Unable to bind Syslog port

Sputnick · June 2, 2021, 9:23am

Hello,
I am on Ubuntu 20.04 running Logstash as a collector for syslog messages from the rest of my network. I have configured java with elevated privileges but Logstash is unable to bind UDP port 514.
This is a similar issue but I do not wish to use any port redirection.

Logstash input configuration:

    input {
        udp {
            type => "syslog"
            port => "514"
        }
    }

java elevated privileges:

    ~ sudo getcap /usr/usr/lib/jvm/java-11-openjdk-amd64/bin/java 
    /usr/lib/jvm/java-11-openjdk-amd64/bin/java = cap_net_bind_service+ep

Journalctl logs for Logstash:

    Jun 02 10:05:18 syslog logstash[183594]: [2021-06-02T10:05:18,129][INFO ][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] Starting UDP listener {:address=>"0.0.0.0:514"}
    Jun 02 10:05:18 syslog logstash[183594]: [2021-06-02T10:05:18,131][ERROR][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] UDP listener died {:exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:216:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:129:in `udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:81:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:405:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:396:in `block in start_input'"]}
    Jun 02 10:05:23 syslog logstash[183594]: [2021-06-02T10:05:23,131][INFO ][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] Starting UDP listener {:address=>"0.0.0.0:514"}
    Jun 02 10:05:23 syslog logstash[183594]: [2021-06-02T10:05:23,133][ERROR][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] UDP listener died {:exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:216:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:129:in `udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:81:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:405:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:396:in `block in start_input'"]}

Is there something i am missing?
Any help would be appreciated.

system · June 30, 2021, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.