The udp-balancer() source is not working when running Syslog-ng with an account other than the root account.
The following error is found in the logs: Error loading BPF program
SYS_ADMIN (CAP_SYS_ADMIN)
Once done the service account running Syslog-ng PE should have access to the eBPF plugin and the udp-balancer() should work.
NOTE - If Syslog-ng continues to encounter issues with starting please see the following for additional permissions that may be required:
CAP_NET_BIND_SERVICE - Required for binding to ports below 1024 (such as UDP 514).
CAP_CHOWN - Required for creating files with owner/group other than the current user.
CAP_FOWNER - Bypasses permission checks on operations that normally require the filesystem UID of the process to match the UID of the file.
CAP_DAC_OVERRIDE - Bypass file read, write, and execute permission checks.
CAP_DAC_READ_SEARCH - Bypass file read permission checks and directory read and execute permission checks
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center