Problem
Received error “Could not bind UDP syslog input to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514, Address already in use” when adding log input using UDP 514 (default syslog port).
Explanation
In UNIX/LINUX, assigned port 1024 and below require root privilege. Either you run graylog2 as root (not recommended) or follow below workaround.
Solution
1. Create new Syslog UDP inputs and listen to any port (ex: 5514).
2. Manipulate traffic using iptable:
iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 514 -j REDIRECT --to-ports 5514
