I am doing something new with my logstash collectors that I recently built and are working quite well. I need to start encrypting the data I am sending to another part of my organization. I have been looking at pretty much all the documentation in the elastic/logstash area and I am struggling a bit to know how to set this up. Like for example do I need to download something extra on my logstash server. Do I need openssl. I have the cert from the the destination organization. Just need a nudge in the right direction.
What is the output you are using?
How you will configure it depends on the output.
You should try with something like this:
output {
syslog {
host => "192.168.0.1"
protocol => "ssl-tcp"
port => "8888"
ssl_cacert => "/etc/logstash/cert.pem"
#ssl_cert => "/etc/logstash/server.crt"
#ssl_key => "/etc/logstash/private.key"
ssl_verify => "true"
}
}
Avoid the /tmp directory since the "logstash" user must have access rights.
thanks - will give that a try