Unomaly needs to have the correct communication and network ports available to receive data from systems, to communicate with other Unomaly instances in a distributed setup, and to send email notification to users. This topic discusses the network settings and lists the communications ports. For email settings, see “Configure email capabilities”.

Editing network settings

You need to use the console menu to change the network settings on a Unomaly instance. Network settings include: the IP address of the instance, the netmask, gateway, DNS, and proxy.

  1. Use SSH to log into the Unomaly instance’s console menu. See “The Unomaly console menu”.

  2. On the console menu, choose option 1 to Set network configuration.

Managing the firewall

Each Unomaly instance has a local firewall that controls inbound and outbound communications.

List firewall rules

Use the ufw command to list the active rules.

[email protected]:/opt/unomaly-dev$ sudo ufw status

Add a firewall rule

Adding firewall rules with the ufw allow command makes them permanent, even after reboot.

Example 1. Allow inbound and outbound communication on port 10000 over TCP.

[email protected]:/tmp/$ sudo ufw allow 10000/tcp

Example 2. Specify the source IP and port ranges for communication.

[email protected]:/tmp/$ sudo ufw allow proto tcp from 10.23.3.4 to any port 10000:10100

Remove a firewall rule

Delete existing firewall rules with the ufw delete command.

[email protected]:/tmp/$ sudo ufw delete allow 10000/tcp

General communication settings

Unomaly uses the ports listed below for communications between instances and external systems. Refer to this list when you configure the network and communication settings on your instance.

Inbound to Unomaly from log senders

Protocol/Port Description
TCP/514, UDP/514 Syslog (If logs are sent directly from systems.)
TCP/5514, UDP/5514 Syslog (If logs are sent from a log aggregator.)
UDP/162 SNMP (If SNMP traps are to be used to send events to Unomaly.)

Inbound to Unomaly from Unomaly users

Protocol/Port Description
TCP/443 HTTPS Web-GUI access
TCP/22 SSH Console access

Outbound from Unomaly to relevant servers

Protocol/Port Description
UDP/123 NTP (Either to internet or to internal NTP servers.)
UDP/53 DNS (Either to internet or to internal DNS servers. Internal is preferred due to reverse DNS lookups in certain scenarios.)
TCP/25 SMTP (To send email. Either Internet or to configured internal SMTP servers. Internal is preferred for stability reasons.)

Outbound from Unomaly (Optional)

Protocol/Port Description
TCP/443 This port enables upgrading by downloading and installing directly through the SSH console menu. This is optional, upgrades can be done by other means as well.

Distributed communication settings

Make sure these settings are open between Manager and Worker instances in a distributed deployment.

Manager and Workers management

The web interface only runs on the Manager instance.

Protocol/Port Description
UDP/53 DNS outbound
UDP/123 NTP outbound
TCP/22 SSH inbound (bidirectional communications between Manager and Worker instances.)

Manager user interface and notifications

Protocol/Port Description
TCP/443 HTTPS inbound
TCP/25 SMTP outbound

Workers event collection

Protocol/Port Description
TCP/514, UDP/514 Inbound collection of logs directly from systems.
TCP/5514, UDP/5514 Inbound collection of logs from a log aggregator