Ship logs to Logstash from public&private IP addresses

Hi. I'm trying to meet Logstash with all servers I have by Filebeat. The subject: some servers with private IP's (like and some servers with public IP's (like Personally Logstash is a private one.
Experience with private IP's was successful. I linked them to Logstash through SSL.

input {
	beats {
		port => 5044
		ssl => true
		ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
		ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"

But I can't link public IP's that way. I've made a NAT rule for my gateway to redirect all frames with 5044 TCP port to Logstash server. But actually the problem lies in SSL certificate. When I tried to apply it, Filebeat got an error:

localhost /usr/bin/filebeat[41979]: transport.go:125: SSL client failed to connect with: x509: certificate is valid for, not

I tried to create a new cerificate which is valid for, but Logstash doesn't accept multiple SSL certificates and makes a configuration error. When I duplicated input block with SSL path changing - no more configuration errors, but Logstash has been failed after restart and no one private node can connect to it. Block duplication without SSL support doesn't work too (if I didn't make any mistake).

So, what's my question. How can I ship logs from public and private IP adresses at the same time? Does Logstash support any shipper else except Filebeat or may be it could be configured another way with another TCP port? I know it could be rsyslog, but if I want to send original Apache, MySQL etc. logs it won't solve the problem.

It's solved! Just one line in existing Filebeat configuration:

insecure: true

After that filebeat doesn't care about IP validation of SSL certificate. I know, it's insecure (Captain Obvious doesn't sleep), but it's still hard to redirect logs shipping. Because Filebeat needs a host with SSL private key, so it could be only .key file theft. Question seems a little beat strange, but if you have similar problem - get that.

1 Like