Hi Team,[Urgent]As per the best practices, we created a non-sudo user called Cribl and enable the boot-start. In our environment, we can't use other than 514 ports for syslog receiving but we are getting the Error: "bind EACCES 0.0.0.0:514". as per the Cribl documentation we did the below.systemctl edit cribl[Service]AmbientCapabilities=CAP_NET_BIND_SERVICEBut we are getting the attached error and we are still not able to add the 514 ports in syslog source.
Question
Unable to bind to 514 for syslog input on Cribl with non-sudo user
Are you sure you are not already running a syslog instance or something else that is bound to port 514?
Stop Cribl and run this: `netstat -tuln | grep 514`
`sudo systemctl status | grep 514`
`sudo lsof -i :514`
Have you run a `systemctl daemon-reload` command?
This is a systemd error. Did you try googling ? I found this: https://github.com/systemd/systemd/issues/24208#issuecomment-1338127124|https://github.com/systemd/systemd/issues/24208#issuecomment-1338127124See if it addresses your issue.
Hi <@U01C35EMQ01> The below command (From the link you shared earlier) resolved the issue in my dev environment. Now, I will try the same in my production environment. fingers crossed.setcap cap_net_bind_service=+ep $CRIBL_HOME/bin/cribl
Keep us posted!
Good news.........My prod server is now receiving the data from 514 port.Thanks a lot <@U01C35EMQ01>
Fantastic!!!!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.