Documentation forLog Analyzer
Analyzing logs is a key capability of SolarWinds Observability Self-Hosted (formerly Hybrid Cloud Observability) and is available in the Essentials edition. Log Analyzer (LA) is also available in a standalone module.

LA 2023.3 System requirements

Release date: July 25, 2023

SolarWinds strongly recommends that you install the SolarWinds Platform on a server that is neither public, nor internet-facing. To learn about best practices for configuring your SolarWinds Platform installation securely, see Secure Configuration for the SolarWinds Platform.

The following are the system requirements for LA 2023.3. This version of LA uses SolarWinds Platform version 2023.3. To upgrade to SolarWinds Platform 2023.3, your current deployment must be version 2020.2 or later. For more information on SolarWinds Platform system requirements, see the SolarWinds Platform requirements.

In addition to the requirements below, most LA monitoring requires the monitored server be polled by a SolarWinds Platform Agent for Windows.

Type Requirements
Operating System
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Microsoft Windows 11
  • Microsoft Windows 10
Operating System language
  • English (UK or US)
  • German
  • Japanese
  • Simplified Chinese
SolarWinds Platform Web Console browser

SolarWinds Platform supports the two latest versions of the following web browsers available on the release date:

  • Firefox
  • Chrome
  • Edge (79 or higher)

In LA 2020.2 and later, some pages are not compatible with IE11. If you are using IE11, you will see a warning message on incompatible pages. SolarWinds recommends using a different browser (such as Chrome, Firefox, or Microsoft Edge) for the best user experience with LA.

LA database

Physical server or virtual machine

  • Quad core processor or better
  • 16 GB RAM
  • 1 x 1 GB dedicated NIC
  • Windows Server 2016 or 2019, Standard or Datacenter Edition

    Additionally, Azure SQL is available to use as a database server for LA.

  • Disk requirements: 100-130 GB/day (@1000 EPS) on local NTFS disk

    Estimate required storage size based on EPS expectation and desired retention. For example, 1 TB capacity for default retention period (7 days).

  • Microsoft SQL Server 2016 SP1 or later
  • Users may experience performance degradation while using synchronous-commit mode for SQL availability groups on Log Analyzer's database. For high-load environments, asynchronous-commit mode is strongly recommended.

  • Microsoft SQL Server Express

    SolarWinds recommends using SQL Server Express only in evaluations. However, if used in a production environment, consider the following: The LA database will have a 10 GB limit. This means that in case of 1000 EPS, only 2-3 hours of data can be saved. For 7 days of data (default retention) only 15 EPS on average can be collected.

  • Supported collations:
    • English with collation setting SQL_Latin1_General_CP1_CI_AS
    • English with collation setting SQL_Latin1_General_CP1_CS_AS
    • German with collation setting German_PhoneBook_CI_AS
    • Japanese with collation setting Japanese_CI_AS
    • Simplified Chinese with collation setting Chinese_PRC_CI_AS
Authentication Either mixed-mode or Windows authentication. If you require SQL authentication, you must enable mixed mode on your SQL server.

LA/SolarWinds Platform server:

Do not install SolarWinds Platform products on the same server as SolarWinds Access Rights Manager (ARM).

CPU

Quad core processor or better

  • Required: 4 cores
  • Recommended: 8 cores

Do not enable Physical Address Extension (PAE).

Hard drive space

15 GB minimum 40 GB recommended

Two 146 GB 15K (RAID 1/Mirrored Settings) hard drives are recommended with a dedicated drive for the server operating system and SolarWinds installation.

During upgrades, the installer needs 2 GB of free space.

Some common files may need to be installed on the same drive as your server operating system. You may want to move or expand the Windows temporary directories.

Memory
  • 8 GB minimum
  • 16 GB recommended

LA port requirements

Return to top

  • Ports 4369, 25672, and 5672 are opened by default on the main server for RabbitMQ messaging. These ports can be blocked by the firewall. When running SolarWinds High Availability, ensure ports 4369 and 25672 are open.
  • RPC ports > 1024 (TCP, bidirectional) is used by the Job Engine v2 process to communicate with Windows nodes.

SolarWinds does not recommend the use of HTTP (Port 80). Please use HTTPS (Port 443) to ensure that any web-related connections are secure.

Port Protocol Service/
Process
Direction Description Encryption
user-defined, default: 22 SSH

SolarWinds Job Engine v2

IIS

Outbound from the SolarWinds Platform server to the device Port for accessing ASA devices through CLI Device-based

25

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port for non-encrypted messages

n/a
53 UDP SolarWinds Job Engine v2 Bi-
directional
Resolving DNS queries n/a

80

TCP

IIS Inbound

HTTP default for the SolarWinds Platform Web Console website.

If you specify any port other than 80, you must include that port in the URL used to access the web console. For example, if you specify an IP address of 192.168.0.3 and port 8080, the URL used to access the web console is
http://192.168.0.3:8080.

The port might also be used for Cisco UCS monitoring.

n/a
135 TCP Microsoft EPMAP (DCE/RPC Locator service) Bi-
directional
Required for devices polled via WMI. Used to initiate communication with the remotely managed host.  

161

UDP

SolarWinds Job Engine v2

SolarWinds Cortex

Bi-
directional

Send and receive SNMP
information

SNMP v1 and v2 are unencrypted. SNMP v3 uses AES and 3DES encryption.

162

UDP

SolarWinds Trap Service

SNMP Informs

Inbound

Receive trap messages

SNMP v1 and v2 are unencrypted.

SNMP v3 uses:

  • DES56, AES128, AS192, and AES256 for encryption.
  • MD5 and SHA1 for authentication.

443

TCP

IIS Inbound

Default port for https binding.

SSL

465

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

SSL

514

UDP

SolarWinds Syslog Service Inbound

Receive syslog messages

n/a

587

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

TLS

1433

TCP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Platform Module Engine

Outbound

Communication between the SolarWinds Platform server and the SQL Server.

n/a

1434

UDP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Platform Module Engine

SQL Server Browse Service

Outbound

Communication with the SQL Server Browser Service to determine how to communicate with certain non-standard SQL Server installations. Required only if your SQL Server is configured to use dynamic ports.

n/a
1468 TCP SolarWinds Syslog Service Inbound Receive syslog messages n/a

5671

TCP

RabbitMQ

Bi-
directional

For encrypted RabbitMQ messaging (AMQP/TLS) into the main polling engine from every SolarWinds Platform server (additional polling engines, HA servers, or additional web servers).

Sending messages to RabbitMQ.

TLS 1.2
6514 TCP SolarWinds Syslog Service Inbound Receive syslog messages TLS

17777

TCP

SolarWinds Platform Module Engine

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Cortex

Bi-
directional

Communication between services and SolarWinds Platform module traffic.

Communication between the SolarWinds Platform Web Console and the polling engines.

Communication between the main server and pool members.

RSA handshake, AES 256 communication using WCF

TLS 1.2 with Cortex

17778

HTTPS

SolarWinds Agent Inbound to the SolarWinds Platform server

Required for access to the SWIS API and agent communication

SSL

See SolarWinds Port requirements for a comprehensive list of port requirements for SolarWinds products.

Optional, individual components, such as SolarWinds agents and High Availability, have additional port requirements.

LA agent requirements

Return to top

Agent software is free. Licensing occurs through your product and is usually based on the number of monitored elements.

Windows agents run as a service.

Before you deploy agents to a target computer, review the following system requirements.

Type Windows Linux
Operating System

Only 64-bit operating systems are supported.

  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows 7
  • Windows 7 SP1
  • Windows 8
  • Windows 8.1
  • Windows 10

Only Pro, Enterprise, and Ultimate workstation operating systems editions are supported.

  • CentOS 6.x - 8.x, 64-bit
  • Oracle Linux 6.x - 8.x, 64-bit
  • Red Hat Enterprise Linux 6.x - 8.x, 64-bit
  • SUSE Linux Enterprise Server 15.x, 64-bit
  • Ubuntu 14.x - 20.x, 64-bit
Linux distributions not listed above are not supported.
Hard drive space Approximately 100 MB of hard drive space on the target computer.
Other software

The following software packages are installed by the agent installer if necessary:

  • Microsoft Visual C++ 2013 Redistributable Package for 32-bit or 64-bit.

.NET Framework support

  • On operating systems that support .NET Framework 4.8, all Windows Agent Plugins are migrated to .NET 4.8.
  • Upon upgrade to 2019.4, .NET 4.8 is deployed automatically to operating systems that support .NET 4.8.

For Linux, you may need to install the following manually:

  • Python
  • Python 3 is deployed automatically to Linux agents. During upgrades, all Linux Agent plugins are migrated to Python 3. Orion Platform 2019.2 and earlier require Python 2, versions 2.4.3 and later.
  • The bash shell
Security

The VeriSign Root Certificate Authority (CA) must be current. This is required because the agent software is signed using a VeriSign certificate.

After the agent is installed, it runs as a Local System account and does not require administrative permissions to function.

After the agent is installed, it runs under dedicated swiagent account. Some actions require root access.
Latency

Agents can tolerate up to 500 ms of latency between the remote computer and the SolarWinds Platform server.

 

Cloud instance requirements for the LA database in Azure

Return to top

The cloud instance requirements match the requirements for the LA database server above.

Azure Storage Disk volumes are not your dedicated hardware. Consider using Azure Reserved Instances of storage disk volumes for SQL servers.

Cloud instance requirements for the LA database in AWS

Return to top

You can install Log Analyzer as part of a small deployment with AWS RDS. Use the the Medium Deployment guidelines as seen in the Multi-module system guidelines.

Requirements Small Medium Large XL
Log Analyzer Database See Medium r3.xlarge r5d.4xlarge r5d.4xlarge