Wondering how to listen on privileged Ports with Nagios Log Server. We can help you.

Ports below 1024 are known as privileged ports in Linux. Configuring the Nagios log server to listen to these ports will be useful if we have legacy devices that can only send on specific ports.

Here at Bobcares, we get requests from our customers to configure their Nagios log server to listen to privileged ports as a part of our Server Management Services.

Today let’s see how our Support Engineers do this for our customers.

How to Listen on Privileged Ports with Nagios

Ports below 1024 are privileged on Linux and only the root user can listen on them.

Following are the two ways in which we can configure this :

1. Run Logstash as root
2. Use setcap

Run Logstash as root

This method configures logstash to run as the root user.

We can edit the logstash config file by executing the following command:

RHEL|CentOS|Oracle Linux

# vi /etc/sysconfig/logstash

Debian|Ubuntu

# vi /etc/default/logstash

or

$ sudo vi /etc/default/logstash

After that, find the following line:

LS_USER=nagios

And change it  to:

LS_USER=root

After that, save and close the file.

Finally, we can restart Logstash Service.

Use setcap

This option will preserve logstash running as the nagios user. However, this method will be less secure in some environments as it will allow any Java process to listen on privileged ports.

We have to add the following three lines at the bottom of  logstash init configuration file.

First, we have to open the file with the following command:

RHEL|CentOS|Oracle Linux

# vi /etc/sysconfig/logstash

Debian|Ubuntu

# vi /etc/default/logstash

or

$ sudo /etc/default/logstash

After opening, we have to add the following three lines to the end of the file:

# echo $(dirname $(find /usr/lib -name libjli.so)) | awk ‘{print $1}’> /etc/ld.so.conf.d/java.conf
# eval “$(which ldconfig)”
# setcap ‘cap_net_bind_service=+ep’ $(readlink -f $(which java))

Then save and close the file.

Finally, restart Logstash service with the following commnds:

RHEL 7+|CentOS 7+|CentOS Stream|Oracle Linux 7+|Debian|Ubuntu 16/18/20

# systemctl restart logstash.service

or

$ sudo systemctl restart lagstash.service

Add Inputs

After implementing the chosen method, we can add inputs to the configuration for ports below 1024.

We can use the following steps to add

1. First, click the Add Input drop-down list and select Custom.

2. And type a unique name for the input.

3. After that, in the text field, we will need to define the input configuration in the following way:

file {
type => “testing”
path => “/tmp/test.log”
}

4. Once we have finished, click the Save button.

5. Then click the Apply button followed by ‘Yes’ in the dialogue box.

Any ports lower than 1024 will not be listed in the “Logstash is currently collecting” banner on the Admin Overview page because the process listing the ports is not privileged and thus can not see any ports lower than 1024.

[Need Assistance? We are happy to help you!]

Conclusion

In short, we saw how our Support engineers configure Nagios Log Servers to listen on privileged ports.