Environmental variable in Logstash

Hi Folks,

I use Logstash to send logs to a cloud SIEM.
In particular I use an output plugin for the SIEM Vendor
In order to authenticate towards the cloud Logstash presents id which is public and don't bother me and key which is kind of sensitive.
Hence I used environmental variable in the config file and it worked like a charm.

However, I just tested it.
For real-live scenarios I'd have to set the variable into the bashrc of an account that is going to be used. When I set the var in the root bashrc Logstash can't see the variable since it runs with the logstash account.
However, I can't set the variable into logstash bashrc since this is a service account and has no interactive shell as you can see below
Service User:/usr/share/logstash:/usr/sbin/nologin

Now I can set the variable in /etc/environment but this is a global config file and every account would see the variable which security wise doesn't seem right to be.

I read about the logstash Secrets keystore but in order to be password-protected I need to again use environmental variable to store the password for the keystore. Correct? Which means that it's the same situation and I'd need to set the variable in /etc/environment

Could you please give me your five cents on the matter?

Thank you in advance.

As an addition, I checked and I can execute single commands for user logstash, so I tested it if I can set a var in its .bashrc. However, logstash has no .bashrc file (as Service User:/usr/share/logstash:/usr/sbin/nologin)?

@Badger have you got any ideas off top of your head?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.