Hi Team,
I'm trying to use logstash to pull the log through rest API and plan to further forward it to the SIEM. The setup is pretty straight forward. SIEM <== Logstash (server) ==> Proxy ==> FW ==> API Host.
The have verified that API is accessible through proxy, however, I don't see any hit on the proxy through logstash.
gd@logstash:/home/gd> curl -k -v 'http://qatechtesting.com'
- Could not resolve host: qatechtesting.com; Unknown error
- Closing connection 0
curl: (6) Could not resolve host: qatechtesting.com; Unknown error
I tried setting up proxy configuration within the plugin, it failed
Set proxy in /etc/systemd/system/logstash.service.d/proxy.conf
export http_proxy=url:port
export https_proxy=url:port
export HTTP_PROXY=url:port
export HTTPS_PROXY=url:port
Based on few articles, setup proxy config in logstash-plugin
export JRUBY_OPTS='-J-Dhttp.proxyHost=proxy -J-Dhttp.proxyPort=port -J-Dhttp.proxyUser=user -J-Dhttp.proxyPassword=pwd' DEBUG=1 ./bin/logstash-plugin install logstash-input-stomp
Validated the proxy config in jvm.options.
Still can't see a single hit on the proxy, unsure what's wrong and what's the right proxy config, if missed anything.
HTTP_POLLER config:
input {
http_poller {
urls => {
urlname => "http://qatechtesting.com"
}
request_timeout => 60
tags => test
schedule => { "every" => "20s"}
proxy => { host=> "proxyurl" port => 8080 scheme => http user => "name" password => "pwd"}
codec => "line"
}
}
output {
stdout {
codec => rubydebug
Please help!