Multiple inputs using the same port


(P) #1

Hello,
we use currently filebeat for shipping logs to logstash. It is in internal network so no SSL.
But I have a request to send logs from another place (from fluent bit: from fluent bit to logstash) over Internet so would like to involve SSL.
In this case I have to sources of logs coming to logstash in paralel:

  • internal without SSL

  • external with SSL

Is it possible for logstash to use one port for both inputs like here:

input {
        beats {
                port => "XXXX"
        }
        http {
                port               => "XXXX"
                user               => "abc"
                password           => "abc"
                ssl                => true
                ssl_certificate    => "/etc/logstash/http-input.crt"
                ssl_key            => "/etc/logstash/http-input.key"
                ssl_key_passphrase => "abc"
        }
}

(Lewis Barclay) #2

You know you can do SSL over any port? So why do they need to be the same?


(P) #3

Due to firewall blocking all other ports ...


(Lewis Barclay) #4

So if beats are internal, why do you need them to be on the same port?


(P) #5

So far logstash is receiving logs over backbone network (no ssl involved) but is still behind firewall. Now I need to add logs from external servers (no backbone - just internet) over ssl to the same logstash.


(Lewis Barclay) #6

I would suggest that getting firewalls changed would be a nicer and more complete solution. There will be no way to differentiate the logs coming in so I don't think what you want to do will work. You could try setting both to use SSL but again, no way for logstash to tell if it is receiving HTTP or beat traffic.


(P) #7

Thanks @Eniqmatic.