Newbie to ELK here and wanting to monitor 3x DMZ hosts I have which run Apache.
My single ELK stack server is internal, so I know I "could" open up the port to Logstash and have the DMZ servers send logs via filebeat straight in, but thats not really the most secure practice really. I have seen mentions to RabbitMQ and Redis but I've never used either, so before I dig in too much, what is the best practice for DMZ setups. Do you have another DMZ server (no external access) but can access the internal server and have the DMZ servers forward to that, then it forward to the internal server. Is that where RabbitMQ and/or Redis come into play?
And on the off-chance, any getting starting guides for that which can point me in the right direction?