DMZ Best Practice

Puk · August 11, 2017, 12:19am

Newbie to ELK here and wanting to monitor 3x DMZ hosts I have which run Apache.

My single ELK stack server is internal, so I know I "could" open up the port to Logstash and have the DMZ servers send logs via filebeat straight in, but thats not really the most secure practice really. I have seen mentions to RabbitMQ and Redis but I've never used either, so before I dig in too much, what is the best practice for DMZ setups. Do you have another DMZ server (no external access) but can access the internal server and have the DMZ servers forward to that, then it forward to the internal server. Is that where RabbitMQ and/or Redis come into play?

And on the off-chance, any getting starting guides for that which can point me in the right direction?

warkolm · August 11, 2017, 1:11am

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out

There's not a lot out there for guides that I have seen unfortunately. However using a broker in the DMZ can help as you can then pull the logs from that the secured zone.

system · September 8, 2017, 1:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Through DMZ Logstash	2	1087	July 6, 2017
Connecting DMZ ENV to ELK in the LAN Beats	9	1984	January 1, 2017
Collect logs from dmz Logstash	6	2789	December 20, 2016
Suggestion to ship logs from DMZ to LAN - Elastic stack 6.2.2 Beats filebeat	3	1278	March 23, 2018
Pull Beat Data Across a Firewall Elastic Observability	8	290	March 7, 2024

DMZ Best Practice

Related topics