Hi, I am trying to allow input only from my own network and thus have the following .conf
input{
gelf {
type => "log"
# host => "172.16.0.0"
# port => 12201
}
beats {
# host => "172.16.0.0"
port => 5044
type => "log"
}
http {
# host => "0.0.0.0" # default: 0.0.0.0
# port => 8080 # default: 8080
type => "log"
}
}
my network is a docker network with 172.16.0.0. Everything works fine without host (default), or when I set the http host to 0.0.0.0 (and the sender ip is 172.16.0.5) . Tested with i.e.
* Hostname was NOT found in DNS cache
* Trying 172.16.0.38...
* connect to 172.16.0.38 port 8080 failed: Connection refused
* Failed to connect to logstash port 8080: Connection refused
what am I doing wrong? How do I mask the network to allow input only from 255.255.255.0?
The host option chooses which interface to listen on, i.e. it must either be 0.0.0.0 or one of the IP addresses that the host has. It's not an access control mechanism per se.
How do I mask the network to allow input only from 255.255.255.0?
That can't be done from Logstash (unless you accept events initially but drop everything that doesn't originate from the same subnet or whatever condition you like).
Thanks. I think the documentation "The IP address to listen on." could then use a litte more explanation. I have see quite a few posts where people ask about their setting not working and then are told to use 0.0.0.0. I guess today many people are used to network mapping being the standard for things where you can set the ip.
I mean that in cases where you could expect input to come from a limited number of nods, yet from a specific network(s), it would be nice to have mapping enabled. So for example 172.13.14.0 would allow all nodes from 172.13.14.x. That is how I interpreted the documentation and reading quite a few posts, I wasn't the only one.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.