We don't want to see JSON output as it contains Hostname and other sensitive information and it's accessible without user id and password too.
Please share details to disable this so that security vulnerability can be closed.
@kvch Please help to tag someone who can help if possible.
You can secure the stats API of Logstash
Currently, i think we can't disable logstash Stats API
04:43PM - 24 Nov 16 UTC
@L4rS6 discovered an issue with our metric collection; it doesn't work when proc
Thank you for update
@ylasri actually security team raised this issue when they hit localhost:9600 in chrome all the sensitive information they are able to see. How to stop or hide the information please guide.
Thank you in advance.
Which version are you using?
In newer versions you can set
api.enabled: false in
logstash.yml to disable the API endpoint.
But doing this you will not be able to monitor your logstash instance and your logstash pipelines.
And as already said, you can set a username, password and certificate to access the logstash api endpoint, this is
explained in the documentation.
Also, this API endpoint per default only binds to the loopback address, to make a request to the Logstash API on port
9600 you need access to the machine where logstash is running.
Is this what are you looking for?
http.enabled: false / in logstash.yml <- no web API interface, newer version: api.enabled
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.