- Exabeam Site Collector
- Exabeam Site Collector Network Ports
- Exabeam Site Collector Specifications
- Install Exabeam Site Collector
- Upgrade Exabeam Site Collector
- Advanced Exabeam Site Collector Customizations
- Supported Exabeam Site Collector Changes
- Configure Transport Layer Security (TLS) Syslog Ingestion
- Direct Kafka Input to Exabeam Site Collector
- Add a Secondary Syslog Destination
- Remove a Syslog Destination
- Filter Incoming Syslog Events in Exabeam Site Collector
- Filtering Outbound Logs in Exabeam Site Collector
- Metadata Collected by Site Collector and Supported Agents
- Add OpenVPN After Exabeam Site Collector Installation
- Supported Exabeam Site Collector Changes
- Troubleshoot for Exabeam Site Collector
- Scenario 1: Collector or its status does not appear in the console and no logs reach destination
- Scenario 2: Collector is healthy but no logs are transmitted or received
- Scenario 3: Exabeam Advanced Analyticsunable to pull LDAP data
- Scenario 4: Kafka Google Cloud Storage (GCS) collectors have not appeared on Data Lake
- Scenario 5: If logs are not uploaded to GCS where logs are not on Data Lake
- Scenario 6: Unable to accept incoming syslog, active directory context, Splunk logs, or Incident Responder integrations
- Scenario 7: Cannot send after transport endpoint shutdown
- Scenario 8: Too many arguments in command /tools/config.parser.sh
- Other scenarios
- Capture Site Collector Diagnostics Using Exabeam Support Package
- Install and Upgrade Exabeam Site Collector for On-premises and Legacy Deployments
- Prerequisites
- Install Site Collector for Exabeam Data Lake On-premises Deployments
- Installing Site Collector for Exabeam Advanced Analytics On-premises Deployments
- Upgrade Site Collector for Exabeam Data Lake On-premises Deployments
- Upgrade Site Collector for Exabeam Advanced Analytics On-premises Deployments
- Uninstall Exabeam Site Collector
- Migrate to the New-Scale Site Collectors Service
- A. Glossary of Terms
Exabeam Site Collector Network Ports
Apply the port configurations that match your deployment. These ports are required for the Exabeam Site Collector to operate correctly. In addition, communications for deployment-specific scenarios must also be allowed.
When you whitelist a syslog source, you may need to refer to the Exabeam Site Collector's certificate authority. You can whitelist Transport Layer Security (TLS) syslogs as a source that can be whitelisted. For more information on configuring , see Configure Transport Layer Security (TLS) Syslog Ingestion.
Source | Destination | Port | Protocol | Description |
|---|---|---|---|---|
All Site Collectors | DNS Server | 53 | DNS | DNS lookup |
All Site Collectors | NTP Server | 123 | NTP | Time synchronization |
Administrator Network | All Site Collectors | 22 | SSH | Administrator command line access to host via encrypted connection |
Log Sources | All Site Collectors | 514 or 515 (TLS) | Syslog | Collector registration and monitoring and syslog ingestion port from log sources Unidirectional traffic |
All Site Collectors | <InstanceID>.beats.exabeam.com | 443 | HTTPS | Exabeam Site Collector registration and monitoring |
Primary Site Collector | <InstanceID>.connect.exabeam.com | 1194 or 443 | TCP | OpenVPN tunnel for on-premises deployments WarningDo not configure more than one Open VPN connection per site collector and per SaaS tenant. Otherwise, network conflicts will occur. |
Primary Site Collector | Domain Controller(s) Global Catalog | 389 or 636 3268 or 3269 | LDAP -or- LDAPS | Active Directory context and administrator authentication |
All Site Collector | accounts.google.com | 443 | HTTPS | Upload to Google Cloud Storage/Pub-Sub |
All Site Collector | *.googleapis.com or oauth2.googleapis.com www.googleapis.com storage.googleapis.com pubsub.googleapis.com accounts.googleapis.com | 443 | HTTPS | Upload to Google Cloud Storage/Pub-Sub |
Note
Should you experience any issues with your firewall, consider whitelisting the IP address ranges published by Google, for example 142.250.0.0/15.
Additional Ports for Specific Configurations
If you are deploying additional services, review and configure appropriate ports if the following services match your environment:
Source | Destination | Port | Protocol | Description |
|---|---|---|---|---|
Exabeam Log Collector | Local Site Collector | 8484 | HTTPS | Exabeam Log Collector registration and monitoring |
Exabeam Log Collector | Local Site Collector | 9092 9093 | KAFKA TCP | Windows and Linux event collection using Exabeam Log Collector |
Source | Destination | Port | Protocol | Description |
|---|---|---|---|---|
Primary Site Connector | Splunk QRADAR Other Log repositories/databases | 8089 443 Various | HTTPS | Log collection using Site Connector to poll systems directly |
Source | Destination | Port | Protocol | Description |
|---|---|---|---|---|
Primary Site Collector | Orchestrated security products and servers | Various | HTTPS | Third-party integrations |