I want to Install Logstash in EC2 Linux UBUNTU 22.04 and want to run Syslog input Configuration but facing ERROR

Subrato1 · January 8, 2024, 11:17am

I Followed this URL:

Installing Logstash | Logstash Reference [7.14] | Elastic

APT one I followed.

Then after the Installation I set the path of bin in Environment variable using below command.

1- Location of logstash in UBUNTU:

	cd /usr/share/logstash -- here you can see logstash file.

2- Set Bin path to enviroment:

	echo 'export PATH=$PATH:/usr/share/logstash/bin' >> ~/.bashrc
	
	source ~/.bashrc

Then I created a Conf. file inside bin and then run logstash -f <filename>.conf --config.test_and_exit that Conf. file It is giving below error:

leandrojmp · January 8, 2024, 12:42pm

You need to run logstash as the logstash user and you also need to use the path.settings parameter to tell the binary where the settings file are.

Try the following:

sudo -u logstash /usr/share/logstash/bin/logstash -f /path/to/your.conf --path.settings="/etc/logstash" --config.test_and_exit

Subrato1 · January 9, 2024, 5:58am

I successfully able to do setup when I am running my configuration using SYSLOG input plugin it is giving below error:

[2024-01-09T05:57:29,726][WARN ][logstash.inputs.syslog   ][main][23661f886619ae58c9e40cd1e34ee10ecb939617186e5d173e5b3f2a673089a0] syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:210:in `bind'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:191:in `udp_listener'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:172:in `server'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:152:in `block in run'"]}
[2024-01-09T05:57:34,682][INFO ][logstash.inputs.syslog   ][main][23661f886619ae58c9e40cd1e34ee10ecb939617186e5d173e5b3f2a673089a0] Starting syslog tcp listener {:address=>"0.0.0.0:514"}
[2024-01-09T05:57:34,686][WARN ][logstash.inputs.syslog   ][main][23661f886619ae58c9e40cd1e34ee10ecb939617186e5d173e5b3f2a673089a0] syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<Errno::EACCES: Permission denied - bind(2)>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:129:in `initialize'", "org/jruby/RubyIO.java:876:in `new'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:208:in `tcp_listener'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:172:in `server'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:156:in `block in run'"]}
[2024-01-09T05:57:34,726][INFO ][logstash.inputs.syslog   ][main][23661f886619ae58c9e40cd1e34ee10ecb939617186e5d173e5b3f2a673089a0] Starting syslog udp listener {:address=>"0.0.0.0:514"}
[2024-01-09T05:57:34,727][WARN ][logstash.inputs.syslog   ][main][23661f886619ae58c9e40cd1e34ee10ecb939617186e5d173e5b3f2a673089a0] syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:210:in `bind'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:191:in `udp_listener'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:172:in `server'", "/home/ubuntu/logstash-7.14/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-syslog-3.5.0/lib/logstash/inputs/syslog.rb:152:in `block in run'"]}

leandrojmp · January 9, 2024, 12:41pm

You need to change the port, ports below 1024 are reserved for the root user and Logstash does not run as root.

Choose a higher port number like 5514.

system · February 6, 2024, 12:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I am trying to Install SYSLOG input plugin in Logstash which I installed in EC2 Ubuntu Linux but nto able to do this Logstash	4	316	February 5, 2024
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash Logstash	24	29312	June 7, 2018
No network syslogs in logstash Logstash	3	1097	March 14, 2017
I am getting this error when running logstash configuration pipeline through logstash.yml file Logstash	3	832	May 4, 2021
Need help getting Logstash index from EC2 instance to Elasticsearch Logstash	3	2309	June 22, 2017

I want to Install Logstash in EC2 Linux UBUNTU 22.04 and want to run Syslog input Configuration but facing ERROR

Related topics