Hello, Here's a solution given today by André Coelho (netfilter port redirection) : *iptables -A PREROUTING -t nat -i eth0 -p udp --dport 514 -j REDIRECT --to-port 10515*
Considering you're opening an UDP input on port 10515 Regards 2014-02-12 20:14 GMT+01:00 Lennart Koopmann <[email protected]>: > You need to be root to bind sockets on ports <=1024 on most *NIX > systems. Either run graylog2-server as root (not recommended) or use a > port higher than 1024. You could also try to give the local user than > runs graylog2-server permission to bind to those restricted ports, but > usually just choosing a higher port is the easiest solution. > > On Wed, Feb 12, 2014 at 7:26 PM, Tom Kinsella <[email protected]> > wrote: > > I have setup rSyslog : > > > > *.* @@10.0.32.63:515 > > > > but tcpdump show nothing : > > > > [root@syslog01 opt]# tcpdump port 515 -v > > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size > 65535 > > bytes > > > > In rSyslog I created a Syslog TCP Input : > > > > allow_override_date: true > > port: 515 > > bind_address: 0.0.0.0 > > store_full_message: true > > force_rdns: true > > > > > > But then it fails to start. In the server.log file I see : > > > > 10:24:38,130 ERROR [SyslogTCPInput] Could not bind syslog TCP input to > > address /0.0.0.0:515 > > org.jboss.netty.channel.ChannelException: Failed to bind to: / > 0.0.0.0:515 > > at > org.jboss.netty.bootstrap.ServerBootstrap.bind(ServerBootstrap.java:272) > > at > > > org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:79) > > at org.graylog2.inputs.InputRegistry$1.run(InputRegistry.java:78) > > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > > at > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > > at java.lang.Thread.run(Thread.java:744) > > Caused by: java.net.SocketException: Permission denied > > at sun.nio.ch.Net.bind0(Native Method) > > at sun.nio.ch.Net.bind(Net.java:444) > > at sun.nio.ch.Net.bind(Net.java:436) > > at > sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214) > > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) > > at > > > org.jboss.netty.channel.socket.nio.NioServerBoss$RegisterTask.run(NioServerBoss.java:193) > > at > > > org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:372) > > at > > > org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:296) > > at > > > org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) > > at > > > org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) > > at > > > org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) > > ... 3 more > > 10:24:38,134 ERROR [InputRegistry] The > > [org.graylog2.inputs.syslog.tcp.SyslogTCPInput] input with ID > > <52fbbc66e4b0165393ef0f8e> was accepted but misfired. Reason: Could not > bind > > syslog TCP input to address /0.0.0.0:515, Failed to bind to: / > 0.0.0.0:515, > > Permission denied > > org.graylog2.plugin.inputs.MisfireException: Could not bind syslog TCP > input > > to address /0.0.0.0:515 > > at > > > org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:84) > > at org.graylog2.inputs.InputRegistry$1.run(InputRegistry.java:78) > > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > > at > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > > at java.lang.Thread.run(Thread.java:744) > > Caused by: org.jboss.netty.channel.ChannelException: Failed to bind to: > > /0.0.0.0:515 > > at > org.jboss.netty.bootstrap.ServerBootstrap.bind(ServerBootstrap.java:272) > > at > > > org.graylog2.inputs.syslog.tcp.SyslogTCPInput.launch(SyslogTCPInput.java:79) > > ... 6 more > > Caused by: java.net.SocketException: Permission denied > > at sun.nio.ch.Net.bind0(Native Method) > > at sun.nio.ch.Net.bind(Net.java:444) > > at sun.nio.ch.Net.bind(Net.java:436) > > at > sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214) > > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) > > at > > > org.jboss.netty.channel.socket.nio.NioServerBoss$RegisterTask.run(NioServerBoss.java:193) > > at > > > org.jboss.netty.channel.socket.nio.AbstractNioSelector.processTaskQueue(AbstractNioSelector.java:372) > > at > > > org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:296) > > at > > > org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) > > ... 3 more > > > > > > > > > > Any help Please?! > > > > Thanks! > > > > Tom > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "graylog2" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- Cordialement, Jean-Luc Bassereau -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
