On-premise Log Collecter needs public IP?

%3CLINGO-SUB%20id%3D%22lingo-sub-2079460%22%20slang%3D%22en-US%22%3EOn-premise%20Log%20Collecter%20needs%20public%20IP%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2079460%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20following%20the%20instructions%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fdiscovery-docker-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%20to%20setup%20an%20on-premise%20log%20collector%20to%20send%20firewall%20logs%20to%20MCAS%20for%20Cloud%20Discovery.%26nbsp%3B%20When%20configuring%20the%20log%20collector%20within%20MCAS%2C%20it%20asks%20for%20%22%3CSPAN%3Ethe%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSTRONG%3EHost%20IP%20address%3C%2FSTRONG%3E%3CSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eof%20the%20machine%20you'll%20use%20to%20deploy%20the%20Docker%3C%2FSPAN%3E%22.%26nbsp%3B%20Does%20this%20need%20to%20be%20a%20publicly%20accessible%20IP%3F%26nbsp%3B%20The%20network%20requirements%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fnetwork-requirements%23log-collector%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%20only%20refer%20to%20communication%20initiated%20from%20the%20log%20collector%20to%20MCAS%2C%20but%20if%20MCAS%20is%20asking%20for%20the%20IP%20of%20the%20log%20collector%2C%20that%20would%20imply%20(to%20me%20at%20least)%20that%20MCAS%20would%20be%20initiating%20traffic%20to%20the%20log%20collector.%26nbsp%3B%20Any%20clarification%20here%20would%20be%20greatly%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2079460%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

I'm following the instructions here to setup an on-premise log collector to send firewall logs to MCAS for Cloud Discovery.  When configuring the log collector within MCAS, it asks for "the Host IP address of the machine you'll use to deploy the Docker".  Does this need to be a publicly accessible IP?  The network requirements here only refer to communication initiated from the log collector to MCAS, but if MCAS is asking for the IP of the log collector, that would imply (to me at least) that MCAS would be initiating traffic to the log collector.  Any clarification here would be greatly appreciated.

1 Reply

@Joe_Ethis is confusing and not well explained. After research and reading i realized this should be the IP address of the machine running on-prem MCAS docker container. It is looks like MCAS agent starting and working fine when this IP is incorrectly configured.

Perhaps this IP address is used by MCAS itself to discount/measure the firewall logs data generated by MCAS agent uploading the logs. But this is just a guessing.