Firewall recommendations for file audit logging, watch folder API, and clustered watch folder
Port access and firewall protection information for file audit logging, watch folder API, and clustered watch folder activities.
File audit logging, watch folder API, and clustered watch folder use the following ports.
| Port Number | Protocol | Service Name | Components involved in communication |
|---|---|---|---|
| 9092 | TCP | IBM Spectrum Scale | File audit logging, watch folder API, and clustered watch folder |
| 9093 | TCP | IBM Spectrum Scale | File audit logging, watch folder API, and clustered watch folder |
| 21811 | TCP | IBM Spectrum Scale | File audit logging, watch folder API, and clustered watch folder |
| 2888 - 3888 (1000 ports)1 | TCP | IBM Spectrum Scale | File audit logging, watch folder API, and clustered watch folder |
- Ports 2181 and 2888 - 3888 (1000 ports) are required by the ZooKeeper component of the message queue, which is required for file audit logging, watch folder API, and clustered watch folder to function. For improved security, it is recommended that these ports be blocked from outside of the cluster so that only nodes within the IBM Spectrum Scale cluster can access them. This action is recommended because the SASL SCRAM passwords and ACL information that is used by the message queue are stored in the databases of the ZooKeepers.