DMZ Best Practice

Newbie to ELK here and wanting to monitor 3x DMZ hosts I have which run Apache.

My single ELK stack server is internal, so I know I "could" open up the port to Logstash and have the DMZ servers send logs via filebeat straight in, but thats not really the most secure practice really. I have seen mentions to RabbitMQ and Redis but I've never used either, so before I dig in too much, what is the best practice for DMZ setups. Do you have another DMZ server (no external access) but can access the internal server and have the DMZ servers forward to that, then it forward to the internal server. Is that where RabbitMQ and/or Redis come into play?

And on the off-chance, any getting starting guides for that which can point me in the right direction?

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out :wink:

There's not a lot out there for guides that I have seen unfortunately. However using a broker in the DMZ can help as you can then pull the logs from that the secured zone.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.