Unable to bind to 514 for syslog input on Cribl with non-sudo user
Hi Team, [Urgent] As per the best practices, we created a non-sudo user called Cribl and enable the boot-start. In our environment, we can't use other than 514 ports for syslog receiving but we are getting the Error: "bind EACCES 0.0.0.0:514". as per the Cribl documentation we did the below. systemctl edit cribl [Service] AmbientCapabilities=CAP_NET_BIND_SERVICE But we are getting the attached error and we are still not able to add the 514 ports in syslog source.
Answers
-
Are you sure you are not already running a syslog instance or something else that is bound to port 514?
0 -
Stop Cribl and run this: `netstat -tuln | grep 514`
0 -
`sudo systemctl status | grep 514`
0 -
`sudo lsof -i :514`
0 -
<@U01C35EMQ01> I have checked, 514 port is not taken by any services.
0 -
we have installed cribl on RHEL 9
0 -
Have you run a `systemctl daemon-reload` command?
0 -
This is a systemd error. Did you try googling ? I found this: https://github.com/systemd/systemd/issues/24208#issuecomment-1338127124|https://github.com/systemd/systemd/issues/24208#issuecomment-1338127124 See if it addresses your issue.
0 -
Hi <@U01C35EMQ01> The below command (From the link you shared earlier) resolved the issue in my dev environment. Now, I will try the same in my production environment. fingers crossed. setcap cap_net_bind_service=+ep $CRIBL_HOME/bin/cribl
0 -
Thanks for the quick response <@U012ZP93EER>
0 -
Keep us posted!
0 -
Good news......... My prod server is now receiving the data from 514 port. Thanks a lot <@U01C35EMQ01>
0 -
Fantastic!!!!
0