Why should I not run Logstash as root?

brayndasilva · May 10, 2016, 7:34am

Hi,

I have read that it is not recommended to run Logstash as root, but I need it to capture syslogs from a privileged port.

I could set up a rsyslog server that can redirect any messages to a higher port, non-privileged port, to Logstash but I would have to figure all that out first.

My question is why I should not run it as root. Would there be any risks doing so? Security wise.

warkolm · May 10, 2016, 7:36am

It's just good practise, reduce your risk profile as much as possible
I'd run a single instance that listens on that port.

Topic		Replies	Views
How to start logstash as root Logstash	3	5343	November 30, 2018
Can logstash replace local syslog server? Logstash	2	331	March 20, 2019
Gathering logs through Rsyslog/Redis > Logstash Logstash	1	374	July 6, 2017
Logstash 6.2 as root on OSX 10.12 Logstash	5	836	March 13, 2018
Logstash can't run as non-privileged user logstash Logstash	3	7604	July 6, 2017

Why should I not run Logstash as root?

Related topics