Hi, maybe daft question, but what protocol port does Winlogbeat use to send from on PCs?
In general Winlogbeat (and all Beats) connects to the remote destination over TCP.
Any answers above that layer depend on the output you are using, what protocol (network layer) you are asking about, and whether you have configured TLS.
I'm outputting direct to elasticsearch, so is there no specific send port, just the destination/listening port of 9200 then?
For the elasticsearch output (without TLS) the transport protocol and destination port is tcp/9200. The source port is ephemeral. The application layer protocol is HTTP.
Thanks Andrew, needed to find out in a hurry and all sorted now.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.