Prerequisites for the Pickup LogEvents Service Logging Agent

Get ready for a seamless, high-performance logging experience with the Nodinite Pickup LogEvents Service Logging Agent. This page provides everything you need to prepare your environment for secure, reliable, and scalable integration—whether on-premises or in the cloud.

On this page, you will learn how to:

✅ Ensure your environment meets all software and platform requirements
✅ Configure user rights and firewall settings for secure operation
✅ Optimize for high-performance, on-premises or cloud deployments
✅ Apply best practices for integrating with message brokers, databases, and file systems

This page details the prerequisites for successfully installing and running the Nodinite Pickup Log Events Service Logging Agent.

The diagram above illustrates the supported logging options and how the Pickup LogEvents Service Logging Agent integrates With Nodinite, message brokers, file systems, and databases.

You can install this agent on-premises using TCP/IP for local network access or in the cloud/off-site using Service Bus Relaying. As long as the Log API is accessible on the configured port, you can deploy flexibly. For high-performance installations, install the agent close to the database (ideally on the same network as Nodinite).

We recommend installing this agent near the Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite server).

Software Requirements

|Product|||
|---|---|---|
|Windows Server|Windows 2025
Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012||
|.NET Framework |.NET Framework 4.8 or later
Our recommendation is .NET Framework 4.8.1 or later||
|ActiveMQ |Version 5.0| ActiveMQ using OpenWire|
|AMQP v1.0/ActiveMQ Artemis |Active MQ Version >=5.0|ActiveMQ using AMQP|
|AnypointMQ |Anypoint MQ License | One or more Queues must exist.
This feature is not available on free trial version and to use this feature you need Anypoint MQ license.|
|Blobs|Active Azure subscription | Container + Storage account|
|Event Hub |Active Azure subscription | Event Hub + Storage account (syncpoint)|
|MSMQ |All MSMQ versions with Windows 2008 R2 and later |If you are using MSMQ|
|Service Bus |Active Azure subscription | One or more Queues must exist|

Versions 6.0 and later require .NET Framework 4.8 or later.
Versions 5.4 and later require .NET Framework 4.6.2 or later.
Versions before 5.4 require .NET Framework 4.5.2 or later.

What AnypointMQ User rights does the Pickup LogEvents Service Logging Agent require?

• The agent uses either basic authentication or connected apps, and you must configure an account with Admin rights
  • User name
  • Password
  • Client Id
  • Client Secret

Read more about security for AnypointMQ here

What ActiveMQ User rights does the Pickup LogEvents Service Logging Agent require?

• The agent uses basic authentication and you must configure an account with Admin rights
  • User name
  • Password

Read more about security for ActiveMQ here

What Azure Event Hub User rights does the Pickup LogEvents Service Logging Agent require?

• The Pickup Log Events Service Logging Agent uses a Service Bus Connection string with SAS token credentials.
  The claims must be set as:
  • Manage
  • Listen

For RBAC control:
Assign an Azure role for access to blob data

• Storage Blob Data Reader or Storage Blob Data Contributor.
• The Azure Resource Manager Reader role, at a minimum.

What Azure Service Bus User rights does the Pickup LogEvents Service Logging Agent require?

• The Pickup Log Events Service Logging Agent uses a Service Bus Connection string with SAS token credentials.
  The claims must be set as:
• Manage
• Listen

What MSMQ User rights does the Pickup LogEvents Service Logging Agent require?

• The agent uses integrated security, so the Windows service account for the Pickup Log Events Service Logging Agent must have appropriate user rights on target queues.
• Peek
• Read
• Delete

What File User rights does the Pickup LogEvents Service Logging Agent require?

• The agent uses integrated security, so the Windows service account for the Pickup Log Events Service Logging Agent must have appropriate user rights on file shares.
• Read
• Write
• Delete

What PostgreSQL database User Rights does the Pickup LogEvents Service Logging Agent require?

• The Pickup Log Events Service Logging Agent uses credentials provided by the Configuration.

The account must have logon, read, and write access to the table with the JSON Log Events.

What SQL Server database User Rights does the Pickup LogEvents Service Logging Agent require?

• The Pickup Log Events Service Logging Agent uses credentials provided by the Configuration.
  The account must have logon, read, and write access to the table with the JSON Log Events.

• public - right to logon

• db_datareader - right to read

• db_datawriter - right to write

• db_ddladmin - better performance

Supported Versions

Cloud technologies evolve rapidly, and Microsoft deprecates older API versions periodically. Nodinite always supports the APIs supported by Microsoft. You must update Nodinite and the Pickup Log Events Service Logging Agent as needed.

What Windows User Rights does the Pickup LogEvents Service Logging Agent require?

The agent is installed as a Windows Service, usually on the Nodinite application server. Virtual machines are supported.

• Local named account or domain account (preferred).
• Access and run-time rights
  • Follow the 'How to set logon as a Windows service right' user guide for detailed instructions.

What Nodinite SQL user rights does the Pickup LogEvents Service Logging Agent require?

If you are bypassing the Log API for performance reasons (the only valid reason), then the account running the Pickup Log Events Service Logging Agent must have the following rights assigned:

db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially for remote servers (linked servers). Read more here. Contact our support if you have any questions.

All Nodinite specific databases:

• Configuration Database
  • db_datareader
  • db_datawriter
  • db_ddladmin
  • Grant Execute rights on all existing and future stored procedures:

GRANT EXECUTE TO [Domain\user]

Replace [Domain\user] with the Windows account used for the Pickup Log Events Service Logging Agent.

• Log Databases (can be multiple)
  • db_datareader
  • db_datawriter
  • db_ddladmin

What Firewall settings are required for the Pickup LogEvents Service Logging Agent?

This section describes the network communication requirements between the Pickup Server (where the Pickup LogEvents Service Logging Agent runs) and various Source Systems (message queues, databases, file shares, cloud services) from which log events are collected, as well as connections to the Nodinite Server (Log API and Configuration Database).

Server types: Pickup Server, ActiveMQ Broker, AMQP Broker, Anypoint MQ Cloud, Azure Cloud (Event Hub, Storage, Service Bus), File Server, MSMQ Server, PostgreSQL Server, SQL Server, Nodinite Server

The Pickup LogEvents Service Logging Agent supports multiple source configurations:

1. Between the Pickup LogEvents Service Logging Agent and the ActiveMQ broker(s) - ActiveMQs
2. Between the Pickup LogEvents Service Logging Agent and the AMQP broker(s) - AMQP
3. Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ service - AnypointMQs
4. Between the Pickup LogEvents Service Logging Agent and the Azure Event Hub and Storage - EventHubs, BlobContainers
5. Between the Pickup LogEvents Service Logging Agent and Azure Management API (Service Bus) - Service Bus Queues
6. Between the Pickup LogEvents Service Logging Agent and the File share(s) - Folders
7. Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s) - MSMQs
8. Between the Pickup LogEvents Service Logging Agent and the PostgreSQL database instances - PostgreSQLs
9. Between the Pickup LogEvents Service Logging Agent and the SQL Server database instances - SQLServers
10. Between the Pickup LogEvents Service Logging Agent and the Configuration Database
11. Between the Pickup LogEvents Service Logging Agent and the Log API

The diagram above shows the network communication paths and required ports for the Pickup LogEvents Service Logging Agent, Nodinite, and related services.

1. Between the Pickup LogEvents Service Logging Agent and the ActiveMQ Broker(s)

ActiveMQ Connection (Pickup Server → ActiveMQ Broker)

The Pickup Service connects to ActiveMQ brokers to consume log events from queues.

Tip

Custom Ports: The default ActiveMQ port is 61616. If your ActiveMQ broker uses a custom port configuration, adjust the firewall rules accordingly.

Tip

SSL/TLS: If you use SSL/TLS for secure communication, additional ports must be opened. Consult your ActiveMQ configuration for the SSL port (commonly 61617).

Tip

Multiple Brokers: If you have multiple ActiveMQ brokers (clustered or failover configuration), ensure firewall rules allow connectivity to all broker instances.

2. Between the Pickup LogEvents Service Logging Agent and the Anypoint MQ Service

Anypoint MQ API Connection (Pickup Server → Anypoint MQ Cloud)

The Pickup Service connects to MuleSoft Anypoint MQ cloud service via HTTPS REST API.

Tip

Anypoint MQ Credentials: Ensure the Pickup Service has valid Anypoint MQ client credentials (Client ID and Client Secret) configured for authentication.

Tip

Regional Endpoints: Anypoint MQ uses regional endpoints. Ensure firewall allows connectivity to your specific region (e.g., US, EU).

Note

No Inbound Rules: No inbound firewall rules are required on Anypoint MQ cloud service. The Pickup Service initiates all connections.

3. Between the Pickup LogEvents Service Logging Agent and the Event Hub Service

Event Hub Connection (Pickup Server → Azure Event Hub)

The Pickup Service connects to Azure Event Hub using AMQP or HTTPS protocols. The following ports must be open for outbound communication with *.servicebus.windows.net.

Tip

Protocol Selection: Azure Event Hub supports HTTPS (port 443) and AMQP (ports 5671-5672). AMQP offers better performance for high-throughput scenarios.

Tip

EnableLinkRedirect: If EnableLinkRedirect=true (default) in the Configuration, additional dynamic ports (104XX range) may be used. This option is not yet in common use. Review the AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide.

Note

Event Hub Troubleshooting: For connectivity issues, review the Azure Event Hubs troubleshooting guide.

Azure Storage Connection (Pickup Server → Azure Storage)

When using Event Hub with checkpointing or blob storage, the Pickup Service requires connectivity to Azure Storage accounts.

Important

Azure Storage Firewall Rules: The administrator may have firewall rules in place at multiple levels:

• Virtual Machine (VM-level firewall)
• Storage Account (Azure Storage firewall)
• Virtual Network (VNet service endpoints or private endpoints)

If Azure Storage firewalls are enabled, you must whitelist the public IP address(es) of the Pickup Server. Review the Configure Azure Storage firewalls and virtual networks guide.

4. Between the Pickup LogEvents Service Logging Agent and Azure Service Bus

Azure Service Bus Connection (Pickup Server → Azure Service Bus)

The Pickup Service connects to Azure Service Bus queues and topics using the Azure Management API.

Tip

Service Bus vs Event Hub: Azure Service Bus shares similar protocols with Event Hub (HTTPS and AMQP). Review the Event Hubs frequently asked questions for comparison.

Tip

AMQP Protocol: For AMQP details, review the AMQP 1.0 in Azure Service Bus and Event Hubs protocol guide.

Note

Azure Storage Firewall: If you have secured your Azure Storage (used with Event Hub checkpointing), you may need to whitelist the public IP address of the Pickup Log Events Service Logging Agent. Review Configure Azure Storage firewalls and virtual networks.

5. Between the Pickup LogEvents Service Logging Agent and the File Share(s)

SMB Connection (Pickup Server → File Server)

When Log Events are written to a remote file share, the Pickup Log Events Service Logging Agent uses the SMB protocol to access the files.

Tip

SMB Versions: Port 445 is used for SMB 2.x and 3.x (modern, preferred). Ports 135-139 are for legacy SMB 1.0 over NetBIOS. Disable SMB 1.0 for security.

Tip

SMB Permissions: Ensure the Pickup Service account has Read permissions on the file share and NTFS folders.

Tip

UNC Path Format: Use UNC paths (e.g., \\FileServer\Share\Logs) in the Pickup Service configuration.

Note

SMB Documentation: For full details, review the Microsoft SMB: File and printer sharing ports should be open guide and Internet firewalls can prevent browsing and file sharing.

6. Between the Pickup LogEvents Service Logging Agent and the MSMQ Server(s)

MSMQ Connection (Pickup Server → MSMQ Server)

The Pickup Service connects to Microsoft Message Queuing (MSMQ) servers to consume log events from queues.

Tip

MSMQ Port Configuration: MSMQ uses multiple ports for different operations. Port 1801 is the primary MSMQ port. Ports 2101, 2103, and 2105 are used for RPC communications.

Tip

RPC Dynamic Ports: MSMQ uses RPC (port 135) for endpoint mapping. The actual communication may use dynamic ports. Consult your network administrator for RPC port range configuration.

Tip

MSMQ Protocols: MSMQ supports both TCP (reliable) and UDP (faster, less reliable) protocols. The protocol selection depends on your queue and network configuration.

Note

MSMQ Documentation: For complete MSMQ port details, review the Microsoft guide TCP ports, UDP ports, and RPC ports that are used by Message Queuing.

7. Between the Pickup LogEvents Service Logging Agent and PostgreSQL Instance

PostgreSQL Connection (Pickup Server → PostgreSQL Server)

The Pickup Service connects to PostgreSQL databases to query log events from tables. PostgreSQL by default uses TCP port 5432.

Tip

Custom Ports: PostgreSQL can be configured to use custom ports. If your PostgreSQL instance uses a non-default port, adjust the firewall rules and Pickup Service configuration accordingly.

Tip

SSL/TLS: For secure connections, PostgreSQL supports SSL/TLS on the same port (5432). No additional firewall ports are required for SSL.

Tip

PostgreSQL Authentication: Ensure the Pickup Service has valid PostgreSQL credentials (username, password) and database permissions to query log event tables.

8. Between the Pickup LogEvents Service Logging Agent and SQL Server Instance

SQL Server Connection (Pickup Server → SQL Server)

The Pickup Service connects to SQL Server instances with the [LogEvents] table to query and consume log events.

Tip

Comprehensive SQL Server Guides: See the SQL Server Connection Strings and SQL Server Firewall Configuration pages for:

• Connection string formats (default instance, named instance, Always On Availability Groups)
• Detailed port requirements and RPC dynamic port configuration
• Certificate validation and encryption settings
• Troubleshooting connectivity issues
• Testing with PowerShell commands

9. Between the Pickup LogEvents Service Logging Agent and the Log API

Log API Connection (Pickup Server → Nodinite Server)

When logging is enabled, the Pickup Service sends its own operational log events to the Nodinite Log API.

Tip

Local Server Performance: If the Pickup LogEvents Service Logging Agent and the Log API are on the same server, use HTTP (port 80) for better performance. Information is not exposed outside the server.

Tip

HTTPS for Production: When the Pickup Service and Log API are on different servers, use HTTPS (port 443) for secure communication.

Tip

Optional Logging: Log API connectivity is only required if you enable operational logging for the Pickup Service itself. This is optional and used for monitoring the Pickup Service's own operations.

10. Between the Pickup LogEvents Service Logging Agent and the Configuration Database

Configuration Database Connection (Pickup Server → Nodinite Server)

The Pickup Log Events Service Logging Agent connects to the Nodinite Configuration Database to retrieve configuration settings, source definitions, and scheduling information.

Tip

Configuration Database Requirements: The Configuration Database connection is mandatory. The Pickup Service reads its configuration (sources, schedules, connection strings) from this database.

Tip

Windows Authentication: Use Windows Authentication (recommended) for the Configuration Database connection. Ensure the Pickup Service account has SQL Server login and database permissions.

Tip

Named Instances: If the Configuration Database is on a SQL Server named instance, use dynamic port detection or configure a static port. Review SQL Server Configuration Manager for port details.

Tip

RPC Dynamic Ports: For SQL Server named instances, RPC dynamic port allocation may apply. Review How to configure RPC dynamic port allocation to work with firewalls.

Note

DNS Resolution: All network communications require DNS resolution (TCP/UDP port 53) to resolve server hostnames to IP addresses. Windows must know where your servers are. This can also be configured using static entries in the hosts file on each Windows server. Review the Microsoft DNS documentation.

Important

Stateful Firewalls: Modern firewalls are stateful and automatically allow response traffic for established outbound connections. The "Inbound" entries in the tables above represent response traffic and typically require no additional firewall rules when using stateful firewalls. Consult your network administrator to verify your firewall configuration.

Frequently Asked Questions

Find additional solutions to common problems and the FAQ for the Nodinite Pickup Log Events Service Logging Agent in the Troubleshooting user guide.

Make sure to subscribe to our Release Notes.

Next Step

Install the Pickup LogEvents Service Logging Agent

Related Topics

Administration