Sending logs to logstash securely


(Pritchardjonathan) #1

Hi,

First, apologies for the noob question. I have my ELK server and application servers in different locations. I'm unclear about the best route to take to securely send my logs over the web. I know that lumberjack and Logstash use SSL to encrypt the data and ensure that the application servers are actually talking to the right elk server but does this guarantee that only my application servers can connect and send logs? Should I set up VPN or SSH tunnels between these servers? All the Logstash tutorials I've seen talk about private IPs which indicates that this might be the case.

Thanks in advance.

Jon


(Magnus Bäck) #2

Client certificate validation is currently not supported, i.e. TLS only helps with message integrity and privacy, not authentication. See How to Setup FileBeat with Basic Auth for LogStash Output? and https://github.com/logstash-plugins/logstash-input-beats/issues/8.


(Pritchardjonathan) #3

Great, thanks for the reply. I've set up an OpenVPN connection between the servers and will send logs over that. I guess TLS is not really necessary if sending logs over vpn?


(Magnus Bäck) #4

Indeed, since the VPN connection itself is encrypted you don't need to encrypt the log stream separately.


(system) #5