- 6 minutes to read

Prerequisites for the Logging Service

This page describes the prerequisites for successfully installing and running the Logging Service. The Logging Service is a Windows Service installed as part of the Core Services package.

Nodinite Log Database Checklist

The Logging Databases sits at the end of the "spider web" and on a single box machine, you may have virtually no administration at all to get everything working. On the other hand, in a locked-down distributed environment spanning multiple servers with network load balancing, firewalls, network zones (WLAN's), domains, DNS, group policies, anti-virus/anti malware, SQL Server clusters, SQL Server Always On, ... you may end up spending a lot of hours to get every piece of the puzzle in place.

Rest assure, Nodinite is built on Microsoft standard products and these form the very foundation for most enterprise business applications of today. We are working hard on cloud-enabling Nodinite as the required services mature one piece at a time to make sure you get a future proof solution for your business.

Verified Topic
MSDTC
Windows rights
Trusted for delegation
Database rights
Firewall

Use the checklist above to verify that you have performed all steps required to get Nodinite flying (most probably already managed when you performed similar tasks for the Configuration Database)


Microsoft Distributed Transaction Coordinator (DTC)

The Log Database is involved in all SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.

You must configure the DTC as documented otherwise Nodinite will not be able to function

What Windows rights does the Logging Service require?

The Logging Service is a Windows Service and requires privileges as described in the 'Windows Service Account' page.

Trusted for delegation

The Logging Service initiates a process that may span multiple Log Databases and also some BizTalk Server Databases if Logging from BizTalk is enabled. For the account, running the Logging Service, to authenticate with SQL Server, Kerberos must be properly configured. This is detailed in the Trusted for delegation part of the Log Database prerequisites user guide.

What SQL Rights does the Logging Service require?

For performance reasons the Logging Service accesses the databases directly using the Windows Service Account configured.

graph LR subgraph "SQL Server" roConfigDatabase(fal:fa-database Configuration database) --- |Linked Server| roLogDatabase(fal:fa-database fal:fa-database fal:fa-database Log databases) end subgraph "Application Server" roLoggingService(fa:fa-hdd Logging Service) --- roConfigDatabase end

The Logging Service must have the following SQL rights assigned:

Instance specific settings

Apply settings for The Windows account used for running the Logging Service (Windows Service)

All SQL Instance(s) - Where Configuration Database and Log Databases are located:

Account

The account running the Logging Service must exist on each SQL server node.

Account rights

  • public - Rights to logon to instances and databases
  • dbcreator - Rights to create new IMLog databases
  • diskadmin - Rights to create database files for new databases
  • securityadmin - Rights to assign rights on new databases
  • db_ddladmin - se note below
  • Shrink Rights - Nodinite performs the shrink command on old Log* Databases (NOT the current online database) which requires membership in the sysadmin fixed server role and/or the db_owner fixed database role. See more here

Note: db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.

Database specific settings

Apply settings on each and every SQL instance where Nodinite databases are hosted.

You must repeat the security settings on all nodes if you are using SQL Server High Availabilty.

Master

< SQL Server 2016 >= SQL Server 2016
db_datareader db_owner

MSDB

  • db_datareader
  • db_datawriter
  • db_ddladmin
  • Grant Execute rights on all existing and future stored procedures:
    GRANT EXECUTE TO [Domain\user]
    
    Replace [Domain\user] with the Windows account being used for the Logging Service

Nodinite databases

  • Configuration Database

    • db_datareader
    • db_datawriter
    • db_ddladmin
    • sysadmin or at least db_owner
  • NodiniteLog* (can be multiple )

    • db_datareader
    • db_datawriter
    • db_ddladmin
    • sysadmin or at least db_owner

Note: **See specific text for SQL instance above for membership in either sysadmin and/or db_owner for automatic shrink of Nodinite related databases

What Firewall settings are required for the Logging Service

The Logging Service requires both inbound and outbound ports to be opened. Since Nodinite is highly configurable, the actual ports in use may differ from what's being exampled here.

  1. TCP Ports between Logging Service and Web API
  2. TCP Ports between Logging Service and SQL Server You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:
Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 DTC/RPC This port is shared between many Windows Services
1433/... SQL Server instance ports (multiple) Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

1. TCP Ports between Logging Service and Web API

Nodinite shows the state of the Logging service for Users within the Web Client. The Web Client asks the Web API which in turns queries the Logging Service. The Logging Service uses the Web API to provide all its features.

graph LR subgraph "Windows Server" roLoggingService(fa:fa-hdd Logging Service) end subgraph "Web Server" roWebAPI(fal:fa-cloud-sun Web API) roLoggingService-->|8000| roWebAPI roWebAPI -->|8000| roLoggingService end

2. TCP Ports between Logging Service and SQL Server

You must ensure that TCP ports used are allowed by your firewalls, depending on location of the SQL database the actual ports used may differ. The following Windows Services are involved:

  • RPC Ports, kerberos 88 TCP
  • SQL Server ports, usually 1433, depends on your actual configuration
  • DTC - Facilitates transactional support
  • DNS - Windows needs to know where your servers are (can of course also be solved using hosts)
    • 53 both TCP/UDP
graph LR subgraph "SQL Server" roConfigDatabase(fal:fa-database Configuration database) --- |Linked Server| roLogDatabase(fal:fa-database fal:fa-database fal:fa-database Log databases) end subgraph "Application Server" roLoggingService(fa:fa-hdd Logging Service) --- |SQL, DTC, DNS, RPC, ...| roConfigDatabase end

Frequently asked questions

Common problems and FAQ for the Logging Service can be found in the troubleshooting page.


Next Step

Install Nodinite
System Parameters
Search Fields

Message Types