You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Laserfiche Audit Trail for Forms - New Listening Port

posted on January 25, 2023 Show version history

After downloading and installing Laserfiche Forms 11 Update 3, we attempted to get the new Auditing service setup within Forms/Audit Trail. However, Forms failed to connect to the Audit Trail service:

 

After investigating further, I found that Forms was trying to connect to Audit Trail over TCP Port 10256 (which was not open between the system hosting Forms and the system hosting Audit Trail in our environment).

 

I found this to be an odd port number, in comparison to Laserfiche service ports historically (which are generally in the 5000s or 8000s). However, I did confirm that Audit Trail was listening on this port:

 

Digging a little further, I found that Audit Trail includes a new service -- Laserfiche Audit Trail Event Hub:

 

This is the Service that is listening on the new port (TCP Port 10256). I further confirmed this by finding/referencing a configuration file for this service:

C:\ProgramData\Laserfiche\AuditAnalytics\AuditEventHub.json

 

This file shows the static setting for that listening port:

 

However, thus far, I don't see this information published in any documentation, so I decided to come here for more insight.

 

I see this new service listening on both of the following ports:

  • TCP Port 5085
  • TCP Port 10256

 

Though, I confirmed that Laserfiche Forms is only trying to connect via TCP Port 10256.

 

 

My questions:

  1. Can I get a brief explanation of these 2 ports, and what each port is used for?
  2. Will these ports be published in the "Default Network Ports" documentation?

 

Thanks in advance!

 

3 0
replied on January 27, 2023 Show version history

First, nice sleuthing!

The Laserfiche Audit Trail Event Hub is a new service with a message queue and listener on TCP port 10256. Forms sends messages with audit event logs to that listener, where they are received by the service, and then read by other services to write out to disk, index in the reporting search catalog, etc. The contents of these Forms audit log messages are encrypted by default, independent of TLS.

TCP port 5085 is the Audit Event Hub's local service port. It's an internal port and doesn't need to be open on the network firewall. Other local Audit Trail components like the /AuditTrailConfig IIS app connect to the Audit Event Hub service on this port. You can find its config reference in "C:\Program Files\Laserfiche\Audit Trail\AuditEventHub\appsettings.json" (changing this port is not currently supported).

The latest revision of the Hosting Laserfiche Forms 11 In A Perimeter Network (DMZ) white paper lists port 10256:

3 0
replied on January 30, 2023

@████████ great information, and thank you for the follow-up!!

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.