Hi ,
we have Elasticsearch cluster and now we want to stream logs from DMZ environment to there which isn't allowed by InfoSec purpose. Only allowed method of pull from the DMZ.
What's the preferred option in such case ?
we thought of several options and would like to get what's the best practice -
-
Asynchronous mechanism - send the logs to some queue / Container / Kafka and pull it from there - lot of components involved and performance issues
-
Cross Site Replication - create ECK or other deployment of Elasticsearch on the DMZ and send the logs there , and later replicate the indices to the original cluster - is that approach correct or it can have performance issues ? can you control the direction of where to replicate from ? can you view the logs in the target cluster after some time ?
-
Create ECK or other deployment of Elasticsearch on the DMZ and Have Kibana look at the remote cluster logs using Remote Cluster Search , is that something that you can recommend on ?
in the options of creating ECK cluster in the DMZ - can we use a Standard / Basic edition instead of the Enterprise ?
Thanks