Logstash syslog wont accept ports other than 514

X_Calibur · July 10, 2017, 10:14am

I'm trying to get logstash to accept Syslog transmissions and it's giving me the following error messages:

syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: bind: name or service not known>,

syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<Errno::EACCES: Permission denied - bind(2)>

Following is my config file:

input{

    syslog {
            type => "fortigate"
            port => 55555
    }

}

output{
elasticsearch {
hosts => ["localhost:9200"]
index => "fortigate-%{+YYYY.MM.dd}"
}
}

magnusbaeck · July 12, 2017, 12:26pm

Unless you run Logstash as root or employ another workaround Logstash won't be able to listen on port 514. Are you sure that's the only configuration you have? Your logs clearly indicate Logstash trying to bind to port 514 but your configuration file says 55555.

system · August 9, 2017, 12:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to make logstash listen to port less than 1024 Logstash	1	511	June 4, 2020
Logstash UDP listener died Logstash	3	3159	September 19, 2017
Logstash Syslog,UDP listener died Logstash	6	5170	July 6, 2017
Unable to bind Syslog port Logstash	1	465	June 30, 2021
Cannot make Logstash read syslog Logstash	10	4781	June 6, 2018

Logstash syslog wont accept ports other than 514

Related topics