Tanzu Platform for Cloud Foundry 4.0

Loggregator network communications

Last Updated March 13, 2025

The tables here show Loggregator internal network communication paths with other VMware Tanzu Application Service for VMs (TAS for VMs) components.

For more information about Loggregator components and architecture, see Loggregator components and architecture.

Loggregator communications

The following table lists network communication paths for Loggregator:

Source VMDestination VMPortTransport Layer ProtocolApp Layer ProtocolSecurity and Authentication
Any*loggregator_trafficcontroller8081TCPHTTP/WebSocketOAuth
Any VM running Loggregator Agentdoppler8082TCPgRPC over HTTP/2Mutual TLS
loggregator_trafficcontrollerdoppler8082TCPgRPC over HTTP/2Mutual TLS
loggregator_trafficcontrolleruaa8443TCPHTTPSTLS
loggregator_trafficcontrollercloud_controller9023TCPHTTPSMutual TLS
loggregator_trafficcontroller (Reverse Log Proxy)doppler8082TCPgRPC over HTTP/2Mutual TLS
loggregator_trafficcontroller (Route Registrar)nats4222TCPNATSBasic authentication
loggregator_trafficcontroller (Metrics Forwarder)BOSH Director (Metrics Server)25555 and 8443TCPgRPC over HTTP/2Mutual TLS
loggregator_trafficcontrollerlog_cache8080TCPgRPC over HTTP/2Mutual TLS
loggregator_trafficcontroller (Reverse Log Proxy Gateway)cloud_controller9023TCPHTTPSMutual TLS
Any*loggregator_trafficcontroller (Reverse Log Proxy Gateway)8088TCPHTTP/Server Sent EventsOAuth

*Any source VM can send requests to the specified destination within its subnet.

**Any host configured through a user-provided service binding with a syslog URL.

***Any port configured through a user-provided service binding with syslog URL.

****Basic authentication only supported for HTTPS syslog drains.

Log Cache communications

The following table lists network communication paths for Log Cache:

Source VMDestination VMPortTransport Layer ProtocolApp Layer ProtocolSecurity and Authentication
Any VM running Loggregator Syslog Agent*log_cache6067TCPSyslogTLS
Any**log_cache8080TCPgRPC over HTTP/2Mutual TLS
log_cache (Nozzle)***loggregator_trafficcontroller (Reverse Log Proxy)8082TCPgRPC over HTTP/2Mutual TLS
gorouterlog_cache (Auth Proxy)8083TCPHTTPOAuth
log_cache (Auth Proxy)uaa8443TCPHTTPSTLS
log_cache (Auth Proxy)cloud_controller9024TCPHTTPSTLS

*When Log Cache is configured to use Syslog ingestion.

**Any source VM can send requests to the specified destination within its subnet.

***When Log Cache is configured to use Reverse Log Proxy ingestion.

BOSH DNS communications

By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.