DMZ Best Practice

Puk · August 11, 2017, 12:19am

Newbie to ELK here and wanting to monitor 3x DMZ hosts I have which run Apache.

My single ELK stack server is internal, so I know I "could" open up the port to Logstash and have the DMZ servers send logs via filebeat straight in, but thats not really the most secure practice really. I have seen mentions to RabbitMQ and Redis but I've never used either, so before I dig in too much, what is the best practice for DMZ setups. Do you have another DMZ server (no external access) but can access the internal server and have the DMZ servers forward to that, then it forward to the internal server. Is that where RabbitMQ and/or Redis come into play?

And on the off-chance, any getting starting guides for that which can point me in the right direction?

warkolm · August 11, 2017, 1:11am

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out

There's not a lot out there for guides that I have seen unfortunately. However using a broker in the DMZ can help as you can then pull the logs from that the secured zone.

system · September 8, 2017, 1:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Collect logs from dmz Logstash	6	2787	December 20, 2016
Suggestion to ship logs from DMZ to LAN - Elastic stack 6.2.2 Beats filebeat	3	1278	March 23, 2018
Pull Beat Data Across a Firewall Elastic Observability	8	289	March 7, 2024
External Filebeat plus Logstash best approach Logstash	8	788	June 5, 2018
Using RabbitMq as broker between Beats and Logstash Beats	28	486	June 16, 2024

DMZ Best Practice

Related Topics