Graylog2: “Could not bind UDP syslog input to address /0.0.0.0:514”

By | October 2, 2014

Problem

Received error “Could not bind UDP syslog input to address /0.0.0.0:514, Failed to bind to: /0.0.0.0:514, Address already in use” when adding log input using UDP 514 (default syslog port).

Explanation

In UNIX/LINUX, assigned port 1024 and below require root privilege. Either you run graylog2 as root (not recommended) or follow below workaround.

Solution

1. Create new Syslog UDP inputs and listen to any port (ex: 5514).
2. Manipulate traffic using iptable:
iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 514 -j REDIRECT --to-ports 5514

Incoming search terms:

  • graylog 514 port
  • bind( ) failed: Permission denied graylog
  • graylog inputs permission denied
  • graylog iptables 514
  • graylog syslog udp failed
  • graylog использование 514 порта
  • Input States for Syslog Input 352f7f41 / graylog: FAILED
  • UDP 0 0 0 0:514