agent require?

IF you are bypassing the Log API for performance reasons (only valid reason) then the account running the Pickup Log Events Service Logging Agent must have the following rights assigned

Important

db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

All Nodinite specific databases

  • Configuration Database
    • db_datareader
    • db_datawriter
    • db_ddladmin
    • Grant Execute rights on all existing and future stored procedures:
GRANT EXECUTE TO [Domain\user]

Replace [Domain\user] with the Windows account being used for the Pickup Log Events Service Logging Agent

  • Log Databases (can be multiple )
    • db_datareader
    • db_datawriter
    • db_ddladmin

What Firewall settings are required for the Pickup LogEvents Service Logging Agent?

Regardless of Source for Log Events the Pickup Log Events Service Logging Agent uses DNS.

  • DNS - Windows needs to know where your servers are (can of course also be solved using hosts)
    • 53 both TCP/UDP

The Pickup LogEvents Service Logging Agent has both inbound and outbound communication:

  1. Between the Pickup LogEvents Service Logging Agent and the ActiveMQ broker(s)
  2. Between the Pickup LogEvents Service Logging Agent and the AMQP broker(s)
  3. Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ service
  4. Between the Pickup LogEvents Service Logging Agent and the Azure Event Hub and Storage
  5. Between the Pickup LogEvents Service Logging Agent and Azure Management API (Service Bus)
  6. Between the Pickup LogEvents Service Logging Agent and the File share(s)
  7. Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s)
  8. Between the Pickup LogEvents Service Logging Agent and the PostgreSQL database instances
  9. Between the Pickup LogEvents Service Logging Agent and the SQL Server database instances
  10. Between the Pickup LogEvents Service Logging Agent and the Configuration Database
  11. Between the Pickup LogEvents Service Logging Agent and the Log API
graph LR subgraph "Nodinite Instance" roLogAPI(fal:fa-cloud-download LogAPI) roDB(fal:fa-database Nodinite Databases) roPS(fal:fa-truck-pickup Pickup Service)--> |80.443| roLogAPI roPS --> roDB end subgraph "Azure Cloud / Subscriptions" roAzureAPI(fal:fa-cloud Microsoft Azure API)---roLA(fal:fa-list Service Bus Queues) roPS --> |443| roAzureAPI roEH("far:fa-list Event Hub") roPS -.-> |otherwise 5671, 5672, 9350 - 9354| roEH roAzureAPI -.-> |Using a WebProxy| roEH end subgraph "Source" ro1("fal:fa-list ActiveMQ Queue") ro2("fal:fa-list MSMQ Queue") ro3("fal:fa-folder File Folder") ro4("fal:fa-database PostgreSQL") ro5("fal:fa-database SQL Server") roPS --> |61616| ro1 roPS --> |1801,... | ro2 roPS --> |135, 445,... | ro3 roPS --> |5432| ro4 roPS --> |1433, ...| ro5 end
___

1. Between the Pickup LogEvents Service Logging Agent and the ActiveMQ broker(s)

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
61616 Remote connection port Default, actual value may depend on your configuration

If you use SSL or custom ports then additional ports needs to be opened


2. Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ service

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
443 HTTPS default for HTTPS

3. Between the Pickup LogEvents Service Logging Agent and the Event Hub service

The following ports must be open for outbound communication with '*.servicebus.windows.net' from both on-premise and off-site Windows Servers where Agent is installed:

Event Hub

Port Name Inbound Outbound TCP UDP Comment
443 HTTPS Secure outbound traffic
5671, 5672 Secure AMQP
9350 - 9354 Net.TCP
104XX IF EnableLinkRedirect=true (default) in the Configuration This option is not yet in use AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide

Troubleshooting guide: https://learn.microsoft.com/en-us/azure/event-hubs/troubleshooting-guide

Storage

The Administrator may have one or more rules in place in any of the following locations:

  • Virtual Machine
  • Storage Account
  • Virtual Network

If you have enabled rules, you may need to tune these to allow communication.

graph LR subgraph "Nodinite instance" roNI(fal:fa-monitor-waveform Azure Logic Apps
Logging and Monitoring Agent) end subgraph "Azure Virtual Network" roNI --> |Firewall whitelist| roEH(fal:fa-boxes Azure Storage) end

Troubleshooting guide: Configure Azure Storage firewalls and virtual networks


4. Between the Pickup LogEvents Service Logging Agent and Service Bus

Used for Event Hub and Azure Storage, review the Event Hubs frequently asked questions

Please review the Microsoft Azure Management API for additional information.

Port Name Inbound Outbound TCP UDP Comment
443 HTTPS Secure outbound traffic to Event Hub and Azure Storage
5671, 5672 Secure AMQP AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide

If you have secured your Azure Storage you may need to allow the IP address facing Internet from where the Pickup Log Events Service Logging Agent, please review the following user guide: Configure Azure Storage firewalls and virtual networks


5. Between the Pickup LogEvents Service Logging Agent and the File share(s)

If you write Log Events to file (a remote file share) then you the Pickup Log Events Service Logging Agent will use the SMB protocol to access the remote file share. The following TCP ports must be open

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
135-139 SMB Microsoft file sharing SMB
445 SMB Direct-hosted SMB traffic

For the full documentation, please visit the Microsoft SMB: File and printer sharing ports should be open page and Internet firewalls can prevent browsing and file sharing


6. Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s)

Port Name Inbound Outbound TCP UDP Comment
1801 TCP
135 TCP
2101 RPC
2103 RPC
2105 RPC
1801
3527

´*´ Review the Microsoft guide here


7. Between the Pickup LogEvents Service Logging Agent and PostgreSQL instance

PostgreSQL is by default using TCP port 5432 to listen for incoming calls.

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
5432 Remote connection port Default, actual value may depend on your configuration

8. Between the Pickup LogEvents Service Logging Agent and SQL Server instance

Any SQL Server instance with the [LogEvents] table.

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

9. Between the Pickup LogEvents Service Logging Agent and the Log API

  • When Logging is enabled the Pickup LogEvents Service Logging Agent requires one of the following outbound TCP ports to be open for access the Log Api (configurable)
Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
80 HTTP default for HTTP
443 HTTPS default for HTTPS

Tip

If the Pickup LogEvents Service Logging Agent and the Log API is on the same server you should stick with http for performance since information is not visible outside the server


10. Between the Pickup LogEvents Service Logging Agent and the Configuration Database

In this paragraph you will learn about communcation between the Nodinite Pickup Log Events Service Logging Agent and the Nodinite Configuration Database.

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

Frequently asked questions

Additional solutions to common problems and the FAQ for the Nodinite Pickup Log Events Service Logging Agent exist in the Troubleshooting user guide.

Make sure to subscribe to our Release Notes

Next Step

Install the Pickup LogEvents Service Logging Agent

Administration