Why should I not run Logstash as root?


I have read that it is not recommended to run Logstash as root, but I need it to capture syslogs from a privileged port.

I could set up a rsyslog server that can redirect any messages to a higher port, non-privileged port, to Logstash but I would have to figure all that out first.

My question is why I should not run it as root. Would there be any risks doing so? Security wise.

It's just good practise, reduce your risk profile as much as possible :slight_smile:
I'd run a single instance that listens on that port.