Input log problem

I install Graylog 3 on Centos 7.0, when I completed input setup and try start input, but input show failed and graylog show below error message:

io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
2020-01-14T17:43:11.605+08:00 ERROR [InputLauncher] The [org.graylog2.inputs.syslog.udp.SyslogUDPInput] input with ID <5e1d42925c10c1075bde32ad> misfired. Reason: bind(…) failed: Permission denied.
org.graylog2.plugin.inputs.MisfireException: org.graylog2.plugin.inputs.MisfireException: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:158) ~[graylog.jar:?]
at org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) [graylog.jar:?]
at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181) [graylog.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_232]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_232]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_232]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_232]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_232]
Caused by: org.graylog2.plugin.inputs.MisfireException: io.netty.channel.unix.Errors$NativeIoException: bind(…) failed: Permission denied
at org.graylog2.inputs.transports.UdpTransport.launch(UdpTransport.java:135) ~[graylog.jar:?]
at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:155) ~[graylog.jar:?]
… 7 more

How to solve this problem?

thanks
YK

Check if port used in Input is not bind (doesn’t listen) by another process…

in addition to that @ykl you might check if you do use a port that is below 1024 …

Even try input local server, but have same error.

Error message from Graylog is on the below:
An input has failed to start (triggered 18 hours ago)

Input 5e1d889d5c10c1075bde7eb3 has failed to start on node 5b2a83cd-3dbf-45e4-bfa6-165f89c6df4f for this reason: »bind(…) failed: Permission denied.«. This means that you are unable to receive any messages from this input. This is mostly an indication for a misconfiguration or an error. You can click here to solve this.

Input config is on the below:

allow_override_date: false
bind_address: 192.168.1.3 (Same as Graylog IP)
expand_structured_data: false
force_rdns: false
number_worker_threads: 2
override_source:
port: 514
recv_buffer_size: 262144
store_full_message: true

As @jan noted, you can’t setup input to listen on port below 1024 (0-1024), because graylog by default run as normal user (graylog) which can’t bind port below to 1024 (linux/unix behaviour).
So because you try to use port 514, which is below to 1024 - simple math :slight_smile: it won’t work.

You have 2 options:

  1. Either use port higher than 1024 in Input, for example 1514 and setup your devices to send logs to this port
  2. Or if you can’t setup different port than 514 on your devices use firewall redirection

Anyway check graylog FAQ:
https://docs.graylog.org/en/3.1/pages/faq.html#how-can-i-start-an-input-on-a-port-below-1024

And great graylog videos:
https://www.graylog.org/resources/inputs