Sending logs to logstash securely

pritchardjonathan · January 9, 2016, 11:29am

Hi,

First, apologies for the noob question. I have my ELK server and application servers in different locations. I'm unclear about the best route to take to securely send my logs over the web. I know that lumberjack and Logstash use SSL to encrypt the data and ensure that the application servers are actually talking to the right elk server but does this guarantee that only my application servers can connect and send logs? Should I set up VPN or SSH tunnels between these servers? All the Logstash tutorials I've seen talk about private IPs which indicates that this might be the case.

Thanks in advance.

Jon

magnusbaeck · January 9, 2016, 3:42pm

Client certificate validation is currently not supported, i.e. TLS only helps with message integrity and privacy, not authentication. See How to Setup FileBeat with Basic Auth for LogStash Output? and https://github.com/logstash-plugins/logstash-input-beats/issues/8.

pritchardjonathan · January 9, 2016, 4:55pm

Great, thanks for the reply. I've set up an OpenVPN connection between the servers and will send logs over that. I guess TLS is not really necessary if sending logs over vpn?

magnusbaeck · January 9, 2016, 6:30pm

Indeed, since the VPN connection itself is encrypted you don't need to encrypt the log stream separately.

Topic		Replies	Views
SSL/Authentication: logstash -> logstash Logstash	2	546	February 16, 2017
Best secure way of getting remote logs? Logstash	3	637	July 6, 2017
Shipping Logstash to Logstash with encryption Logstash	2	481	November 6, 2017
How secure filebeat communication with logstash without SSL Beats filebeat	4	610	February 24, 2020
Can filebeat send logs over https to logstash? Beats filebeat	2	642	May 7, 2018

Sending logs to logstash securely

Related topics