SSL/Authentication: logstash -> logstash

Elastic Stack Logstash
1

I have two servers and each has a logstash instance running. On Server A, the apache logs are captured by logstash and sent to Server B. I am using the TCP pluging and it is listening/recieving data on port 5000 on Server B. The below configuration works great. However, it is not a secure connection from Server A to Server B. Any suggestions how to secure communication between two logstash instances?

Server A

bin/logstash agent -f node.conf -l logstash.log

node.conf

input {
        file {
                path => "/logs/apache/*.log"
        }
}
output {
        stdout { codec => rubydebug { metadata => true } }
        tcp {
                codec => "json_lines"
                host => "169.99.9.199"
                port => 5000
        }
}

Server B

bin/logstash agent -f central.conf -l logstash.log

central.conf

input {
  tcp {
        port => 5000
        codec => json
  }
}
output {
        stdout { codec => rubydebug { metadata => true } }
        kafka {
                codec => json
                topic_id => "topic_name"
                bootstrap_servers => "servername"
        }
}
2

Have a look at the lumberjack input/output plugins: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-lumberjack.html

Alternatively you can use Filebeat in place of Logstash on the sending server. If all you're doing is reading and sending files then Logstash is a bit of overkill.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.