Hi. I'm trying to meet Logstash with all servers I have by Filebeat. The subject: some servers with private IP's (like 192.168.0.0/24) and some servers with public IP's (like 11.22.33.44). Personally Logstash is a private one.
Experience with private IP's was successful. I linked them to Logstash through SSL.
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
But I can't link public IP's that way. I've made a NAT rule for my gateway to redirect all frames with 5044 TCP port to Logstash server. But actually the problem lies in SSL certificate. When I tried to apply it, Filebeat got an error:
localhost /usr/bin/filebeat[41979]: transport.go:125: SSL client failed to connect with: x509: certificate is valid for 192.168.0.8, not 55.66.77.88
I tried to create a new cerificate which is valid for 55.66.77.88, but Logstash doesn't accept multiple SSL certificates and makes a configuration error. When I duplicated input block with SSL path changing - no more configuration errors, but Logstash has been failed after restart and no one private node can connect to it. Block duplication without SSL support doesn't work too (if I didn't make any mistake).
So, what's my question. How can I ship logs from public and private IP adresses at the same time? Does Logstash support any shipper else except Filebeat or may be it could be configured another way with another TCP port? I know it could be rsyslog, but if I want to send original Apache, MySQL etc. logs it won't solve the problem.