On Wednesday, March 16, 2016 at 4:53:27 AM UTC-4, Jochen Schalanda wrote: > > Hi Stephen, > > ports below 1024 are so called privileged ports which only the superuser > (i. e. "root") is allowed to bind processes to. There are ways to allow > unprivileged users to bind to those ports, e. g. using capabilities > (CAP_NET_BIND_SERVICE) or using a wrapper like authbind. > > The latter is available in Ubuntu Linux and you can simply use it as a > command wrapper for Graylog by adding it in /etc/default/graylog-server, > see > https://github.com/Graylog2/fpm-recipes/blob/1.3/recipes/graylog-server/files/ubuntu/default#L10-L12 > > for the template. > > > Cheers, > Jochen >
Enormous thank you Jochen! apt-get install authbind touch /etc/authbind/byport/\!514 chmod 500 /etc/authbind/byport/\!514 chown graylog /etc/authbind/byport/\!514 sed -i "s/GRAYLOG_COMMAND_WRAPPER=\"\"/GRAYLOG_COMMAND_WRAPPER=\"authbind\"/" /etc/ default/graylog-server service graylog-server restart Credit: https://www.atlantilde.com/2015/07/27/graylog-authbind-ports-privilegies/ I removed my IPTABLES rule and changed my udp input from 10514 to 514. Tested by sending some logs. It's working! Hope this will help someone else as well. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f35978fc-45bf-46a2-8f06-194403b08f0e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
