Hi,
I want to know whether we can ship logs to logstash without SSL? is there any way to disable SSL and then configure logstash and forwarder without SSL certificates?
br,
Sunil
Hi @sunilmchaudhari,
Just out of curiosity, why do you need to disable SSL? Logstash-forwarder will be your problem here, it requires encryption. Instead, you could replace the forwarder with another Logstash instance or use a syslog client to forward the logs via plain tcp or udp.
Hi @Joshua_Rich,
to answer your question, we have some process to create certificates on test environment.
I don't want to wait till that time and want to test whether its working or not. Its just temporarily i want to disable SSL for testing purpose.
what do you mean by syslog client?
to answer your question, we have some process to create certificates on test environment.
I don't want to wait till that time and want to test whether its working or not. Its just temporarily i want to disable SSL for testing purpose.
But if it's just for testing purposes, why not just create the certificate and key yourself?
what do you mean by syslog client?
Any program that's capable of reading logs and sending them via the syslog protocol. Like Logstash.
There are forks of the LSF out there that don't require SSL.
Could you please direct us to a link? Here is a case where SSL will not be required: we have a private network with applications running and to access this network/application you would have already been authenticated. So SSL would only be an additional overhead. Our current roadmap is that we do not require SSL but in the future for clients SSL may require.
Hi,
I am not expert. however, I think you can use logstash in shipper mode in your case, skipping LSF.
br,
Sunil
Shipper mode? I have multiple instances of different versions of the same application running on many servers. All within the same private network. How does shipper mode work?
Hi,
shipper mode--> instead of using logstash forwarder, you can use logstash as below.
input {
file {
type => "testType"
path => "C:/MyDirectory/logging.log"
}
output {
redis {
host => ... # string, default: "127.0.0.1"
key => ... # string
port => ... # number, default: 6379
}
}
So it will ship logs to the broker and then another instance of logstash (called indexer) will take data from broker and output to elasticsearch.
br,
Sunil
Yup sorry complete forgot about that option. I just kept in my mind that using a logstash instance will be very heavy on the cpu and memory. But is redis just a protocol? Or do you actually have to create shippers? I am trying to learn the best way to ship logs between servers on the same private network.
Hi,
Shipper is the concept only. It just ships logs from source to the destination (broker/filter/elasticsearch). In your case I am not sure if you are using any broker in between shipper and filter. So here in your case you can use logstash to take input form file and output to redis (if you are using). this forms basic shipper structure.
Redis is broker which holds data in memory. It basically solves purpose of asynchronous communication between client and server. You need to download and install it on server. Provide its host and default port:6379 in logstash (shipper) output as shown.
I am using below design in my project:
LSF (client side) ==> LS (shipper : Input from lumberjack and output to redis) ==> LS (Indexer: input from redis and output to Elasticsearch )
br,
Sunil
Interesting. Just familiarizing myself with some of these terms. I think I can further simplify this by not having a redis instance running.
Hi,
I am trying to use logstash shipper to ship some logs to redis queue in another server...can u help me?
Please start your own thread.