I am doing something new with my logstash collectors that I recently built and are working quite well. I need to start encrypting the data I am sending to another part of my organization. I have been looking at pretty much all the documentation in the elastic/logstash area and I am struggling a bit to know how to set this up. Like for example do I need to download something extra on my logstash server. Do I need openssl. I have the cert from the the destination organization. Just need a nudge in the right direction.
What is the output you are using?
How you will configure it depends on the output.
(post deleted by author)
You should try with something like this:
output {
syslog {
host => "192.168.0.1"
protocol => "ssl-tcp"
port => "8888"
ssl_cacert => "/etc/logstash/cert.pem"
#ssl_cert => "/etc/logstash/server.crt"
#ssl_key => "/etc/logstash/private.key"
ssl_verify => "true"
}
}
Avoid the /tmp directory since the "logstash" user must have access rights.