I'm absolutely new to Logstash, Elasticsearch and kibana. My boss asked me to put in place a cluster of logstash and elastic search servers for collecting all the logs we have in our DMZ server.
What I wish to know is:
- what is the workflow direction? the DMZ servers sends to the logstash servers or viceversa? because we have some firewall in between and the security auditor denies us the firewall opening ports from the external to the internal. in case there's some workaround or something to implement?
- there is a detailed step-by-step guide to install the cluster and the clients?
- there's a guide of which ports should be opened?
thank you very much