Logstash Syslog,UDP listener died

kmroz · November 9, 2015, 6:20pm

elasticsearch=1.6
logstash=1.5

Im using docker with supervisord to start up the ELK stack. I tried using ort 514 and port 5009 to listen on the syslog messages coming in but when i run logstash in debug mode i get the follwoing error syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:5009", :exception=>#<Errno::EADDRINUSE: Address already in use - bind - Address already in use> or syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:5009", :exception=>#<Errno::EADDRINUSE: Address already in use - bind - not found > .

Config is
input {
syslog {
type => "syslog"
port => 5009

}

kmroz · November 9, 2015, 8:33pm

UDP listener died {:exception=>SocketError: bind: name or service not known this is the UDP error i recieve.

kmroz · November 9, 2015, 9:18pm

port is open also. pid 8 is connected with logstash. Can't see, to figure out why this will not work. Any suggestions would be great please!
lsof -nPi :5514
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 8 root 90u IPv6 0t0 UDP *:5514

kmroz · November 10, 2015, 7:42pm

issue is fixed.

warkolm · November 11, 2015, 6:16am

What was the problem?

kmroz · November 11, 2015, 10:09pm

I had to open a different port inside and out. Even with logstash starting with root it didnt like the port I had open.