LOGSTASH_Pull JDBC logs from cloud server to local using SSH key

(padma) #1

How to pull the JDBC logs from the cloud server to local using ssh key

(Ry Biesemeyer) #2

If your cloud server does not expose the appropriate ports for normal database connections to its public network interfaces, and you need to tunnel to your cloud server using SSH with key-based authentication, then you will need to create an SSH tunnel from your local machine to the cloud server that exposes a port from the server as a port on a local interface, such as your loopback interface with ip This is called "local forwarding" and can be set up with ssh's -L flag:

-L [bind_address:] port : host : hostport

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address . Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative syntax:
[ bind_address /] port / host / hostport or by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ''localhost'' indicates that the listening port be bound for local use only, while an empty address or '*' indicates that the port should be available from all interfaces.
-- man ssh

There are serious security implications here, as any user who has a route to that port on your local machine will also have access to the tunnelled port on your cloud server.

(padma) #3

Can you share e the sample config file for the above settings

(system) closed #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.