Unomaly needs to have the correct communication and network ports available to receive data from systems, to communicate with other Unomaly instances in a distributed setup, and to send email notification to users. This topic discusses the network settings and lists the communications ports. For email settings, see “Configure email capabilities”.
Editing network settings
You need to use the console menu to change the network settings on a Unomaly instance. Network settings include: the IP address of the instance, the netmask, gateway, DNS, and proxy.
Use SSH to log into the Unomaly instance’s console menu. See “The Unomaly console menu”.
On the console menu, choose option 1 to Set network configuration.
Managing the firewall
Each Unomaly instance has a local firewall that controls inbound and outbound communications.
List firewall rules
ufw command to list the active rules.
[email protected]:/opt/unomaly-dev$ sudo ufw status
Add a firewall rule
Adding firewall rules with the
ufw allow command makes them permanent, even after reboot.
Example 1. Allow inbound and outbound communication on port 10000 over TCP.
[email protected]:/tmp/$ sudo ufw allow 10000/tcp
Example 2. Specify the source IP and port ranges for communication.
[email protected]:/tmp/$ sudo ufw allow proto tcp from 10.23.3.4 to any port 10000:10100
Remove a firewall rule
Delete existing firewall rules with the
ufw delete command.
[email protected]:/tmp/$ sudo ufw delete allow 10000/tcp
General communication settings
Unomaly uses the ports listed below for communications between instances and external systems. Refer to this list when you configure the network and communication settings on your instance.
Inbound to Unomaly from log senders
|TCP/514, UDP/514||Syslog (If logs are sent directly from systems.)|
|TCP/5514, UDP/5514||Syslog (If logs are sent from a log aggregator.)|
|UDP/162||SNMP (If SNMP traps are to be used to send events to Unomaly.)|
Inbound to Unomaly from Unomaly users
|TCP/443||HTTPS Web-GUI access|
|TCP/22||SSH Console access|
Outbound from Unomaly to relevant servers
|UDP/123||NTP (Either to internet or to internal NTP servers.)|
|UDP/53||DNS (Either to internet or to internal DNS servers. Internal is preferred due to reverse DNS lookups in certain scenarios.)|
|TCP/25||SMTP (To send email. Either Internet or to configured internal SMTP servers. Internal is preferred for stability reasons.)|
Outbound from Unomaly (Optional)
|TCP/443||This port enables upgrading by downloading and installing directly through the SSH console menu. This is optional, upgrades can be done by other means as well.|
Distributed communication settings
Make sure these settings are open between Manager and Worker instances in a distributed deployment.
Manager and Workers management
The web interface only runs on the Manager instance.
|TCP/22||SSH inbound (bidirectional communications between Manager and Worker instances.)|
Manager user interface and notifications
Workers event collection
|TCP/514, UDP/514||Inbound collection of logs directly from systems.|
|TCP/5514, UDP/5514||Inbound collection of logs from a log aggregator|
Did this article help you?
Thank you for the feedback!