Documentation forLog Analyzer
Analyzing logs is a key capability of Hybrid Cloud Observability and is also available in a standalone module, Log Analyzer (LA). Hybrid Cloud Observability and LA are built on the self-hosted SolarWinds Platform.

LA 2020.2 system requirements

SolarWinds strongly recommends that you install the SolarWinds Platform on a server that is neither public, nor internet-facing. To learn about best practices for configuring your SolarWinds Platform installation securely, see Secure Configuration for the SolarWinds Platform.

The following are the system requirements for Log Analyzer (LA) 2020.2. This version of LA uses Orion Platform 2020.2. See Orion Platform system requirements for details.

If you are installing a dedicated log and event database for Orion Log Viewer, reference these requirements.

In addition to the requirements below, most LA monitoring requires the monitored server be polled by an Orion Agent for Windows.

Type Requirements
Operating System
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Microsoft Windows 10 (evaluation only)
  • Microsoft Windows 8.1 (evaluation only)
Operating System language
  • English (UK or US)
  • German
  • Japanese
Orion Web Console browser

The Orion Platform supports the two latest versions of the following web browsers available on the release date:

  • Firefox
  • Chrome
  • Edge (79 or higher)

In LA 2020.2 and later, some pages are not compatible with IE11. If you are using IE11, you will see a warning message on incompatible pages. SolarWinds recommends using a different browser (such as Chrome, Firefox, or Microsoft Edge) for the best user experience with LA.

LA database

Physical server or virtual machine

  • Quad core processor or better
  • 16 GB RAM
  • 1 x 1 GB dedicated NIC
  • Windows Server 2016 or 2019, Standard or Datacenter Edition

    Additionally, Azure SQL is available to use as a database server for LA.

  • Disk requirements: 100-130 GB/day (@1000 EPS) on local NTFS disk

    Estimate required storage size based on EPS expectation and desired retention. For example, 1 TB capacity for default retention period (7 days).

  • Microsoft SQL Server 2016 SP1 or later
  • Microsoft SQL Server Express

    SolarWinds recommends using SQL Server Express only in evaluations. However, if used in a production environment, consider the following: The LA database will have a 10 GB limit. This means that in case of 1000 EPS, only 2-3 hours of data can be saved. For 7 days of data (default retention) only 15 EPS on average can be collected.

  • Supported collations:
    • English with collation setting SQL_Latin1_General_CP1_CI_AS
    • German with collation setting German_PhoneBook_CI_AS
    • Japanese with collation setting Japanese_CI_AS
Authentication Either mixed-mode or Windows authentication. If you require SQL authentication, you must enable mixed mode on your SQL server.

LA/Orion server:

Do not install Orion Platform products on the same server as SolarWinds Access Rights Manager (ARM).

CPU

Quad core processor or better

  • Required: 4 cores
  • Recommended: 8 cores

Do not enable Physical Address Extension (PAE).

Hard drive space

15 GB minimum 40 GB recommended

Two 146 GB 15K (RAID 1/Mirrored Settings) hard drives are recommended with a dedicated drive for the server operating system and SolarWinds installation.

During upgrades, the installer needs 2 GB of free space.

Some common files may need to be installed on the same drive as your server operating system. You may want to move or expand the Windows temporary directories.

Memory
  • 8 GB minimum
  • 16 GB recommended

LA port requirements

  • Ports 4369, 25672, and 5672 are opened by default on the main server for RabbitMQ messaging. These ports can be blocked by the firewall. When running SolarWinds High Availability, ensure ports 4369 and 25672 are open.
  • RPC ports > 1024 (TCP, bidirectional) is used by the Job Engine v2 process to communicate with Windows nodes.

SolarWinds does not recommend the use of HTTP (Port 80). Please use HTTPS (Port 443) to ensure that any web-related connections are secure.

Port Protocol Service/

Process
Direction Description Encryption
user-defined, default: 22 SSH

SolarWinds Job Engine v2

IIS

Outbound from the Orion Platform server to the device Port for accessing ASA devices through CLI Device-based

25

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port for non-encrypted messages

n/a
53 UDP SolarWinds Job Engine v2 Bi-

directional
Resolving DNS queries n/a

80

TCP

IIS Inbound

Default additional web server port. If you specify any port other than 80, you must include that port in the URL used to access the web console. For example, if you specify an IP address of 192.168.0.3 and port 8080, the URL used to access the web console is

http://192.168.0.3:8080. Open the port to enable communication from your computers to the Orion Platform Web Console.

The port might also be used for Cisco UCS monitoring.

n/a
135 TCP Microsoft EPMAP (DCE/RPC Locator service) Bi-

directional
Required for devices polled via WMI. Used to initiate communication with the remotely managed host.  

161

UDP

SolarWinds Job Engine v2

SolarWinds Cortex

Bi-

directional

Send and receive SNMP

information

SNMP v1 and v2 are unencrypted. SNMP v3 uses AES and 3DES encryption.

162

UDP

SolarWinds Trap Service

SNMP Informs

Inbound

Receive trap messages

SNMP v1 and v2 are unencrypted. SNMP v3 uses AES and 3DES encryption.

443

TCP

IIS Inbound

Default port for https binding.

SSL

465

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

SSL

514

UDP

SolarWinds Syslog Service Inbound

Receive syslog messages

n/a

587

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

TLS

1433

TCP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

Orion Platform Module Engine

Outbound

Communication between the Orion Platform server and the SQL Server.

n/a

1434

UDP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

Orion Platform Module Engine

SQL Server Browse Service

Outbound

Communication with the SQL Server Browser Service to determine how to communicate with certain non-standard SQL Server installations. Required only if your SQL Server is configured to use dynamic ports.

n/a
1468 TCP SolarWinds Syslog Service Inbound Receive syslog messages n/a

5671

TCP

RabbitMQ

Bi-

directional

For encrypted RabbitMQ messaging (AMQP/TLS) into the main polling engine from every Orion Platform server (additional polling engines, HA servers, or additional web servers).

Sending messages to RabbitMQ.

TLS 1.2
6514 TCP SolarWinds Syslog Service Inbound Receive syslog messages TLS

17777

TCP

Orion Platform Module Engine

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Cortex

Bi-

directional

Communication between services and Orion Platform module traffic.

Communication between the Orion Platform Web Console and the polling engines.

Communication between the main server and pool members.

RSA handshake, AES 256 communication using WCF

TLS 1.2 with Cortex

17778

HTTPS

SolarWinds Agent Inbound to the Orion Platform server

Required for access to the SWIS API and agent communication

SSL

See SolarWinds Port requirements for a comprehensive list of port requirements for SolarWinds products.

Optional, individual components, such as SolarWinds agents and High Availability, have additional port requirements.

LA agent requirements

Agent software is free. Licensing occurs through your product and is usually based on the number of monitored elements.

Before you deploy agents to a target computer, review the following system requirements.

Type Windows
Operating System

Only 64-bit operating systems are supported.

  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows 7
  • Windows 7 SP1
  • Windows 8
  • Windows 8.1
  • Windows 10

Only Pro, Enterprise, and Ultimate workstation
operating systems editions are supported.

Hard drive space Approximately 100 MB of hard drive space on the target computer.
Other software

The following software packages are installed by the agent installer if necessary:

  • Microsoft Visual C++ 2013 Redistributable Package for 32-bit or 64-bit
  • .NET Framework 4.0 (You must install this manually if you are installing an agent on Windows Server 2008 R2 or earlier or Windows Core
  • .NET Framework 4.5 (Required for Windows Server 2008 R2 SP1 and later)
Security

The VeriSign Root Certificate Authority (CA) must be current. This is required because the agent software is signed using a VeriSign certificate.

After the agent is installed, it runs as a Local System account and does not require administrative permissions to function.

Latency

Agents can tolerate up to 500 ms of latency between the remote computer and the SolarWinds Platform server.

Cloud instance requirements for the LA database in Azure

The cloud instance requirements match the requirements for the LA database server above.

Azure Storage Disk volumes are not your dedicated hardware. Consider using Azure Reserved Instances of storage disk volumes for SQL servers.