Hello to everyone
We are trying to get a log on Cisco switch.
We just installed the Graylog system, but when I add an Input device, I get the error. Syslog udp does not work on the server with the standard 514 installed even though we have activated the following command.
iptables -t nat -A PREROUTING -p tcp --dport 514 -j REDIRECT --to 1514
iptables -t nat -A PREROUTING -p udp --dport 514 -j REDIRECT --to 1514
When we look at the logs, Permission gives a denied error.
[UdpTransport] Failed to start channel for input SyslogUDPInput {title = E1_Switch, type = org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId = 7930013d-3972-408b-9058-7d42ad7db82d}
io.netty.channel.unix.Errors NativeIoException: bind (..) failed: Permission denied
2020-01-29T14: 06: 35.309 + 03: 00 ERROR [InputLauncher] The [org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID <5e31673b0d4a5709066a8e14> misfired. Reason: bind (..) failed: Permission denied.
org.graylog2.plugin.inputs.MisfireException: org.graylog2.plugin.inputs.MisfireException: io.netty.channel.unix.Errors NativeIoException: bind (…) failed: Permission denied
please sort your thoughts and write a proper description that does not leave the peopel that try to help you with a big questionmark … or that they need to guess what your problem is.
I want to keep the log records of cisco switches in my system in graylog.
I wrote the necessary commands in Cisco Swicth. But I get the failed warning in graylog. I know that the udp port in the graylog is 1514.
I entered the necessary iptables command to the graylog server for this, but I still get the failed warning. When I looked at the server graylog server.log I saw Permision denied alerts.
I changed the udp port and made port forwarding.
I am waiting for your support on the subject.