Hi Team,[Urgent]As per the best practices, we created a non-sudo user called Cribl and enable the boot-start. In our environment, we can't use other than 514 ports for syslog receiving but we are getting the Error: "bind EACCES 0.0.0.0:514". as per the Cribl documentation we did the below.systemctl edit cribl[Service]AmbientCapabilities=CAP_NET_BIND_SERVICEBut we are getting the attached error and we are still not able to add the 514 ports in syslog source.
Page 1 / 1
Are you sure you are not already running a syslog instance or something else that is bound to port 514?
Stop Cribl and run this: `netstat -tuln | grep 514`
`sudo systemctl status | grep 514`
`sudo lsof -i :514`
<@U01C35EMQ01> I have checked, 514 port is not taken by any services.
we have installed cribl on RHEL 9
Have you run a `systemctl daemon-reload` command?
This is a systemd error. Did you try googling ? I found this: https://github.com/systemd/systemd/issues/24208#issuecomment-1338127124|https://github.com/systemd/systemd/issues/24208#issuecomment-1338127124See if it addresses your issue.
Hi <@U01C35EMQ01> The below command (From the link you shared earlier) resolved the issue in my dev environment. Now, I will try the same in my production environment. fingers crossed.setcap cap_net_bind_service=+ep $CRIBL_HOME/bin/cribl
Thanks for the quick response <@U012ZP93EER>
Keep us posted!
Good news.........My prod server is now receiving the data from 514 port.Thanks a lot <@U01C35EMQ01>
Fantastic!!!!
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.