port 514 not working

[benhank]

I have a number of devices sending their log data to NLS using port 514. I sent over a few logs to test NLS, and I get this error:

Code: Select all

{:timestamp=>"2015-06-08T11:05:13.233000-0400", :message=>"syslog tcp listener died", :address=>"0.0.0.0:514", :exception=>#, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:124:in `initialize'", "org/jruby/RubyIO.java:852:in `new'", "/usr/local/nagioslogserver/logstash/lib/logstash/inputs/syslog.rb:135:in `tcp_listener'", "/usr/local/nagioslogserver/logstash/lib/logstash/inputs/syslog.rb:90:in `run'"], :level=>:warn}

I have tested both of the following filters and get the error no matter which is active:

Code: Select all

syslog {
    type => 'syslog'
    port => 514
}

or

Code: Select all

input {
  tcp {
    port => 514
    type => syslog
  }
  udp {
    port => 514
    type => syslog
  }
}

[eloyd]

Edit: Posting removed by author for lack of reading the original question properly.

[jolson]

Have you already been through the privileged port guide? If not, please follow it: https://assets.nagios.com/downloads/nag ... Server.pdf

If you have already done so, please post your entire Logstash configuration.

Code: Select all

cat /usr/local/nagioslogserver/logstash/etc/conf.d/*

[benhank]

ok I made 2 mistakes:
1. I rebuilt the server and forgot to add the root usr.
2. the device was sending its logs as user not syslog.
thanks fellas
allset

[ssax]

Glad you got that resolved, marking as resolved and locking the topic.