Syslog udp died


Hi everyone!
I'm starting to use logstash for a project when we need to store some datas with logstash. Actually, we have a program which generates a lot of datas in a syslog file. So, we tried to configure an syslog input to take those datas.
The point is we are trying to do this with the next configuration:
On my computer, I have to start logstash. On my colleague's computer, we start the program which write into the syslog's files.
So, to make sure logstash can take those datas, I configure the syslog-simple.conf like this:

And, I still have these messages:



Can anyone help me?
Thanks =),


Philippe Weber
August 9, 2012, 11:23 AM

The host parameter is for specifying the local IP logstash should listen too, not any remote one,
you could leave it as default ( meaning that logstash would grab any syslog information sent to the machine running logstash on port 514.
Then your remote machine should be configured to send syslog information to logstash machine,
you could have a look at this recipe for an example using rsyslog:

Philippe Weber
January 5, 2013, 12:50 PM

Supposed misconfiguration. Please re-open if still needed

Herman van Rink
November 20, 2013, 4:39 PM

This seems more like a case where the running user had no privilege to open a port < 1024

See also:



Logstash Developers


Thomas Toledo


Affects versions