Logstash syslog wont accept ports other than 514

X_Calibur · July 10, 2017, 10:14am

I'm trying to get logstash to accept Syslog transmissions and it's giving me the following error messages:

syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: bind: name or service not known>,

syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<Errno::EACCES: Permission denied - bind(2)>

Following is my config file:

input{

    syslog {
            type => "fortigate"
            port => 55555
    }

}

output{
elasticsearch {
hosts => ["localhost:9200"]
index => "fortigate-%{+YYYY.MM.dd}"
}
}

magnusbaeck · July 12, 2017, 12:26pm

Unless you run Logstash as root or employ another workaround Logstash won't be able to listen on port 514. Are you sure that's the only configuration you have? Your logs clearly indicate Logstash trying to bind to port 514 but your configuration file says 55555.

system · August 9, 2017, 12:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to bind Syslog port Logstash	1	461	June 30, 2021
Logtash is not accepting/recieving syslog sent by linux server Logstash	10	1422	December 15, 2016
Logstash not ingesting syslog Logstash	16	12245	January 11, 2017
Logstash port 514 input error Logstash	6	23	August 1, 2024
Having problem getting syslog to show on Elasticsearch Logstash	5	788	June 15, 2021

Logstash syslog wont accept ports other than 514

Related Topics