Hi,
I run logstash in a cloud environment and due to the fact I do not control our client's systems, cannot enforce the use of client certificates with beats. What would be great is if all Beats (not just filebeat) supported the use of a security token. Where if the token doesn't match, then the incoming data is dropped from Logstash.
It is currently possible to implement this through the use of adding a token to a field (in the client beat), then checking the value of that token in the logstash configuration. From a security perspective, I'd feel much more comfortable if the logstash beat input was the one dropping logs that have failed the token check as it would happen before the log ever hits the logstash event pipeline.
Is there any chance of this style of "authentication" being implemented?
Cheers,
Nick