This happens because Graylog isn’t running as root and can’t listen on low numbered/privileged ports (below 1024).
Use authbind to work around this limitation.
Install Authbind, Configure Graylog to Use It
sudo apt-get install authbind -y
vi /etc/default/graylog-server
GRAYLOG_COMMAND_WRAPPER="authbind"
to the appropriate line of the file
Add the Ports to Authbind
- Add TCP 514 to Authbind
sudo touch /etc/authbind/byport/514
sudo chown graylog:graylog /etc/authbind/byport/514
sudo chmod 755 /etc/authbind/byport/514
- Add UDP 514 to Authbind
sudo touch '/etc/authbind/byport/!514'
sudo chown graylog:graylog '/etc/authbind/byport/!514'
sudo chmod 755 '/etc/authbind/byport/!514'
Restart Graylog