Help Needed: Setting Up Encrypted UDP Log Forwarding in Filebeat to Filebeat

Hello All,
I am currently working on a project that involves securing log forwarding using encrypted UDP.
I have a specific use case where I need to forward logs from one server to another over encrypted UDP, and I'm seeking guidance on how to set up this configuration properly.

Untitled Diagram.drawio861×111 3.56 KB

Use Case Summary:
I have two physically separated servers: server1 and server2, with a diode (One-Way UDP Data Transfer) in between. I would like to achieve the following setup:

Server1: Listen on port 514 for non-encrypted TCP syslog messages. These logs need to be forwarded to server2 on encrypted UDP (TCP TLS is not an option)

Server2: Receive logs from server1 on port 514 using encrypted UDP. And should be sent to Logstash.

I would greatly appreciate it if anyone in the community could provide guidance, tips, or even a sample configuration that demonstrates how to achieve this setup successfully.

Thank you in advance for your assistance. I look forward to your responses and insights.
Best regards,
Ran

Hello @randv.

Unfortunately we do not currently support DTLS (which is the only good way to do encrypted UDP), the only way would be to create some sort of encrypted tunnel between the two devices (there is many options to do this on Linux available online.

Encrypted UDP is not a very common ask, and I am curious as to why TCP is not an option at all? It would be a much more reliable way to transfer the logs, as UDP can be quite sensitive to network latency.

Hello @Marius_Iversen ,
Thanks for your response!
Due to security reasons all the traffic between site1 to site2 is go through a network device that only allow one way UDP communication to prevent any data to go from site2 to site 1.

About the DTLS tunnel probably it's what we will do.

Bets,
Ran

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.