Skip to content

Migrate 8 Change Tracker KB articles #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hilram7 merged 16 commits into from
Jun 1, 2026
Merged

Migrate 8 Change Tracker KB articles #249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
a500ace
Migrate 4 Change Tracker KB articles from private repo
hilram7 Feb 19, 2026
024034a
Merge remote-tracking branch 'origin/dev' into kb-changetracker-migra…
hilram7 Mar 27, 2026
262e0fa
Add images for default password detection article and update image re…
hilram7 Feb 19, 2026
50ac730
Fix broken links and images in Change Tracker KB articles
hilram7 Mar 27, 2026
4fd29b3
Remove unresolved gen-7-agent-deployment-options references
hilram7 Mar 31, 2026
ac4fe11
Style and metadata fixes for Change Tracker KB articles
hilram7 Mar 31, 2026
a94ecde
Merge branch 'dev' into kb-changetracker-migration
hilram7 Mar 31, 2026
4e1280c
Add Linux at command prerequisite to agent updates KB article
hilram7 Mar 31, 2026
c76ea34
Merge branch 'kb-changetracker-migration' of https://github.com/netwr…
hilram7 Mar 31, 2026
44d57b5
Merge branch 'dev' into kb-changetracker-migration
hilram7 May 14, 2026
94024da
Update how-to-determine-what-network-ports-need-to-be-open-for-change…
brichmond31 May 27, 2026
af22a83
Update how-to-determine-what-network-ports-need-to-be-open-for-change…
brichmond31 May 27, 2026
855484a
Update how-to-determine-what-network-ports-need-to-be-open-for-change…
brichmond31 May 27, 2026
35a7af7
Update how-to-update-agents-from-the-change-tracker-console.md
brichmond31 May 27, 2026
dc3021d
Update rolling-log_fix_hub_connection_failed._403_server_message_ip_a…
brichmond31 May 27, 2026
ca37aad
fix(kb): apply review fixes to Change Tracker KB articles (PR #249)
hilram7 May 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added docs/kb/changetracker/0-images/default-password-linux-in-use.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/kb/changetracker/0-images/default-password-linux-not-in-use.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/kb/changetracker/0-images/default-password-warning-1.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/kb/changetracker/0-images/default-password-warning-2.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/kb/changetracker/0-images/default-password-windows-in-use.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/kb/changetracker/0-images/default-password-windows-not-in-use.jpg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7 changes: 4 additions & 3 deletions docs/kb/changetracker/audit-and-logging/corrupt-errorevent-in-event-reports.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ products:
- change-tracker
sidebar_label: Corrupt ErrorEvent in Event Reports
tags:
- kb
- audit-and-logging
title: "Corrupt ErrorEvent in Event Reports"
knowledge_article_id: kA0Qk0000000ahpKAA
Expand All @@ -28,7 +29,7 @@ knowledge_article_id: kA0Qk0000000ahpKAA
## Symptoms

- The events report in Netwrix Change Tracker contains one or more `ErrorEvent` events. Their description states `Corrupt`.
- Agent logs (see [Rolling-Log File Location](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/rollinglogfile)) contain the following line:
- Agent logs (see [Rolling-Log File Location](/docs/changetracker/8_1/install/agent/rollinglogfile)) contain the following line:
- **Windows:** `C:\ProgramData\NNT\gen7agent.app.netcore\rolling-log.txt`
- **Linux:** `/var/nnt/gen7agent.app.netcore/rolling-log.txt`

Expand All @@ -50,7 +51,7 @@ Perform an agent reset to reconfigure affected agents:

1. Stop the Netwrix Change Tracker Agent Service.

2. Navigate to the agent directory (see [Rolling-Log File Location](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/rollinglogfile)): `C:\ProgramData\NNT\gen7agent.app.netcore\`
2. Navigate to the agent directory (see [Rolling-Log File Location](/docs/changetracker/8_1/install/agent/rollinglogfile)): `C:\ProgramData\NNT\gen7agent.app.netcore\`

3. Right-click the `Hubdetails.xml` file and select **Edit**.

Expand All @@ -66,7 +67,7 @@ Perform an agent reset to reconfigure affected agents:
service nntgen7agent stop
```

2. Navigate to the agent directory (see [Rolling-Log File Location](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/rollinglogfile)): `/var/nnt/gen7agent.app.netcore/`
2. Navigate to the agent directory (see [Rolling-Log File Location](/docs/changetracker/8_1/install/agent/rollinglogfile)): `/var/nnt/gen7agent.app.netcore/`

3. Edit the `Hubdetails.xml` file.

Expand Down
106 changes: 106 additions & 0 deletions ...t-network-ports-need-to-be-open-for-change-tracker-or-log-trackerto-function.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
---
description: >-
Describes which network ports to open to allow Netwrix Change Tracker agents
and servers to communicate, including ports for agentless monitoring and
network device configuration.
keywords:
- Netwrix Change Tracker
- network ports
- firewall rules
- HTTPS
- agents
- agentless
- SSH
- port 443
products:
- change-tracker
sidebar_label: Network Ports for Change Tracker
tags:
- kb
- configuration-and-setup
title: Determining Which Network Ports Need to Be Open
knowledge_article_id: ka04u000000Hd8zAAC
---

# Determining Which Network Ports Need to Be Open

## Overview

This article describes the network ports required for Netwrix Change Tracker to function properly. Use this information when configuring firewall rules for new deployments or troubleshooting connectivity issues.

> **NOTE:** For the most current port requirements and network architecture details, refer to the official documentation: [Change Tracker 8.0 - Agent and Device Ports](/docs/changetracker/8_0/requirements/agentdeviceports)

Although agents can be configured to connect to Change Tracker using custom ports (e.g. HTTPS, port 8443), and these can be set in the agent's HubDetails.xml file, the following are the default and recommended ports for Change Tracker.

## Instructions

### Change Tracker Console

- **Port:** 443 (HTTPS) or Custom
- **Direction:** Inbound to Change Tracker Hub server
- **Protocol:** HTTPS

HTTPS communication to the Change Tracker Console is by default on port 443. This can be adjusted within IIS if other ports are deemed more suitable for your environment.

### Change Tracker Agents (Windows & Linux)

- **Port:** 443 (HTTPS) or Custom
- **Direction:** Outbound from agent to Change Tracker Hub
- **Protocol:** HTTPS

HTTPS communication between Change Tracker and the agent is controlled by the agent's HUBURL, defined during installation. The HUBURL will resemble `https://MY_CT_SERVER/api/`. If custom HTTPS ports are in use, the HUBURL will need to include this, for example `https://MY_CT_SERVER:PORT/api/`.

**Important:** The agent always initiates the connection to the Hub server; communication is one-way.

### Agentless Monitoring - Linux Systems

- **Port:** 22 (SSH)
- **Direction:** Outbound from Change Tracker Proxy Agent to monitored Linux systems
- **Protocol:** TCP/SSH

The Change Tracker Proxy Agent initiates all communication to the monitored Linux systems. The proxy agent is typically collocated with Change Tracker but can be installed on a separate system if needed.

### Agentless Monitoring - Windows Systems

- **Port:** 445 (SMB)
- **Direction:** Outbound from Change Tracker Proxy Agent to monitored Windows systems
- **Protocol:** SMB

The Change Tracker Proxy Agent initiates all communication to the Remote Registry Service on the monitored Windows devices.

### Network Devices (Routers, Switches, Firewalls)

#### SSH-Based Monitoring

- **Port:** 22
- **Direction:** Outbound from Change Tracker Proxy Agent to network devices
- **Protocol:** TCP/SSH

#### Telnet-Based Monitoring (Legacy)

- **Port:** 23
- **Direction:** Outbound from Change Tracker Proxy Agent to network devices
- **Protocol:** TCP/Telnet

> **NOTE:** SSH (port 22) is recommended over Telnet (port 23) for security reasons.

### Firewall Configuration Summary

For a typical Change Tracker deployment, ensure the following firewall rules are in place:

**Inbound to Change Tracker Hub:**
- Port 443 (HTTPS) - for console access and agent communication

**Outbound from Change Tracker Hub/Proxy Agent:**
- Port 22 (SSH) - for agentless Linux and network device monitoring
- Port 23 (Telnet) - for legacy network device monitoring (if required)
- Port 445 (SMB) - for agentless Windows monitoring

**Outbound from Agents:**
- Port 443 (HTTPS) - to communicate with Change Tracker Hub

## Related Links

- [Agent and Device Ports](/docs/changetracker/8_0/requirements/agentdeviceports)
- [Gen 7 Agent Requirements - Windows](/docs/changetracker/8_0/requirements/gen7agentwindows)
- [Gen 7 Agent Requirements - Linux](/docs/changetracker/8_0/requirements/gen7agentlinux)
Loading
Loading