So I have seen a variety of these errors on the forum but have not really been able to figure this out for my case.
I am running Elastic stack on a Linux machine. When I try to start Logstash I get the following logs:
[2018-04-11T22:21:51,730][INFO ][logstash.inputs.tcp ] Starting tcp input listener {:address=>"127.0.0.1:514", :ssl_enable=>"false"}
[2018-04-11T22:21:52,025][INFO ][logstash.pipeline ] Pipeline started succesfully {:pipeline_id=>"main", :thread=>"#<Thread:0x5b444a44 run>"}
[2018-04-11T22:21:52,155][INFO ][logstash.inputs.udp ] Starting UDP listener {:address=>"127.0.0.1:514"}
[2018-04-11T22:21:52,209][ERROR][logstash.pipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Pipeline_id:main
Plugin: <LogStash::Inputs::Tcp host=>"127.0.0.1", port=>514, id=>"100e84a2ce47ebc6ae315de763e0b1841b45be73e990b47ee8784e223a339d5c", enable_metric=>true, codec=><LogStash::Codecs::Line id=>"line_15eff014-821d-40af-ad0b-d46ad2445276", enable_metric=>true, charset=>"UTF-8", delimiter=>"\n">, mode=>"server", proxy_protocol=>false, ssl_enable=>false, ssl_verify=>true, ssl_key_passphrase=><password>>
Error: Permission denied
Exception: Java::JavaNet::SocketException
Stack: sun.nio.ch.Net.bind0(Native Method)
sun.nio.ch.Net.bind(sun/nio/ch/Net.java:433)
sun.nio.ch.Net.bind(sun/nio/ch/Net.java:425)
sun.nio.ch.ServerSocketChannelImpl.bind(sun/nio/ch/ServerSocketChannelImpl.java:223)
sun.nio.ch.ServerSocketAdaptor.bind(sun/nio/ch/ServerSocketAdaptor.java:74)
io.netty.channel.socket.nio.NioServerSocketChannel.doBind(io/netty/channel/socket/nio/NioServerSocketChannel.java:125)
io.netty.channel.AbstractChannel$AbstractUnsafe.bind(io/netty/channel/AbstractChannel.java:554)
io.netty.channel.DefaultChannelPipeline$HeadContext.bind(io/netty/channel/DefaultChannelPipeline.java:1258)
io.netty.channel.AbstractChannelHandlerContext.invokeBind(io/netty/channel/AbstractChannelHandlerContext.java:511)
io.netty.channel.AbstractChannelHandlerContext.bind(io/netty/channel/AbstractChannelHandlerContext.java:496)
io.netty.channel.DefaultChannelPipeline.bind(io/netty/channel/DefaultChannelPipeline.java:980)
io.netty.channel.AbstractChannel.bind(io/netty/channel/AbstractChannel.java:250)
io.netty.bootstrap.AbstractBootstrap$2.run(io/netty/bootstrap/AbstractBootstrap.java:363)
io.netty.util.concurrent.SingleThreadEventExecutor.safeExecute(io/netty/util/concurrent/SingleThreadEventExecutor.java:451)
io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(io/netty/util/concurrent/SingleThreadEventExecutor.java:418)
io.netty.channel.nio.NioEventLoop.run(io/netty/channel/nio/NioEventLoop.java:401)
io.netty.util.concurrent.SingleThreadEventExecutor$5.run(io/netty/util/concurrent/SingleThreadEventExecutor.java:877)
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(io/netty/util/concurrent/DefaultThreadFactory.java:144)
java.lang.Thread.run(java/lang/Thread.java:748)
[2018-04-11T22:21:52,214][WARN ][logstash.inputs.udp ] UDP listener died {:exception=>#<Errno::EACCES: Permission denied - bind(2) for "127.0.0.1" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:197:in `bind'", "/opt/project/ELK/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-udp-3.2.1/lib/logstash/inputs/udp.rb:95:in `udp_listener'", "/opt/project/ELK/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-udp-3.2.1/lib/logstash/inputs/udp.rb:56:in `run'", "/opt/project/ELK/logstash/logstash-core/lib/logstash/pipeline.rb:516:in `inputworker'", "/opt/project/ELK/logstash/logstash-core/lib/logstash/pipeline.rb:509:in `block in start_input'"]}
[2018-04-11T22:21:52,262][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
Does this mean that I need to change my firewall settings? I am kind of at a loss. My logstash.conf file looks like this:
input{
tcp{
host => "127.0.0.1"
port => 514
}
udp{
host => "127.0.0.1"
port => 514
}
}
filter{
grok{
match => {"message" => [#groks aren't the issue#]
}
}
}
output{
if "_grokparsefailure" not in [tags]{
elasticsearch{
index => "sys-"
document_type => "syslog"
hosts => ["http://127.0.0.1:9200"] #x.x.x.x is IP address of server
}
}
else{
file{
path => "/opt/project/ELK/syslog_fails.txt"
}
}
}
Thanks!