Skip to main content
Skip table of contents

Map Ports

The Application Manager window is the form used to display and manage mapping ports. Application records define an application and its ports and protocols so that MPE rules can identify a log origin. For example, if TCP port 53 is mapped to the DNS application, then rules that identify traffic on TCP port 53 can associate it correctly with DNS. Rules can also be set to associate all logs that match a particular application record automatically, regardless of port and protocol.

An association between an application and a port or protocol is global. There can only be one unique pairing for a single LogRhythm deployment.
  1. On the main toolbar, click Deployment Manager.
  2. On the Tools menu, click Knowledge, and then click Application Manager.
  3. Select the Application record to modify.
  4. On the File menu, click Properties
    The Application Properties window appears.
  5. Map the ports according to the following guidelines, extracted from http://www.iana.org/assignments/port-numbers on August 4, 2008.
    • Well Known Ports. The Well Known Ports are those from 0 through 1023. DCCP Well Known ports SHOULD NOT be used without IANA registration.
    • Registered Ports. The registration procedure is defined in [RFC4340], Section 19.9. The Registered Ports are those from 1024 through 49151. DCCP Registered ports SHOULD NOT be used without IANA registration. The registration procedure is defined in [RFC4340], Section 19.9.
    • Dynamic and Private Ports. The Dynamic or Private Ports are those from 49152 through 65535. A value of 0 in the port numbers registry below indicates that no port has been allocated.
  6. Click OK when finished.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.