All Apps and Add-ons

How to resolve "Error binding to socket in UDPInputProcessor: Permission denied" error when forwarding Netapp ONTAP Syslog to indexer?

Path Finder

I am forwarding Netapp Ontap Syslog to my indexer machine via UDP 5146. On Splunk Web, under Data Inputs, I can see port is enabled.
I tried using CLI as well as Conf file for configuring listening on UDP 5146.
CLI Command(Using user Splunk) :

/opt/splunk/bin/splunk add udp 5146 -sourcetype ontap:syslog -index ontap
Listening for UDP input on port 5146.

Inputs.conf

(location : $SPLUNKHOME$/etc/apps/search/local/inputs.conf OR $SPLUNKHOME$/etc/slave-apps/_cluster/local/inputs.conf):

 [udp://5146]
    connection_host = ip
    index = ontap
    sourcetype = ontap:syslog

My indexer machine is part of a indexer cluster.
In splunkd.log I am below error related to UDP :

ERROR UDPInputProcessor - Error binding to socket in UDPInputProcessor: Permission denied

Please suggest solution for this problem.

0 Karma

Explorer

did you check for selinux enabled or misconfigured?

0 Karma

Splunk Employee
Splunk Employee

@abhinav_maxonic - Are you using one of the apps or add-ons on Splunkbase, specifically one of these?
- Splunk App for NetApp Data ONTAP
- Splunk Add-on for NetApp Data ONTAP

I just want to make sure your post is tagged properly.

0 Karma

Path Finder

Yes, I am using "Splunk App for NetApp Data Ontap" .

0 Karma