Unable to bind Syslog port

Sputnick · June 2, 2021, 9:23am

Hello,
I am on Ubuntu 20.04 running Logstash as a collector for syslog messages from the rest of my network. I have configured java with elevated privileges but Logstash is unable to bind UDP port 514.
This is a similar issue but I do not wish to use any port redirection.

Logstash input configuration:

    input {
        udp {
            type => "syslog"
            port => "514"
        }
    }

java elevated privileges:

    ~ sudo getcap /usr/usr/lib/jvm/java-11-openjdk-amd64/bin/java 
    /usr/lib/jvm/java-11-openjdk-amd64/bin/java = cap_net_bind_service+ep

Journalctl logs for Logstash:

    Jun 02 10:05:18 syslog logstash[183594]: [2021-06-02T10:05:18,129][INFO ][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] Starting UDP listener {:address=>"0.0.0.0:514"}
    Jun 02 10:05:18 syslog logstash[183594]: [2021-06-02T10:05:18,131][ERROR][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] UDP listener died {:exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:216:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:129:in `udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:81:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:405:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:396:in `block in start_input'"]}
    Jun 02 10:05:23 syslog logstash[183594]: [2021-06-02T10:05:23,131][INFO ][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] Starting UDP listener {:address=>"0.0.0.0:514"}
    Jun 02 10:05:23 syslog logstash[183594]: [2021-06-02T10:05:23,133][ERROR][logstash.inputs.udp      ][main][b25b54566f200d48f28fd70aa79fda538beecaeec16c00294ebd2caf2941b525] UDP listener died {:exception=>#<Errno::EACCES: Permission denied - bind(2) for "0.0.0.0" port 514>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:216:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:129:in `udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-input-udp-3.4.1/lib/logstash/inputs/udp.rb:81:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:405:in `inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:396:in `block in start_input'"]}

Is there something i am missing?
Any help would be appreciated.

system · June 30, 2021, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to make logstash listen to port less than 1024 Logstash	1	511	June 4, 2020
Error in gathering syslogs from router Logstash	3	985	May 18, 2020
514 port or IP address, I don't understand Logstash	2	710	December 4, 2019
Logstash syslog wont accept ports other than 514 Logstash	2	1887	August 9, 2017
How to config logstash to listen privilage port without root access Logstash	2	1494	December 26, 2016

Unable to bind Syslog port

Related topics