System Requirements
Supported Operating Systems
Recommended:
Oracle Linux 8.x, 9.x — Unbreakable Enterprise Kernel (UEK)
Supported:
Red Hat Enterprise Linux 8.x, 9.x
AlmaLinux/Rocky Linux 8.x, 9.x
CentOS Stream 9.x
Note
CentOS Stream 8.x is not supported. Only CentOS Stream 9.x is a supported platform.
Supported Web Browsers
Google Chrome 90+
Mozilla Firefox 88+
Opera 76+
Microsoft Edge 90+
Safari 14+
Software Dependencies
Component |
Required Version |
Notes |
|---|---|---|
OpenJDK |
21 |
64-bit required; bundled with installation package |
NodeJS |
20.x |
ELS Console dependency; bundled with installation package |
Network Communication Requirements
From |
To |
Port |
Protocol |
Description |
|---|---|---|---|---|
SIEM Agent |
ELS Data Node |
1514 |
TCP |
SIEM Agent connection service, default protocol |
ELS Data Node |
1514 |
UDP |
SIEM Agent connection service, alternative protocol (disabled by default) |
|
ELS Data Node |
1515 |
TCP |
SIEM Agent enrollment service |
|
ELS Data Node |
ELS Data Node |
1516 |
TCP |
SIEM cluster daemon |
Syslog source |
ELS Data Node |
5514 |
UDP |
SIEM Syslog collector, default protocol (port forward from 514; disabled by default) |
ELS Data Node |
5514 |
TCP |
SIEM Syslog collector, alternative protocol (port forward from 514; disabled by default) |
|
ELS Console |
ELS Data Node |
55000 |
TCP |
SIEM server RESTful API |
ELS components, integrations |
ELS Data Node |
9200 |
TCP |
OpenSearch REST API (data, license verification, integrations) |
ELS Data Node |
Other ELS Data Node |
9300 |
TCP |
Data Node cluster transport (cross-cluster search uses the same port) |
User browser |
ELS Console |
5601 |
TCP |
Default GUI |
ELS Console |
5602 |
TCP |
Admin console |
|
ELS Console |
5603 |
TCP |
Wiki GUI |
|
ELS Console |
Every Network Node |
9000 |
TCP |
Manage files, services and pipelines |
ELS Network Node |
Kafka broker |
9092 |
TCP |
Message queue (data transport between probes and to Data Node) |
ELS Network Node |
Kafka broker |
9093 |
TCP |
Kafka broker SSL listener (when TLS is enabled) |
Kafka broker |
Zookeeper |
2181 |
TCP |
Kafka and Zookeeper coordination |
Zookeeper node |
Other Zookeeper node |
2888 |
TCP |
Zookeeper peer communication (multi-node) |
Zookeeper node |
Other Zookeeper node |
3888 |
TCP |
Zookeeper leader election (multi-node) |
NetFlow exporter |
ELS Network Node |
2055 |
UDP |
NetFlow/IPFIX collector (pmacct) |
sFlow exporter |
ELS Network Node |
6343 |
UDP |
sFlow collector (pmacct) |
localhost |
ELS Network Node |
9600 |
TCP |
Network Probe monitoring API (bound to localhost, not exposed externally) |
Masteragent |
ELS Network Node |
8080 |
TCP |
Masteragent → Network Probe communication |
ELS Network Node |
Masteragent server |
8081 |
TCP |
Network Probe → masteragent server callback |
All ports above are defaults; each component allows the port to be changed in its configuration file.
Hardware Requirements
Minimum Requirements (Development/Testing)
Component |
CPU |
RAM |
Storage |
Network |
|---|---|---|---|---|
All-in-One |
8 cores |
32 GB |
500 GB SSD |
1 Gbps |
ELS Data Node |
6 cores |
16 GB |
200 GB SSD |
1 Gbps |
ELS Console |
4 cores |
8 GB |
50 GB |
1 Gbps |
ELS Network Node |
6 cores |
8 GB |
50 GB |
1 Gbps |
Production Requirements (Recommended)
Component |
CPU |
RAM |
Storage |
Network |
|---|---|---|---|---|
ELS Data Node |
16+ cores |
64 GB |
1 TB NVMe SSD |
10 Gbps |
ELS Console |
8 cores |
32 GB |
200 GB SSD |
1 Gbps |
ELS Network Node |
8 cores |
32 GB |
200 GB SSD |
10 Gbps |
For deployment architecture options and sizing guidance, see Deployment Scenarios.