- 7 minutes to read

Prerequisites for the Pickup LogEvents Service Logging Agent

Get ready for a seamless, high-performance logging experience with the Nodinite Pickup LogEvents Service Logging Agent. This page provides everything you need to prepare your environment for secure, reliable, and scalable integration—whether on-premises or in the cloud.

On this page, you will learn how to:

  • ✅ Ensure your environment meets all software and platform requirements
  • ✅ Configure user rights and firewall settings for secure operation
  • ✅ Optimize for high-performance, on-premises or cloud deployments
  • ✅ Apply best practices for integrating with message brokers, databases, and file systems

This page details the prerequisites for successfully installing and running the Nodinite Pickup Log Events Service Logging Agent.

graph LR subgraph "Logging options" roLogSink("fal:fa-bolt Custom Logging Solution") --> roId1["fal:fa-list ActiveMQ Queue"] roLogSink --> roId5["fal:fa-folder File Folder (SMB)"] roLogSink --> roId2["fal:fa-list MSMQ Queue (deprecated)"] roLogSink --> roId8["fal:fa-database SQL Server"] roLogSink --> roId4["fal:fa-database PostgreSQL"] roLogSink --> roId6["fal:fa-list AnypointMQ"] roLogSink --> roId7["fal:fa-stream Azure Event Hub"] roLogSink --> roId3["fal:fa-list Service Bus Queue"] roLogSink --> roAMQP["fal:fa-list AMQP v1.0"] roAPIM["fal:fa-cloud-arrow-down APIM with Policy and Event Hub Logger"] roAPIM --> |<200KB| roPolicy1(Policy1) roAPIM --> |>200KB|roPolicy2(Policy2) roPolicy2 --> roBS["fal:fa-boxes Container"] roSLSB["Azure Service Bus Serilog sink"] roSLEH["Azure Event Hub Serilog sink"] roSLBS["Azure Blob Serilog sink"] end subgraph "Nodinite" roLogAPI(fal:fa-cloud-arrow-down LogAPI) roPS(fal:fa-truck-pickup Pickup Service)--> roLogAPI roPS -.- |High performance pipe|roDB(fal:fa-database Nodinite Configuration Database) roLogAPI --> roDB roId1 -->|Log Event| roPS roId2 -->|Log Event| roPS roId3 -->|Log Event| roPS roId4 -->|Log Event| roPS roId8 -->|Log Event| roPS roId5 -->|Log Event| roPS roId6 -->|Log Event| roPS roId7 -->|Log Event| roPS roBS -->|Log Event| roPS roSLBS ---> roBS roPolicy1 -->roId7 roSLEH ---> roId7 roSLSB ---> roId3 end

The diagram above illustrates the supported logging options and how the Pickup LogEvents Service Logging Agent integrates With Nodinite, message brokers, file systems, and databases.

You can install this agent on-premises using TCP/IP for local network access or in the cloud/off-site using Service Bus Relaying. As long as the Log API is accessible on the configured port, you can deploy flexibly. For high-performance installations, install the agent close to the database (ideally on the same network as Nodinite).

We recommend installing this agent near the Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite server).

Verified Topic
Software Requirements
Source System User Rights
Windows User Rights
Nodinite SQL User Rights
Firewall Requirements

Software Requirements

Versions 7.0.4 and later require .NET 10 Hosting Bundle.

Platform Requirements

Component Version Notes
Windows Server 2025, 2022, 2019, 2016, 2012 R2, 2012 Virtual machines supported
.NET 10 Hosting Bundle New 7.0.4 Required for v7.0.4+ Download from Microsoft
.NET Framework 4.8 or later (recommend 4.8.1+) Required for pre-7.0.4 versions

Message Queue Systems

System Version Notes
ActiveMQ 5.0+ Using OpenWire protocol
AMQP v1.0/ActiveMQ Artemis Active MQ 5.0+ Using AMQP protocol
AnypointMQ Anypoint MQ License One or more Queues must exist. Not available on free trial. Requires Anypoint MQ license
MSMQ Windows 2008 R2+ All MSMQ versions supported

Azure Services

Service Requirements Notes
Service Bus Active Azure subscription One or more Queues must exist
Event Hub Active Azure subscription Event Hub + Storage account (for checkpointing)
Blob Storage Active Azure subscription Container + Storage account

Database Systems

Database Version Notes
SQL Server 2012+ All editions supported. See SQL Connection Strings for connection details
PostgreSQL 9.0+ Supported for log event storage

Versions 6.0 and later require .NET Framework 4.8 or later.
Versions 5.4 and later require .NET Framework 4.6.2 or later.
Versions before 5.4 require .NET Framework 4.5.2 or later.

Source System User Rights

The Pickup Service requires specific permissions on each source system. Configure credentials and permissions according to your source type:

Message Queue Systems

ActiveMQ - Basic authentication with Admin rights (ActiveMQ security)

AMQP - Basic authentication with Admin rights

Anypoint MQ - Basic auth or Connected Apps with Admin rights (AnypointMQ security)

MSMQ - Integrated Windows security: Peek, Read, Delete permissions

Azure Cloud Services

Azure Service Bus - SAS token connection string with Manage + Listen claims

Azure Event Hub - SAS token connection string with Manage + Listen claims; Storage account requires Blob Data Reader/Contributor role

Azure Blob Storage - Storage account connection string with appropriate access permissions

File Systems

File Shares - Integrated Windows security: Read, Write, Delete permissions on SMB shares

Database Systems

PostgreSQL - Database user with SELECT, INSERT, UPDATE, DELETE on log event tables

SQL Server - Database user with:

  • public - logon rights
  • db_datareader - read access
  • db_datawriter - write access
  • db_ddladmin - better performance (optional)

Tip

For connection string examples and authentication options, see the comprehensive SQL Connection Strings guide.

For detailed configuration including connection strings and authentication examples, see the specific Configuration guides for each source type.

Supported Versions

Cloud technologies evolve rapidly. Nodinite always supports currently supported Microsoft API versions. Update Nodinite and the Pickup Log Events Service Logging Agent as needed.

What Windows User Rights does the Pickup LogEvents Service Logging Agent require?

The agent is installed as a Windows Service, usually on the Nodinite application server. Virtual machines are supported.

Service Account Options New 7.0.4

Group Managed Service Account (gMSA) - Recommended for automated password management.

Traditional Account - Local named account or domain account (preferred).

What Nodinite SQL user rights does the Pickup LogEvents Service Logging Agent require?

If you are bypassing the Log API for performance reasons (the only valid reason), then the account running the Pickup Log Events Service Logging Agent must have the following rights assigned:

Important

db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially for remote servers (linked servers). Read more in Microsoft's documentation.

Configuration Database Permissions

The Configuration Database requires:

  • db_datareader
  • db_datawriter
  • db_ddladmin
  • Execute rights on all existing and future stored procedures:
GRANT EXECUTE TO [Domain\user]

Replace [Domain\user] with the Windows account used for the Pickup Log Events Service Logging Agent.

Tip

For detailed connection string configuration including Windows Authentication, SQL Authentication, and encryption settings, see SQL Connection Strings.

Log Database Permissions

All Log Databases (can be multiple) require:

  • db_datareader
  • db_datawriter
  • db_ddladmin

Firewall Requirements

The Pickup Service requires network connectivity between multiple systems. Below are the essential firewall rules organized by source type.

Note

Stateful Firewall Note: Modern firewalls automatically allow response traffic for established outbound connections. Inbound rules shown below typically require no additional configuration with stateful firewalls.

Firewall Rules by Source Type

Source Type Destination Protocol Ports Notes
ActiveMQ ActiveMQ Broker TCP 61616 OpenWire protocol. SSL typically uses 61617
AMQP/Artemis AMQP Broker TCP 5672, 5671 5671 for SSL/TLS
Anypoint MQ Anypoint MQ Cloud TCP 443 HTTPS REST API
Azure Event Hub *.servicebus.windows.net TCP 443, 5671-5672 HTTPS or AMQP over SSL
Azure Event Hub *.servicebus.windows.net TCP 9350-9354 Legacy Net.TCP (rarely used)
Azure Storage *.blob.core.windows.net TCP 443 Checkpoint storage for Event Hub
Azure Service Bus *.servicebus.windows.net TCP 443, 5671-5672 HTTPS or AMQP over SSL
File Share (SMB) File Server TCP/UDP 445 Modern SMB 2.x/3.x (preferred)
File Share (Legacy) File Server TCP/UDP 135-139 Legacy NetBIOS/SMB 1.0 (avoid)
MSMQ MSMQ Server TCP 1801 Primary MSMQ port
MSMQ MSMQ Server TCP/UDP 135 RPC Endpoint Mapper
MSMQ MSMQ Server TCP 2101, 2103, 2105 MSMQ RPC communications
MSMQ MSMQ Server UDP 3527 MSMQ discovery/ping
PostgreSQL PostgreSQL Server TCP 5432 Default PostgreSQL port
SQL Server SQL Server TCP 1433 Default instance
SQL Server SQL Server TCP 49152-65535 Named instances (dynamic ports)
SQL Server SQL Server TCP/UDP 88, 135 Kerberos, RPC for Windows auth

Required Connections to Nodinite

Destination Protocol Ports Purpose
Log API TCP 80, 443 HTTP (local) or HTTPS (remote) for operational logging
Configuration Database TCP 1433 or dynamic SQL Server connection for configuration

Performance Tip: When the Pickup Service and Log API are on the same server, use HTTP (port 80) for better performance.

Additional Firewall Considerations

Azure Storage Firewall: When using Event Hub or Azure Storage, you may need to whitelist the Pickup Server's public IP. Review Configure Azure Storage firewalls.

DNS Resolution: All connections require DNS (TCP/UDP port 53) or static hosts file entries.

EnableLinkRedirect: If enabled for Event Hub (default), additional dynamic ports (104XX range) may be used. Review AMQP 1.0 protocol guide.

RPC Dynamic Ports: For SQL Server named instances and MSMQ, RPC uses dynamic port allocation. Review Configure RPC dynamic port allocation.

Tip

For detailed protocol documentation and troubleshooting, see:

Frequently Asked Questions

Find additional solutions to common problems and the FAQ for the Nodinite Pickup Log Events Service Logging Agent in the Troubleshooting user guide.

Make sure to subscribe to our Release Notes.

Next Step