Logstash syslog wont accept ports other than 514

X_Calibur · July 10, 2017, 10:14am

I'm trying to get logstash to accept Syslog transmissions and it's giving me the following error messages:

syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: bind: name or service not known>,

syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<Errno::EACCES: Permission denied - bind(2)>

Following is my config file:

input{

    syslog {
            type => "fortigate"
            port => 55555
    }

}

output{
elasticsearch {
hosts => ["localhost:9200"]
index => "fortigate-%{+YYYY.MM.dd}"
}
}

magnusbaeck · July 12, 2017, 12:26pm

Unless you run Logstash as root or employ another workaround Logstash won't be able to listen on port 514. Are you sure that's the only configuration you have? Your logs clearly indicate Logstash trying to bind to port 514 but your configuration file says 55555.

system · August 9, 2017, 12:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.