Logstash UDP listener died

f26227279 · August 22, 2017, 3:54am

Hi everyone,
I am trying to receive fortigate syslog from port 514, but there are some errors
here's my configure:
input {
tcp {
port => 514
type => syslog
}
udp {
port => 514
type => syslog
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
output log:
[2017-08-22T11:39:12,057][INFO ][logstash.inputs.udp ] Starting UDP listene
r {:address=>"0.0.0.0:514"}
[2017-08-22T11:39:12,057][WARN ][logstash.inputs.udp ] UDP listener died {:
exception=>#<Errno::EADDRINUSE: Address already in use - bind - Address already
in use: bind>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:161:in bin d'", "E:/ELK/logstash-5.5.2/vendor/bundle/jruby/1.9/gems/logstash-input-udp-3.1. 1/lib/logstash/inputs/udp.rb:82:inudp_listener'", "E:/ELK/logstash-5.5.2/vendo
r/bundle/jruby/1.9/gems/logstash-input-udp-3.1.1/lib/logstash/inputs/udp.rb:56:i
n run'", "E:/ELK/logstash-5.5.2/logstash-core/lib/logstash/pipeline.rb:456:in
inputworker'", "E:/ELK/logstash-5.5.2/logstash-core/lib/logstash/pipeline.rb:449
:in `start_input'"]}

thank you in advance : O

thiago · August 22, 2017, 6:34am

This message means that some other process is already listening in UDP Port 514. Probably system's syslog server.

f26227279 · August 22, 2017, 11:37am

Thank you : )
the problem is solved.

system · September 19, 2017, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Iam trying to parse fortigate syslog to logstash Logstash	1	150	December 14, 2022
UDP listener died Logstash	7	17628	July 6, 2017
Udp listener died warning in logstash udp input plugin Logstash	2	1069	December 13, 2016
pfSense Logging - UDP Listener Died Logstash	2	906	July 6, 2017
Logstash syslog wont accept ports other than 514 Logstash	2	1878	August 9, 2017

Logstash UDP listener died

Related Topics