A USM Anywhere Sensor deployed in AWS to a virtual private cloud (VPC) automatically listens for syslog packets on UDP port 514, but you must enable access to it. This allows the other hosts in your network to send data to the sensor. You enable this access by opening this port using the AWS Security groups that were created by the CloudFormationCloudFormation templates define specific AWS resources (for example, Amazon EC2 instances and IAM permissions) that enable AWS to automate the provisioning and configuration of the service ("stack"). template that you used to deploy the sensor.
The AWS Security Groups
There are three AWS Security Groups that help control network connectivity between the instances:
USMConnectionSG — Accepts incoming HTTP, HTTPS, and SSHProgram to securely log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another through Secure Copy (SCP). connections from the CIDRClassless Inter-Domain Routing, which provides a method for allocating IP addresses, routing Internet protocol packets, and subdividing networks. CIDR notation provides a syntax for specifying a range of IP addresses. block you specified when you completed the CloudFormation template parameters.
These connections are only required to enable remote sensor management, and to connect to the web UI during deployment and setup.
- USMServicesSG — Accepts incoming UDP connections on port 514 from any VM instance in the USMBaseSG.
USMBaseSG — Does not have inbound nor outbound rules, nor is it assigned to the sensor.
It exists solely as a convenience, so that you can assign it to VMs for connection to UDP over port 514 on the sensor as specified in the USMServicesSG.
UDP Port 514
You can open UDP port 514 to receive syslog packet transmissions from the AWS console using any one of the following methods:
- Assign the USMBaseSG Security Group to the selected VMs by navigating to Networking > Change Security Groups action. (You can also do this through the AWS CLI.)
- Add the default Security Group from your VPC to the USMServicesSG. This allows all the VMs in that Security Group to send to port 514 UDP.
- Put the AWS Sensor in the default Security Group from your VPC. This gives all of the VMs in the local VPC full access to all ports on the sensor.