Trouble sending syslog to Stream
Best Answer
-
The network ports from 1–1024 are classed as privileged ports and by default Cribl does not have access to any of the network ports in this range for both the TCP and UDP transport protocols.
Should you wish to use port 514 in your Cribl configuration you will need to:
1/ Stop Cribl:
- systemctl cribl stop
2/ Edit an override file and add the following two entries:
- systemctl edit cribl
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE3/ write and save the file
4/ You will then need to reload all unit files, this can be done by:
- A restart of the host OS
or
- "systemctl daemon-reload"
NB: (all sockets systemd listens on behalf of user configuration will remain accessible if a daemon-reload is carried out)5/ Start Cribl:
- systemctl cribl start6/ Check by using the command "netstat -an | grep 514" to see if the port is in the listening state
1
Answers
-
Ammending this answer:
That docs link should help. If you're not running as root, you'll need to grant special privileges to the process running Cribl to listen on 514. That link should help you with the details. Ping back if you get stuck0 -
The network ports from 1–1024 are classed as privileged ports and by default Cribl does not have access to any of the network ports in this range for both the TCP and UDP transport protocols.
Should you wish to use port 514 in your Cribl configuration you will need to:
1/ Stop Cribl:
- systemctl cribl stop
2/ Edit an override file and add the following two entries:
- systemctl edit cribl
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE3/ write and save the file
4/ You will then need to reload all unit files, this can be done by:
- A restart of the host OS
or
- "systemctl daemon-reload"
NB: (all sockets systemd listens on behalf of user configuration will remain accessible if a daemon-reload is carried out)5/ Start Cribl:
- systemctl cribl start6/ Check by using the command "netstat -an | grep 514" to see if the port is in the listening state
1
