Problems starting logstash (snmptrap)

I have a problem starting logstash.
If I start logstash via "systemctl start logstash.service" I get the following error message:

[2022-11-17T18:11:59,947][WARN ][logstash.inputs.snmptrap ][main][eed358a3fbc6028b0f3e6330ddca60ef9da803f3401328b89fa1f198705010a9] SNMP Trap listener died {:exception=>#<Errno::EADDRINUSE: Address already in use - bind - Keine Berechtigungbind(2) for "" port 162>, :backtrace=>["org/jruby/ext/socket/ `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/snmp-1.3.2/lib/snmp/manager.rb:544:in `initialize'", "org/jruby/ `new'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/snmp-1.3.2/lib/snmp/manager.rb:590:in `create_transport'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/snmp-1.3.2/lib/snmp/manager.rb:622:in `initialize'", "org/jruby/ `new'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-input-snmptrap-3.1.0/lib/logstash/inputs/snmptrap.rb:95:in `build_trap_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-input-snmptrap-3.1.0/lib/logstash/inputs/snmptrap.rb:99:in `snmptrap_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-input-snmptrap-3.1.0/lib/logstash/inputs/snmptrap.rb:74:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:410:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:401:in `block in start_input'"]}

If I start logstash like this "/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/02-snmp.conf" I don't get an error message and I see that the server is listening on port 162.

[INFO ] 2022-11-17 18:23:15.064 [[main]<snmptrap] snmptrap - It's a Trap! {:Port=>162, :Community=>["public"], :Host=>""}
[INFO ] 2022-11-17 18:23:15.160 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

I just don't understand.

When started as a service it is getting an error saying the address is already in use. If it does not do so when path.config points specifically to /etc/logstash/conf.d/02-snmp.conf then perhaps the service has path.config pointing to a directory and the directory contains more than one configuration file that has an snmp input. An 02-snmp.conf.backup perhaps.

I got that. Please allow me a question: "How can I configure logtash to use both input entries?

root@dsme01:/etc/logstash/conf.d# cat 02-snmp.conf.old 
input {
  snmptrap {
    type => "snmptrap"
    host => ""
    port => 162


input {
  beats {
    host => ""
    port => 5044
    client_inactivity_timeout => "600"
    ssl => true
    ssl_certificate => "/etc/logstash/config/certs/"
    ssl_key => "/etc/logstash/config/certs/"

Without an error message that the address is already in use?

Maybe the error is a little misleading?

If you are running Logstash as a service, I'm not sure that it will be able to bind to port 162 as this is a reserved port.

It may work when you run in the cli as the root user because the root can bind to that port.

Make a little test, change the port 162 in the snmptrap input to 1620 and see if it works.