How can I deny the log message sent by unknown source? Thanks

leftstar_200 · April 21, 2017, 6:41am

Hello all,

I am receiving the Syslog using Logstash as Syslog server. My client machine sends the massage to Logstash server.

My question is how can I specify which one or more client machines are valid to avoid disallowed machine sends the syslog message to my Logstash server once he known my Logstash IP address and port?

I can't implement it via FILTERof Logstash because I am worry about performance issue. So I am looking for a internal mechanism of Logstash that can refuses unknown syslog likes IPTABLE before received by INPUT

Thanks a lot

magnusbaeck · April 21, 2017, 7:32am

Apart from using filters Logstash has no functionality to reject connections from certain clients. Why not use the firewall for this?

leftstar_200 · April 21, 2017, 8:05am

Thanks for your reply. If no internal mechanism, I will use firewall to implement this. Thanks a lot!

system · May 19, 2017, 8:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.