Beats -> Logstash security, use of security token to authenticate clients?


I run logstash in a cloud environment and due to the fact I do not control our client's systems, cannot enforce the use of client certificates with beats. What would be great is if all Beats (not just filebeat) supported the use of a security token. Where if the token doesn't match, then the incoming data is dropped from Logstash.

It is currently possible to implement this through the use of adding a token to a field (in the client beat), then checking the value of that token in the logstash configuration. From a security perspective, I'd feel much more comfortable if the logstash beat input was the one dropping logs that have failed the token check as it would happen before the log ever hits the logstash event pipeline.

Is there any chance of this style of "authentication" being implemented?


You'll probably have a better chance of reaching the core developers if you post a GitHub issue.

Thanks Magnus, have done.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.