i would like to know some best practices about monitoring remote servers/workstations over internet. I mean, servers in different geographical locations other than ELK server:
how beats reach ELK?. Ports
how beats traffic could be secured?. Secure communication because logs are traveling over internet.
is a good practice to monitor servers and workstations not in the same local network?
Your question depends entirely on your infrastructure, you just need to make sure that your beats can reach your elasticsearch or logstash.
It is pretty common to collect monitoring data from different geographic locations, but it is strongly recommended to avoid sending it over the internet, you should use VPN communications to send the data.
You can secure the communications between the beats and the outputs using SSL/TLS, this is the documentation for packetbeat, the other beats have the same configuration.
Yes this what i need to achieve, our ELK server is in AWS EC2 and we need to collect data from several workstations and servers from different locations. Thanks for your answer much appreciated. So my best bet would be create and VPN between clients (beats) and ELK server.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.