Error in gathering syslogs from router

Elastic Stack Logstash
1 
  input {
    syslog {
        host => "10.216.123.213"
        type => "syslog"
      }
    }

exception=>#<Errno::EADDRNOTAVAIL: Cannot assign requested address - bind - Cannot assign requested address>, :backtrace=>["org/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:149:in udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in server'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:110:in `block in run'
exception=>#<Errno::EACCES: Permission denied

2

I'm pretty sure this is because the default port for syslog is UDP/514 and you are running Logstash as a non-privileged user. What we do is set up a non-standard port, like 10514, and send syslog traffic to that. Just add

port => 10514

and of course, modify the systems sending the logs so that they send to that port, and possibly add firewall rules on the Logstash system to allow inbound traffic to UDP/10514 from your sending systems.

I'm not sure if there is a way to start Logstash so that it starts up privileged, binds to a privileged port like 514, then releases its privileges.

3

Hi,

input {
    syslog {
            host => "10.216.131.209"
            type => "syslog"
            port => 10514
          }
    }

I set the port number to 10514 but it still gives me the following warning

Apr 11 15:09:29 hari-VirtualBox logstash[20457]: [2020-04-11T15:09:29,496][INFO ][logstash.inputs.syslog   ][main] Starting syslog tcp listener {:address=>"10.216.131.209:10514"}
Apr 11 15:09:29 hari-VirtualBox logstash[20457]: [2020-04-11T15:09:29,499][WARN ][logstash.inputs.syslog   ][main] syslog listener died {:protocol=>:tcp, :address=>"10.216.131.209:10514", :exception=>#<Errno::EADDRNOTAVAIL: Cannot assign requested address - bind - Cannot assign requested address>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:127:in `initialize'", "org/jruby/RubyIO.java:878:in `new'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:167:in `tcp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:130:in `server'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.4.1/lib/logstash/inputs/syslog.rb:114:in `block in run'"]}
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.