I would like to know if what I'm trying to do is possible with Elastic Stack?
I have multiple network security zones, all firewalled from each other: (PAZ - Public Access Zone, OZ - Operation Zone, RZ - Restricted Zone). I would like all logs from all servers to be shipped and stored in the RZ - strongest security zone. But data can't go directly from the PAZ to the RZ, it first has to pass through the OZ to reach the RZ.
So the setup would basically be this:
PAZ server rsyslog configured to send syslogs to PAZ Logstash
PAZ Logstash output send to OZ Logstash
OZ Logstash output sends to RZ Logstash
RZ Logstash output sends to RZ Elasticsearch
What I've tried to do so far is setup a Logstash server in the PAZ and another in OZ. I'm trying to setup Logstash-to-Logstash Lumberjack Communication - https://www.elastic.co/guide/en/logstash/current/ls-to-ls.html. When I test this by running logstash on the command line, everything seems to work, but running Logstash as a service with this same setup results in SSL errors.
I found a few posts saying that the Lumberjack protocol is deprecated. Is there a best practice for what I'm trying to do, or a recommended way to do this?