Suggestion to ship logs from DMZ to LAN - Elastic stack 6.2.2


(Krishna Chaitanya Kattula) #1

Hi everyone,

I need help from you guys as I'm new to working with Elastic stack. I have installed Elastic search, Kibana and Logstash in LAN, and Filebeat in DMZ zone. All the versions are 6.2.2. I would like to output the data collected by beats to logstash. I understand that opening a port could help me achieve this, but I'm afraid of the security issues. I've seen that redis, kafka and RabbitMQ can be used, but I'm still unsure of how it works if I have queues in DMZ. Can someone advise me on how to proceed and which queue would be easy to manage for data around 15GB a day?

Thanks,
Krishna


(Andrew Kroh) #2

Beats would push data to these queues just like it would Logstash. If you ran any of these services within your LAN then your network setup would be same -- you would need to allow Beats to connect over TCP.

If you ran the queue outside of the LAN then you would need to allow outbound connections from the LAN to the queue. Beats would send to the queue. And Logstash would pull from the queue.

If it's the authN and authZ you are concerned about between Beats and LS you can use TLS mutual authentication between them.


(Krishna Chaitanya Kattula) #3

Thanks Andrew.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.