Changing the ports for third-party device monitoring

It is recommended to set your third-party devices to send data to the default ports that the Log Server listens to.

The default listening ports are:

Windows — The Log Server listens to syslog on port 514 and SNMP traps on port 162.
Linux — The Log Server listens to syslog on port 5514 and SNMP traps on port 5162.
Windows and Linux — The Log Server listens to NetFlow and IPFIX data on port 2055.

If necessary, you can change the ports for syslog, SNMP, NetFlow, and IPFIX reception, but the port number in Linux must always be higher than 1024.

If it is not possible to reconfigure the third-party device to send syslog data, SNMP traps, NetFlow data, or IPFIX data to the correct port, you have other options. You can redirect traffic to a different port using an intermediate network device or on the Log Server, using iptables in Linux:

iptables -t nat -A PREROUTING -p udp -m udp --dport 514 -j REDIRECT --to-ports 5514