Logstash6.4.2 started by using docker-compose up, an error occurred: UDP listener died , Permission denied

Elastic Stack Logstash
1

docker-compose.yml look like is:

version: '2' 
services:
  logstash: 
    image: logstash:6.4.2
    container_name: logstash 
    privileged: true
    volumes: 
      - ./data:/usr/share/logstash/data:rw
      - ./logs:/usr/share/logstash/logs:rw
      - ./log:/usr/share/logstash/log:rw
      - ./conf.d:/etc/logstash/conf.d:rw
      - ./config/logstash.yml:/usr/share/logstash/config/logstash.yml:rw
      - ./config/startup.options:/usr/share/logstash/config/startup.options:rw
      - ./config/log4j2.properties:/usr/share/logstash/config/log4j2.properties:rw
      - ./logstash/maps:/usr/share/logstash/maps:rw   
    ports:
      - 9600:9600
      - 5044:5044
      - 515:515/udp
    command: "-f /etc/logstash/conf.d -r"
    networks:
      - lognet
networks:
  lognet:

logstash.conf look like this:

input {
  udp {
    port => 515 
    type => "syslog"
  }
  tcp {
    port => 515 
    type => "syslog"
  }
}

startup.options setting LS_USER=root

run the docker-compose up to start;
the error log is :

logstash    |   Pipeline_id:main
logstash    |   Plugin: <LogStash::Inputs::Tcp type=>"syslog", port=>515, id=>"89314af4db5e02876ecb73d3a6390ed8cbb25c421481857bc2c683abc2ab0664", enable_metric=>true, codec=><LogStash::Codecs::Line id=>"line_a83003dc-0d69-4ede-b4f6-d575b7805393", enable_metric=>true, charset=>"UTF-8", delimiter=>"\n">, host=>"0.0.0.0", mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=><password>, tcp_keep_alive=>false>
logstash    |   Error: Permission denied
logstash    |   Exception: Java::JavaNet::SocketException
logstash    |   Stack: sun.nio.ch.Net.bind0(Native Method)
logstash    | sun.nio.ch.Net.bind(sun/nio/ch/Net.java:433)
logstash    | sun.nio.ch.Net.bind(sun/nio/ch/Net.java:425)
logstash    | sun.nio.ch.ServerSocketChannelImpl.bind(sun/nio/ch/ServerSocketChannelImpl.java:223)
logstash    | io.netty.channel.socket.nio.NioServerSocketChannel.doBind(io/netty/channel/socket/nio/NioServerSocketChannel.java:128)
logstash    | io.netty.channel.AbstractChannel$AbstractUnsafe.bind(io/netty/channel/AbstractChannel.java:558)
logstash    | io.netty.channel.DefaultChannelPipeline$HeadContext.bind(io/netty/channel/DefaultChannelPipeline.java:1283)
logstash    | io.netty.channel.AbstractChannelHandlerContext.invokeBind(io/netty/channel/AbstractChannelHandlerContext.java:501)
logstash    | io.netty.channel.AbstractChannelHandlerContext.bind(io/netty/channel/AbstractChannelHandlerContext.java:486)
logstash    | io.netty.channel.DefaultChannelPipeline.bind(io/netty/channel/DefaultChannelPipeline.java:989)
logstash    | io.netty.channel.AbstractChannel.bind(io/netty/channel/AbstractChannel.java:254)
logstash    | io.netty.bootstrap.AbstractBootstrap$2.run(io/netty/bootstrap/AbstractBootstrap.java:364)
logstash    | io.netty.util.concurrent.AbstractEventExecutor.safeExecute(io/netty/util/concurrent/AbstractEventExecutor.java:163)
logstash    | io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(io/netty/util/concurrent/SingleThreadEventExecutor.java:403)
logstash    | io.netty.channel.nio.NioEventLoop.run(io/netty/channel/nio/NioEventLoop.java:463)
logstash    | io.netty.util.concurrent.SingleThreadEventExecutor$5.run(io/netty/util/concurrent/SingleThreadEventExecutor.java:858)
logstash    | io.netty.util.concurrent.FastThreadLocalRunnable.run(io/netty/util/concurrent/FastThreadLocalRunnable.java:30)
logstash    | java.lang.Thread.run(java/lang/Thread.java:748)
logstash    | [2018-11-06T04:04:29,043][INFO ][logstash.inputs.udp      ] Starting UDP listener {:address=>"0.0.0.0:515"}
logstash    | [2018-11-06T04:04:29,112][ERROR][logstash.inputs.udp      ] UDP listener died {:exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 515>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:197:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-udp-3.3.4/lib/logstash/inputs/udp.rb:116:in `udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-udp-3.3.4/lib/logstash/inputs/udp.rb:68:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:409:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:403:in `block in start_input'"]}
logstash    | [2018-11-06T04:04:30,925][ERROR][logstash.pipeline        ] A plugin had an unrecoverable error. Will restart this plugin.`
2

Since you are attempting to bind to privileged ports and getting rejected, one of two things come to mind:

  1. The docker container is failing to bind to the privileged port on the host OS when it passes the open socket request through
  2. Logstash isn't starting as container-root and therefore failing to bind to the container's privileged ports. I am not sure that the startup.options is used to regenerate service configuration within docker tooling; if it is not, then modifying it may have no effect.
3

That's right. LS_USER=root will have no effect with the Docker image. It's a setting that is used when setting up "traditional" init systems.

To run the container as root, just ask Docker to do it:

$ cat docker-compose.yml
version: '2'
services:
  logstash:
    image: docker.elastic.co/logstash/logstash:6.4.2
    user: root
    command: id

$ docker-compose up
Creating network "tmp_default" with the default driver
Creating tmp_logstash_1_c6b2387888ef ... done
Attaching to tmp_logstash_1_19bd1688b0d0
logstash_1_19bd1688b0d0 | uid=0(root) gid=0(root) groups=0(root)
tmp_logstash_1_19bd1688b0d0 exited with code 0
2 Likes
5

Thank you, I used the jarpy method and got it solved.

1 Like
6

Thank you, I took your approach and solved the permissions issue

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.