This is applicable only for Log360 Cloud

Prerequisites for Log360 Cloud Agent

Last updated on: September 12, 2025

This document lists the prerequisites that have to be met to run the Log360 Cloud agent.

In this page

Required ports
Required permissions
Hardware Requirements
Operating System Requirements
Supported log and data sources
RAM Requirement Approximation
URL whitelisting
Resolution requirement

Required ports

The Log360 Cloud Agent requires the following ports to communicate with the cloud application server and to listen to the syslogs.

Port Numbers	Ports Usage	Description
443 (TCP)	Communication with cloud server	This is the default port used by the Log360 Cloud agent to communicate with the cloud application server.
513, 514 (UDP)	Syslog listener port	These are the default Syslog listener ports for UDP. Ensure that the devices are configured to send Syslogs to any one of these ports.
514 (TCP)	Syslog listener port	This is the default Syslog listener port for TCP. Ensure that devices are configured to send Syslogs to this port.

Log360 Cloud Agent and devices in your network use the following ports for WMI, RPC, SMB, LDAP and DCOM services.

Port Numbers	Ports Usage	Description
135, 445, 139 (TCP)	WMI, DCOM, RPC	These are the traffic ports for the Log360 Cloud agent. The same ports will be used as incoming traffic ports in the devices and must be opened. Windows services DCOM, WMI, and RPC use these ports, while Log360 Cloud agent uses these services to collect logs from Windows machines in default mode (Event Log mode).
49152-65534 (TCP)	WMI, DCOM, RPC	These are the incoming traffic ports in the Log360 Cloud agent. The same ports will be used as outgoing traffic ports in the devices and must be opened. DCOM uses callback mechanism on random ports between 49152-65534 for Windows Server 2008 and 1024-65534 for previous versions.
389	LDAP	This port is used for domain discovery, it allows application to query directory services, such as Active Directory, to discover information about domains.
139, 445, 135 1024-65535	SMB RPC	These ports are used for workgroup discovery, SMB & RPC services are used to discover other computers in the workgroup.
139 135, 137, 138	SMB RPC	These ports are for event source discovery. SMB and RPC is used for interacting with remote machines and identifying event log sources.

Required permissions

Agent orchestration

Log360 Cloud Agent is manually installed on Windows devices, following permissions needs to be enabled for agent installation.

Action	Permissions
Windows Agent Installation	User Permissions	Agent Installation:Enable read,write and modify files in "C:/Program Files (x86)" for 64-bit Windows systems and "C:\Program Files" for 32-bit Windows systems. Agent Upgrade: Enable read, write and modify permission to files in "C:\ProgramData"
Windows Agent Management	User Permissions	Access/Read/Write registry keys - SOFTWARE\Wow6432Node\ZOHO Corp\Log360Cloud\(or) SOFTWARE\ZOHO Corp\Log360Cloud\

Log collection

Following permissions are needed for log collection using Log360 Coud.

Action	Permissions
WMI Log Collection	User Groups	Event Log Readers Distributed COM Users
WMI Log Collection	User Permissions	Enable Account Remote Enable Read Security Execute Methods
Syslog Collection	Environmental variables	The "Syslog listener port" mentioned in "Ports Requirements" should be allowed in firewall.
Auto Log Forwarding	User Rights	Service restart rights for 'rsyslog' or 'syslog' service.
Auto Log Forwarding	User Permissions	Enable "rw" permission to files (/etc/ rsyslog.conf or /etc/syslog.conf)

Discovery

Action	Permissions
Event Source Discovery	User Permissions	At least read control should be granted for winreg registry key. (Computer\HKEY_LOCAL _MACHINE\SYSTEM\CurrentControl Set\Control\SecurePipe Servers\winreg) Full control permission should be granted for credentials in the EventLog registry key. (Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog).
Event Source Discovery	Environmental Variables	Remote registry service should be running. Should have files in event file location. (C:\Windows\System32\winevt\Logs). "C$" should be enabled in remote device in order to configure event source files.
Windows Domain Discovery	User Permissions	User should have read permission to Active Directory Domain Objects. Permission to run LDAP query in ADS_SECURE_AUTHENTICATION mode should be present.
Windows Workgroup Discovery	User Permissions	Permission to run WinNT query in ADS_SECUREAUTHENTICATION mode.

Hardware Requirements

This section provides information about the hardware requirements for the Log360 Cloud agent.

For 32-bit machines

1 GHz, 32-bit (x86) Pentium Dual Core processor or equivalent
2 GB RAM
100 MB disk space

For 64 bit machines

2.80 GHz, 64-bit (x64) Xeon® LV processor or equivalent
2 GB RAM
100 MB disk space

Windows agent requirements

For the Windows agent to run properly, please ensure the following requirements are fulfilled. The below table denotes the suggested hardware requirements & maximum supported EPS based on the type of flow.

				Low flow	Normal flow	High flow
Minimum Processor Cores needed in the agent machine				4	6	12
Maximum Log EPS (Events per second)	Log Category (size in bytes)	Log Type
		Windows (900 bytes)	Windows				300	1500	3000
	Type 1 Syslog (150 bytes)	Linux, HP, pfSense, Juniper				2000	10000	20000
	Type 2 Syslog (300 bytes)	Cisco, Sonicwall, Huaweii, Netscreen, Meraki, H3C				1500	6000	12000
	Type 3 Syslog (450 bytes)	Barracuda, Fortinet, Checkpoint				1200	4000	7000
	Type 4 Syslog (600 bytes)	Palo Alto, Sophos, F5, Firepower, and other syslog				800	2500	5000

Note

The free disk space must be at least 1GB greater than the maximum size of the data directory configured in the agent settings page if offline log collection is enabled.
A single agent can handle either a maximum of 3000 Windows logs or any of the high flow values mentioned for each log type in the above table.
For log types which are not mentioned in the above table, choose the appropriate category based on the log size.

Operating System Requirements

The Log360 Cloud agent can be installed and run on the following operating systems (both 32 Bit and 64 Bit architecture) and versions:

Windows®

Windows 7 & above
Windows Server 2008 & above

Supported Logs and Data Sources

Log360 Cloud can collect, index, analyze, search, and report on logs from various devices, platforms and services. To know the latest supported logs and data sources.

Note

For analyzing logs from Windows NT machine, WMI core should be installed on the Windows NT machine.
Syslogs received from SNARE agents for Windows will be displayed as Windows devices.

RAM Requirement Approximation

The recommended RAM size of the machine in which the Log360 Cloud agent has been installed is 1 GB.

URL whitelisting

The following URLs have to be whitelisted in all the devices that have the Log360 Cloud agents for the agents to function effectively:

For the US region:

log360cloud.manageengine.com
upload.zoho.com
*dms.zoho.com
staticdownloads-log360cloud.zohodl.com

For the EU region:

log360cloud.manageengine.eu
upload.zoho.eu
*dms.zoho.eu
staticdownloads-log360cloud.zohodl.com

For the AU region:

log360cloud.manageengine.com.au
upload.zoho.com.au
*dms.zoho.com.au
staticdownloads-log360cloud.zohodl.com

For the IN region:

log360cloud.manageengine.in
upload.zoho.in
*dms.zoho.in
staticdownloads-log360cloud.zohodl.com

For the JP region:

log360cloud.manageengine.jp
upload.zoho.jp
*dms.zoho.jp
staticdownloads-log360cloud.zohodl.com

For the CA region:

log360cloud.manageengine.ca
upload.zohocloud.ca
*dms.zohocloud.ca
staticdownloads-log360cloud.zohodl.com

Resolution requirement

Log360 Cloud requires a minimum browser resolution of 1280x720 to avoid UI distortion.