Cleanest solution to 'input failed' and binding to privileged ports (systemd users)

yrebrac · November 8, 2020, 10:31am

If your syslog input fails to start it’s probably because the graylog-server service is attempting to bind to a priveleged UDP port (514 < 1024).

If your system uses systemd as the init system (most these days), then there’s a very clean fix.

You need to find and edit the systemd unit file, which will named graylog-server.service.

vi /usr/lib/systemd/system/graylog-server.service

Add these lines to the [Service] section:

# allow binding to 514
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then reload the server:

systemctl reload graylog-server

Inputs should start automatically.

system · November 22, 2020, 10:31am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
New install, failing (invisible) input Graylog Central (peer support)	10	2296	September 27, 2017
WARN [ProxiedResource] Unable to call and unable to start inputs Graylog Central (peer support)	24	5365	March 18, 2021
ERROR [InputLauncher] UDP Permission Denied Graylog Central (peer support)	3	18152	April 18, 2018
Files to bind to: /0.0.0.0:514 Graylog Central (peer support)	3	8411	April 11, 2019
Unable to start inputs after implementing HTTPS on Graylog web interface Graylog Central (peer support)	6	2002	January 25, 2022