Logstash UDP listener died

Hi everyone,
I am trying to receive fortigate syslog from port 514, but there are some errors
here's my configure:
input {
tcp {
port => 514
type => syslog
}
udp {
port => 514
type => syslog
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
output log:
[2017-08-22T11:39:12,057][INFO ][logstash.inputs.udp ] Starting UDP listene
r {:address=>"0.0.0.0:514"}
[2017-08-22T11:39:12,057][WARN ][logstash.inputs.udp ] UDP listener died {:
exception=>#<Errno::EADDRINUSE: Address already in use - bind - Address already
in use: bind>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:161:in bin d'", "E:/ELK/logstash-5.5.2/vendor/bundle/jruby/1.9/gems/logstash-input-udp-3.1. 1/lib/logstash/inputs/udp.rb:82:inudp_listener'", "E:/ELK/logstash-5.5.2/vendo
r/bundle/jruby/1.9/gems/logstash-input-udp-3.1.1/lib/logstash/inputs/udp.rb:56:i
n run'", "E:/ELK/logstash-5.5.2/logstash-core/lib/logstash/pipeline.rb:456:in
inputworker'", "E:/ELK/logstash-5.5.2/logstash-core/lib/logstash/pipeline.rb:449
:in `start_input'"]}

thank you in advance : O

This message means that some other process is already listening in UDP Port 514. Probably system's syslog server.

Thank you : )
the problem is solved.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.