Details
-
Type:
Bug/Feature
-
Status: New (View workflow)
-
Resolution: Unresolved
-
Affects Version/s: 1.1.8
-
Fix Version/s: None
-
Labels:
Description
Using the following config:
tcp
{ port => 5000 type => vcs }udp { port => 5000 type => vcs }
tcp
{ port => 514 type => syslog }udp { port => 514 type => syslog }
Running with the config above using a non-privilegded user doesn't bind ports. Exected output is a warning in log about port 514 not being able to bind, and a successful bind on port 5000.
What's actually logged is:
{:message=>"UDP listener died", :exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in `bind'", "file:/usr/share/logstash/logstash.jar!/logstash/inputs/udp.rb:56:in `udp_listener'", "file:/usr/share/logstash/logstash.jar!/logstash/inputs/udp.rb:39:in `run'", "file:/usr/share/logstash/logstash.jar!/logstash/agent.rb:714:in `run_input'", "file:/usr/share/logstash/logstash.jar!/logstash/agent.rb:367:in `start_input'"], :level=>:warn}
without any of the ports bound, as seen by "netstat -napt | grep -i LISTEN"
Running with the above config as user root works fine.
Suggestion: Would it be possible to have logstash bind to port 514 without running with root priviliges? E.G logstash using "setuid" to drop down to user level after bind, but before accepting connections?
Ideally, I'd want to utilize adm group for access to /var/log/syslog, and run on default syslog port without root privileges.
Gliffy Diagrams
Attachments
Issue links
- testing discovered
-
- Confirmed
