Description
The latest image won't allow the container to listen to the default syslog port (TCP or UDP 514).
To replicate on CentOS 7: docker run logstash -e 'input {syslog{}} output {stdout{}}'
Even when logged in as root and using sudo docker run... this gets these errors where the listeners start up but immediately die:
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
07:13:08.239 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
07:13:08.256 [LogStash::Runner] INFO logstash.agent - No persistent UUID file found. Generating new UUID {:uuid=>"3fd52e0a-90e4-4129-a71b-6094be14a7fd", :path=>"/var/lib/logstash/uuid"}
07:13:08.530 [Ruby-0-Thread-8: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:101] INFO logstash.inputs.syslog - Starting syslog udp listener {:address=>"0.0.0.0:514"}
07:13:08.533 [Ruby-0-Thread-9: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:105] INFO logstash.inputs.syslog - Starting syslog tcp listener {:address=>"0.0.0.0:514"}
07:13:08.536 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
07:13:08.545 [Ruby-0-Thread-9: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:105] WARN logstash.inputs.syslog - syslog listener died {:protocol=>:tcp, :address=>"0.0.0.0:514", :exception=>#<Errno::EACCES: Permission denied - bind(2)>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:124:in `initialize'", "org/jruby/RubyIO.java:871:in `new'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:159:in `tcp_listener'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:122:in `server'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:106:in `run'"]}
07:13:08.545 [Ruby-0-Thread-8: /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:101] WARN logstash.inputs.syslog - syslog listener died {:protocol=>:udp, :address=>"0.0.0.0:514", :exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in `bind'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:141:in `udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:122:in `server'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-syslog-3.2.0/lib/logstash/inputs/syslog.rb:102:in `run'"]}
07:13:08.593 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
07:13:08.647 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
Notice for TCP the issue is reported as: exception=>#<Errno::EACCES: Permission denied - bind(2) while for UDP the issue is: SocketError: bind: name or service not known Both of these are indicative of improper permissions for root for privileged ports (<1024).
I get the same result when attempting to pass the user root with: docker run --user=root logstash -e 'input {syslog{}} output {stdout{}}'
Tried on Docker version 1.13.0, build 49bf474 and the officially image-supported 1.12.3 (build 6b644ec).