Cleanest solution to 'input failed' and binding to privileged ports (systemd users)

yrebrac · November 8, 2020, 10:31am

If your syslog input fails to start it’s probably because the graylog-server service is attempting to bind to a priveleged UDP port (514 < 1024).

If your system uses systemd as the init system (most these days), then there’s a very clean fix.

You need to find and edit the systemd unit file, which will named graylog-server.service.

vi /usr/lib/systemd/system/graylog-server.service

Add these lines to the [Service] section:

# allow binding to 514
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then reload the server:

systemctl reload graylog-server

Inputs should start automatically.

system · November 22, 2020, 10:31am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog inputs not working Graylog Central (peer support)	14	12519	October 5, 2017
Can't start input on Graylog v3.0.0-alpha.4+6e0b9cd Graylog Central (peer support)	2	6256	December 27, 2018
Input fails in UI but shows running in cli Graylog Central (peer support)	11	604	August 31, 2018
Graylog Cisco Switch Input Failed Graylog Central (peer support)	9	2975	February 17, 2020
Input start fail Graylog Central (peer support)	9	859	August 8, 2018