How to Find what is using ECC event feed licenses

ShoreTel does not provide a way that we know of to see what is using real-time event feed licenses.  It is based on concurrent connections, so it doesn't matter if you have three licenses and three event-feed credentials set up.  One application could connect using the same credentials three times and it would take up all your event feed licenses.


The only way we have identified to see what is connecting to the real-time event feed is to run this command on the ECC server:

netstat -n |findstr :31456


That will show you everything on your network connecting to TCP port 31456, which is the realtime event feed TCP port. You want to look for addresses that have :31456 on the LEFT column adjacent to "TCP" -- there will be some entries with :31456 on the RIGHT column (adjacent "ESTABLISHED"), those are connections to the local computer, and are already accounted for on the corresponding entries with :31456 in the LEFT column.


So for example, on my ECC server, when I run that command I see the following:

There are two connections, one from, and one from


If I want to see what those are, I can go to those computers and run this command:

netstat -n -o |findstr IPADDRESS:PORT

where IPADDRESS:PORT is from the output above.


One of those connections is from the local computer itself, so on the same computer I run:

And now what I'm interested in for these returned results is the entry with :31456 on the RIGHT column (adjacent established).  Now that will lead me to identify the process ID which in this example is 9088, so if I check task manager, I can see that is ecc_ruby.exe, which is part of ECC itself, so probably the native agent dashboard support:


If I go to and run the same command there:

And again if I check task manager for process ID 17116:

I can see that that is the Brightmetrics Agent Service (if I didn't recognize the executable I'd have to do a little digging to find out what it is).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.