Ports
Description of ports used for Opsview Monitor
Overview
Since Opsview Monitor is based on microservices there are a lot of network ports in use across all the different components to pass the required data around. These will need to be configured in any network or host firewalls.
The below configuration examples assume an installation based upon opsview_deploy-02-small.yml has been set up as per the Advanced Automated Installation guide.
Collectors to the Orchestrator
These ports need to be opened from the Collector to the Orchestrator:
(Not required if using ssh-tunnels)
| Port | Component |
|---|---|
| 15985 | datastore-access |
| 35673 | messagequeue-access |
| 45673 | messagequeue-management-access |
| 12378 | registry-access |
Collector Clusters
All collectors within the same cluster need to be able to communicate over the following ports:
| Port | Component |
|---|---|
| 4369 | erlang-clustering-port |
| 5666 | infrastructure-agent |
| 8183 | cache-manager-access |
| 15985 | datastore-access |
| 25672 | messagequeue-internode-communication |
| 25984 | datastore-management-access |
| 35672:35682 | messagequeue-access |
| 45673 | messagequeue-management-access |
Collectors in different Clusters do not communicate.
Remote Databases
These ports need to be opened from the Orchestrator to the remote database instance:
| Port | Component |
|---|---|
| 13307 | database-access |
These ports need to be opened from the remote database instance to the Orchestrator:
| Port | Component |
|---|---|
| 15985 | datastore-access |
| 35673 | messagequeue-access |
| 45673 | messagequeue-management-access |
| 12378 | registry-access |
Remote Timeseries Server
These ports need to be opened from the Orchestrator to the Timeseries server (assuming all Timeseries components are on the same server):
| Port | Component |
|---|---|
| 11601 | timeseries-access |
These ports need to be opened from the Timeseries server to the Orchestrator:
| Port | Component |
|---|---|
| 15985 | datastore-access |
| 35673 | messagequeue-access |
| 45673 | messagequeue-management-access |
| 12378 | registry-access |
List of All Ports
In the table below we list the TCP and UDP ports that are used by Opsview Monitor in the default setup:
Database
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 13306 | TCP | ✓ | opsview-loadbalancer | Orchestrator | Load balances traffic for intra-host communication | Loadbalancer on local server |
| 13307 | TCP | ✗ | opsview-loadbalancer | Database servers | Inter-host communication with TLS encryption optional | Primary and collector servers, routed to 3306 on local server |
| 3306 | TCP | ✓ | mysqld | Database servers | Actual database port. Should not be used directly, but via Opsview Loadbalancer | Loadbalancer on local server |
Datastore
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 15984 | TCP | ✓ | opsview-loadbalancer | Primary server | Load balances traffic for intra-host communication | Collector Servers |
| 15986 | TCP | ✓ | opsview-loadbalancer | Collector servers | Load balances traffic for intra-host communication | Collector servers within the same cluster |
| 15985 | TCP | ✗ | opsview-loadbalancer | Datastore servers | Inter-host communication with TLS encryption optional | Collector servers within the same cluster |
| 5984 | TCP | ✗ | opsview-datastore | Datastore servers | Actual datastore port. Should not be used directly, but via Opsview Loadbalancer | Loadbalancer on local server |
| 25984 | TCP | ✗ | opsview-datastore | Datastore servers | Datastore dist bind port. See http://docs.couchdb.org/en/stable/cluster/setup.html#firewall | Other Datastore servers when HA is set up |
Loadbalancer
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 9000 | TCP | ✓ | opsview-loadbalancer | Primary and collector servers | Loadbalancer port. Should not be used directly. Required by Opsview - Components - Loadbalancer Opspack | Opsview Collector on localhost |
Messagequeue
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 35672 | TCP | ✓ | opsview-loadbalancer | Primary server | Load balances traffic for intra-host communication | Collector servers |
| 35675 | TCP | ✓ | opsview-loadbalancer | Collector servers | Load balances traffic for intra-host communication | Collector servers within the same cluster |
| 35673 | TCP | ✗ | opsview-loadbalancer | Messagequeue servers | Inter-host communication with TLS encryption optional | Loadbalancer on any server |
| 5672 | TCP | ✗ | opsview-messagequeue | Messagequeue servers | Actual messagequeue port. Should not be used directly, but via Opsview Loadbalancer | Loadbalancer on same server |
| 45672 | TCP | ✓ | opsview-loadbalancer | Primary server | Load balances traffic for intra-host communication (Messagequeue management) | Collector servers |
| 45675 | TCP | ✓ | opsview-loadbalancer | Collector servers | Load balances traffic for intra-host communication (Messagequeue management) | Collector servers within the same cluster |
| 45673 | TCP | ✗ | opsview-loadbalancer | Messagequeue servers | Inter-host communication with TLS encryption optional (Messagequeue management) | Loadbalancer on any server |
| 15672 | TCP | ✗ | opsview-messagequeue | Messagequeue servers | Actual messagequeue management port. Should not be used directly, but via Opsview Loadbalancer | Loadbalancer on same server |
| 25672 | TCP | ✗ | opsview-messagequeue | Messagequeue servers | Messagequeue dist bind port. See https://www.rabbitmq.com/networking.html#ports | Other Messagequeue servers when HA is set up |
Registry
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 12379 | TCP | ✓ | opsview-loadbalancer | Primary and collector servers | Load balances traffic for intra-host communication | All Opsview servers, routed to 12378 on Registry servers |
| 12378 | TCP | ✗ | opsview-loadbalancer | Registry servers | Inter-host communication with TLS encryption optional | Loadbalancer on any Opsview any server, routed to 12379 on localhost |
| 2379 | TCP | ✗ | opsview-registry | Registry servers | Actual registry port. Should not be used directly, but via Opsview Loadbalancer | Loadbalancer on local server |
| 2380 | TCP | ✗ | opsview-registry | Registry servers | Used for HA registry clustering | Other Registry servers |
Cache Manager
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 8183 | TCP | ✗ | opsview-cachemanager | Primary and collector servers | Used to cache session and other disposable data with a short shelf life | All Opsview servers, routed to 12378 on Registry servers |
Timeseries
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 11600 | TCP | ✓ | opsview-loadbalancer | Primary and collector servers | Load balances traffic for intra-host communication | Primary Server, routed to 11601 on Timeseries servers |
| 11601 | TCP | ✗ | opsview-loadbalancer | Timeseries servers | Inter-host communication with TLS encryption optional | Loadbalancer on Primary Server, routed to 1600 on local server |
| 1600 | TCP | ✗ | opsview-timeseries | Timeseries servers | Actual timeseries port. Should not be used directly, but via Opsview Loadbalancer | Loadbalancer on local server |
| 1620 | TCP | ✗ | opsview-timeseries-enqueuer | Timeseries servers | Timeseries enqueuer port | opsview-timeseries component |
| 1640..43 | TCP | ✗ | opsview-timeseries-rrd opsview-timeseries-influxdb | Timeseries servers | Timeseries write ports | opsview-timeseries-enqueuer component |
| 1660 | TCP | ✗ | opsview-timeseries-rrd opsview-timeseries-influxdb | Timeseries servers | Timeseries query ports | opsview-timeseries-enqueuer component |
Web UI
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 80 | TCP | ✗ | NGINX | Primary server | HTTP port for the web UI | User Web Browser |
| 443 | TCP | ✗ | NGINX | Primary server | HTTPS port for the web UI | User Web Browser |
| 3000 | TCP | ✓ | opsview-web-app | Primary server | May be configured to listen on specific interfaces by changing the $bind_address in opsview.conf | NGINX proxy on localhost |
Other
| Listening Port | Protocol | Loopback Only | Component | Location | Description | Connection From |
|---|---|---|---|---|---|---|
| 5666 | TCP | ✗ | infrastructure-agent | All servers | Opsview Collectors should be able to access it for monitoring | Opsview Collectors |
| 8181 | TCP | ✓ | opsview-orchestrator | Primary server | Orchestrator port. Should not be used directly, but via Opsview Web UI | opsview-web-app component |
| 4369 | TCP | ✓ | opsview-datastore opsview-messagequeue | Datastore and Messagequeue servers | Erlang port used for peer service discovery. See Opsview Message Queue HA and Opsview Datastore HA | - opsview-loadbalancer - opsview-datastore and opsview-messagequeue when HA is set up. |
| 6343 2055 9066 | TCP UDP UDP | ✗ | opsview-flow-collector | Collector servers | You may need to check your sFlow/NetFlow source device configuration for which ports to open | Any device submitting "*flow" data |
Updated 5 months ago