The collector plays a central role in Auvik's monitoring as it gathers data from your devices and sends it to the Auvik servers for processing. As such, it may require network administrators to tailor configurations (particularly in firewalls or proxies) to allow that communication to pass through.
- Communication between the collector and the site's internal network
- Communication between the collector and the Auvik cloud
- Using Auvik through a proxy server
- Cloud ping checks
Communication between the collector and the site's internal network
Note: It is recommended that the collector be given a static IP address; this is to ensure protocols like SNMP, Netflow (Traffic Insights) and syslog function correctly. These protocols typically are locked to a specific IP.
To see and communicate with your network, the Auvik collector uses these communications protocols:
- HTTPS
- SNMP
- SSH (Secure Shell)
- Telnet*
- TFTP (Trivial File Transfer Protocol) / FTP
- MDNS (multicast Domain Name System)
- SMB (Server Message Block)
- ICMP (Internet Control Message Protocol)
- UPnP (Universal Plug and Play)
- WS-Management
- PowerShell
- Shell
*Telnet is used only when SSH is not available.
The collector sends information to the Auvik servers through an SSL-encrypted web socket, following industry standards for secure data transmission on the Internet. The collector uses certificate authentication to ensure it’s communicating with the Auvik servers.
HTTPS
HTTPS is the secure protocol over which data is sent between your browser and the Auvik servers. It’s the transport mechanism for protocols such as WS-Management APIs, VMware vSphere APIs, Meraki cloud dashboard APIs, and others.
SNMP
SNMP is an internet-standard protocol for collecting and organizing information about devices on an IP network.
SSH
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. Auvik uses SSH to remotely log in to network devices and scrape the results of configuration commands as a way of getting device configuration and status information.
Telnet
Telnet is a client-server protocol historically used to send clear text across a network. Today, most administrators prefer SSH, which provides much of the same functionality as Telnet but with the addition of encryption and public key authentication. Auvik will only use Telnet to communicate with your network if SSH is not available or if you’ve specified its use.
NetFlow
NetFlow and similar protocols such as IPFIX and J-Flow are designed to collect metadata about Internet Protocol (IP) connections, including source and destination IP and ports
TFTP / FTP
TFTP / FTP is a simple file transfer protocol that Auvik uses to send a configuration file to the network when you request a configuration restore. It’s also used to back up some device configurations.
mDNS
mDNS resolves host names to IP addresses. It works by sending an IP multicast query message that asks the host having that name to identify itself.
SMB
SMB is an application-layer network protocol that Auvik uses to discover printers, serial ports, and miscellaneous communications between network nodes.
ICMP
ICMP is one of the main protocols of the Internet Protocol Suite. It’s most often used by network devices, like routers, to send error messages. It can also be used to relay query messages. Auvik uses ICMP to ping devices on a network.
UPnP
UPnP is a set of networking protocols that allows devices to discover each other’s presence on a network.
WS-Management
WS-Management is an open standard defining a SOAP-based protocol for the management of servers, devices, applications and various web services. WS-Management provides a common way for systems to access and exchange management information across IT infrastructure.
In order to discover devices and collect data from them, the Auvik collector uses the following protocols and ports:
| URL | Port |
| *.my.auvik.com | 443 |
| Service | Protocol/port | Types of devices |
| Ping | ICMP | All |
| SMB | TCP 445 | All devices / Used to collect SMB identification |
| SNMP | UDP 161 | All that support SNMP |
| SSH | TCP 22 | Network elements |
| Telnet * | TCP 23 | Network elements |
| WMI | TCP 5985 | All Microsoft devices |
| VMWare | TCP 443 | ESXi hosts |
* For security, using SSH instead of Telnet is recommended whenever possible
As far as connections initiated by the devices to the collector, the required ports are TCP 21 and UDP 69. The collector exposes an FTP server on port 21; this is used for backups.
Note: On linux collectors, we create a port mapping from 21 => 10021, and listen to this port.
Moreover, for collectors running on Performance sites Auvik will also bind to the following UDP ports: 514, 2055, 2056, 4432, 4739, 6343, 9995 and 9996. Port 514 will be used to receive Syslog data, and the others to collect flow data for TrafficInsights.
In addition to ensuring those ports are reachable, bear in mind that the collector application will bind to these ports. If you have a Windows service collector, we recommend you install it on a system that doesn’t already have services bound to these ports. In the case of virtual appliances, the system is dedicated to the collector therefore this is not a concern.
Auvik can initiate communications using additional ports and protocols to monitor services on your devices. By default, most service monitoring is disabled. If you decide to use service monitoring, you'll need to ensure connectivity from the collector to the target devices on the desired port.
Communication Protocols used for Endpoint and Server Management
Auvik also uses these communication protocols to communicate from the Endpoint agent to the local system:
PowerShell
Powershell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language.
Shell
The Bourne shell (sh) is a shell command-line interpreter for Unix-like operating systems including MacOS.
Communication between the collector and the Auvik cloud
Auvik's collector requires Internet access to upload metadata to the cloud for persistent monitoring and discovery of your network. For this communication to occur, outbound connections from the collector to the URLs in the table below must be allowed through your firewall and web filters. The Auvik cloud never initiates connections to the collector.
Note: The collector must be able to resolve the tenant URL; we do not support connecting to a fixed IP address. We do not control the IPs assigned to for the cloud (AWS/Amazon).
For all Auvik collectors
| URL | Port | Purpose |
| *.auvik.com | 443 | |
| *.amazonaws.com | 443 | |
| *.compute.amazonaws.com | 443 | Used by the collector to communicate with Auvik's cloud infrastructure |
| *.cloudfront.net | 443 | |
| *.1e100.net | 80,443 | |
| *.us.archive.ubuntu.com | 80,443 |
Note: If you are experiencing errors from Cloudfront while installing the Auvik Collector, click here for more information to understand what the errors are indicating.
Specific requirements for virtual appliance collectors
In addition to the above, for the virtual appliance collectors (either OVA or bash script), you'll need to allow the following:
| URL | Port | Purpose |
| *.security.ubuntu.com | 80 | Download, install packages and upgrades |
| *.canonical.com | 80 | Download, install packages and upgrades |
| *.google.com | 80, 443 | Internet connection health check |
| 8.8.8.8, 8.8.4.4 | 53 | DNS check |
| *.pool.ntp.org | 123 | NTP - time synchronization |
Using Auvik through a Proxy
If you have a proxy controlling internet access, you will be prompted for that information while installing the collector. If you use SSL/TLS inspection in your proxy, you’ll need to whitelist the collector’s IP address to bypass the inspection.
Cloud ping checks
If you are using Auvik to monitor your Internet connections or VPN gateways, you'll need to allow ICMP from a few public IP addresses to whatever devices you want to monitor. Please refer to Auvik’s network address translation (NAT) gateway for these addresses.