I found a relevant issue on github, with comments that should provide a path forward:
Ports in range 1 to 1024 are privileged and only root user can listen on it.
Options:
- run logstash as root (not a good idea)
- use setcap to grant java permission to use privileged ports
- use iptables or a proxy to forward port 514 to an unprivileged port.
-- logstash will not open a listening port. · Issue #1587 · elastic/logstash · GitHub
This blog post is specifically about using setcap
to set capabilities for Java (although it references Java 7, and Logstash currently requires Java 8, so you may need to adjust it slightly):