Secure access to logstash


We currently use winlogbeats on a WEF server, logstash behind a firewall with allow rules for the source of the WEF server, using SSL on top of that.

We need to plan for a more mobile workforce without vpn back to the WEF server.

Exposing logstash to the outside isn't something I feel great about, certificate authentication seems as though it will be a headache to manage with expiry etc.

I add a field using the processor with an ID so I could drop all events without an ID which would help with rogue data coming in.

It looks as though kafka could accept a username and password which may tick the box to better secure winlogbeats to logstash.

Reaching out for any recommendations/suggestions.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.