I have read that it is not recommended to run Logstash as root, but I need it to capture syslogs from a privileged port.
I could set up a rsyslog server that can redirect any messages to a higher port, non-privileged port, to Logstash but I would have to figure all that out first.
My question is why I should not run it as root. Would there be any risks doing so? Security wise.