12-07-2015 15:08:37.498 -0500 INFO TcpInputConfig - IPv4 port 550 is reserved for splunk 2 splunk
12-07-2015 15:08:37.498 -0500 INFO TcpInputConfig - IPv4 port 550 will negotiate new-s2s protocol
12-07-2015 15:08:37.498 -0500 ERROR TcpInputProc - Could not bind to port IPv4 port 550
12-07-2015 15:08:37.498 -0500 ERROR TcpInputProc - Could not bind to port IPv4 port 550
12-07-2015 15:08:37.502 -0500 ERROR UDPInputProcessor - Error binding to socket in UDPInputProcessor: Permission denied
Any idea of what could be causing this? Nothing is using port 550. If I start Splunk as root it binds port 550 without an issue.
Hi ralph_SAIC,
this is not a Splunk problem, this is based on the so called privileged ports
. The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature of your OS, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you.
If you want to use the port 550 with Splunk, create a new Splunk tcp input on port 1550 and use a iptables
rule to route input for port 550 to the Splunk port 1550:
/usr/sbin/iptables -t nat -A PREROUTING -m tcp -p tcp --dport 550 -j REDIRECT --to-ports 1550
Your Sysadmin can do this for you.
Hope this helps ...
cheers, MuS
Hi ralph_SAIC,
this is not a Splunk problem, this is based on the so called privileged ports
. The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature of your OS, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you.
If you want to use the port 550 with Splunk, create a new Splunk tcp input on port 1550 and use a iptables
rule to route input for port 550 to the Splunk port 1550:
/usr/sbin/iptables -t nat -A PREROUTING -m tcp -p tcp --dport 550 -j REDIRECT --to-ports 1550
Your Sysadmin can do this for you.
Hope this helps ...
cheers, MuS
we don't use iptables. i did find one thing about setcap, but still trying to figure it out as it does not seem to work.
Unfortunately I have not found a workaround for the shared libraries issue. Guess this will have to be a one off machine till I get this worked out.
Hi ralphw_SAIC,
I found these two links:
https://lists.linuxcontainers.org/pipermail/lxc-users/2014-July/007455.html
https://wiki.apache.org/httpd/NonRootPortBinding
The first is about setcap
for Splunk, the second a generic from Apache but does also apply to Splunk.
Please mark this as answered, because your initial question is answered - thanks 🙂