We have updated our Terms of Service, Code of Conduct, and Addendum.

bind EADDRNOTAVAIL

Ronnie Tirella
Ronnie Tirella Posts: 14
in Stream

I am getting this error in stream when trying to configure an IP address for a TCP source. I can't find any docs around this error.

Answers

  • Shawn Cannon
    Shawn Cannon Posts: 130 ✭✭

    what port are you trying to bind? Is it less that 1024?

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    10505

  • Jon Rust
    Jon Rust Posts: 402 mod

    Often this is due to another process already listening on that port. Try using lsof -i :10505 to see what's there, if anything.

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    It's more that it won't accept the IP address, can't the same port be used for all the cribl edge connections as long as the IP is different?

  • Jon Rust
    Jon Rust Posts: 402 mod

    Typically the source IP is left as 0.0.0.0. Can you explain more of what you're trying to do?

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    I am trying to use the same port for the TCP connections. I am setting up cribl edge on windows servers to then send logs to cribl stream.

  • Jon Rust
    Jon Rust Posts: 402 mod

    But you're referencing a source, not a destination. I'm confused :-)

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    Right, when referencing a source can't you put in the IP of that source as it's setup on the cribl edge side?

  • Jon Rust
    Jon Rust Posts: 402 mod
    edited November 1

    I'm not following. Can you provide a detailed description of what you're doing? Normally, no, you don't list IPs in your source configs. Each edge node has its own IPs, so that doesn't work. For the destination you'd put in where the Edge nodes need to send logs. They receive logs on 0.0.0.0 (ie, any address on their interfaces).

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    Ok so then each source has to have it's own port set? I am just sending windows logs via TCP to stream.

  • Jon Rust
    Jon Rust Posts: 402 mod

    Why are you setting ports? If you're reading logs from the windows event system, there are no ports. The only port is on the sending side from Edge to a source defined in Stream. With a single port, listening on 0.0.0.0.

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    you have to set a port in cribl stream.

  • Jon Rust
    Jon Rust Posts: 402 mod

    Yes. You set a port in Stream to listen for data coming from other places. You do not put an IP in that setting typically. The default of 0.0.0.0 is what you want in 99.999% of the cases.

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    so it has to be one port per system then?

  • Jon Rust
    Jon Rust Posts: 402 mod

    Not sure I don't understand the question.

    The Stream node listens on a port for data coming in.
    Edge senders will connect to that port to deliver data.

    Listening ports are not restricted to a single sender.

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    right but edge senders each have to use their own port?

  • Jon Rust
    Jon Rust Posts: 402 mod

    To send to? 100% not the case.

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    when I go to set the port as the same as other cribl edge connections it says it's already being used.

  • Jon Rust
    Jon Rust Posts: 402 mod

    That sounds like you're setting a source.

    On Stream: Set a source, Cribl TCP is a good choice. You need to pick a port to listen on. All Stream Worker nodes will listen on this port.

    On Edge: Set a Destination pointing to your Worker nodes on that single port you defined above

    On Edge: Set-up a source for the logs you want to read from the system, and point them to your Destination from the above step.

  • Ronnie Tirella
    Ronnie Tirella Posts: 14

    so the port can be the same?

Categories