Want to disable Logstash http://localhost:9600/ URL JSON output

Hi Team,

We don't want to see JSON output as it contains Hostname and other sensitive information and it's accessible without user id and password too.

Please share details to disable this so that security vulnerability can be closed.

Thanks,
Shahid

@kvch Please help to tag someone who can help if possible.

You can secure the stats API of Logstash

Currently, i think we can't disable logstash Stats API

Thank you for update @ylasri actually security team raised this issue when they hit localhost:9600 in chrome all the sensitive information they are able to see. How to stop or hide the information please guide.

Thank you in advance.

Which version are you using?

In newer versions you can set api.enabled: false in logstash.yml to disable the API endpoint.

But doing this you will not be able to monitor your logstash instance and your logstash pipelines.

And as already said, you can set a username, password and certificate to access the logstash api endpoint, this is explained in the documentation.

Also, this API endpoint per default only binds to the loopback address, to make a request to the Logstash API on port 9600 you need access to the machine where logstash is running.

1 Like

Is this what are you looking for?
http.enabled: false / in logstash.yml <- no web API interface, newer version: api.enabled

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.