attempting to start Syslog port 514 as an input after installing Graylog will fail. This is due to graylog-server running as a non-root users. Ports below 1024 require root level permissions.
Software you should have installed before attempting this task
sudo apt-get install authbind -y
Configure UDP 514 to Authbind (the “!” is for UDP, remove it for TCP)
sudo touch '/etc/authbind/byport/!514'
sudo chown graylog:graylog '/etc/authbind/byport/!514'
sudo chmod 500 '/etc/authbind/byport/!514'
Configure /etc/default/graylog-server to use authbind as a wrapper
sudo sed -i "s/GRAYLOG_COMMAND_WRAPPER=\"\"/GRAYLOG_COMMAND_WRAPPER=\"authbind\"/" /etc/default/graylog-server
service graylog-server restart
sudo systemctl restart graylog-server.service