Logstash to Logstash configuration

raj1209 · December 12, 2023, 5:45am

Hi Guys,

Can you please suggest a best way to configure logstash to logstash communication with SSL/TLS encryption.
There are some of the articles in logstash input and output plugin
lumberjack plugin but it did not work for me
some of them are deprecated.

Please advice me on this
Thank you

Gsmitt · December 12, 2023, 5:48am

Hey @raj1209

Simple configuration for Logstash using Beats input

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  beats {
    port => 5044
  }
}

output {
  opensearch {
    hosts => ["https://opensearch.domain.com:9200"]
    auth_type => {
              type => 'basic'
              user => 'admin'
              password => 'changeit'
            }
    ecs_compatibility => disabled
    ssl => true   
    cacert => "/opt/logstash-8.6.1/root-ca.pem"
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"    
    }
}

Hope that helps

raj1209 · December 12, 2023, 5:54am

Hi @Gsmitt Thanks for the lightning response , appreciated
In my scenario, It requires the logstash to logstash communication and not filebeat to logstash

Recently we had a merger between two companies and they are using logstash as well and we are trying to receive logs from their logstash ( A ) to our logstash ( B ) and have a secure communication between these two and send this logs to Opensearch

Gsmitt · December 12, 2023, 6:02am

Hey

I havent seen that done yet. We use Logstash send directly to Opensearch. I guess you could

Here is another example of an input you could use.

input {
  tcp {
    host       => "0.0.0.0"
    mode       => "server"
    port       => 5144
    ssl_enable => true
    ssl_cert   => "/etc/ssl/logstash.crt"
    ssl_key    => "/etc/ssl/ogstash.key"
    ssl_cacert => "/etc/ssl/certs/my_ca_cert.pem"
    ssl_verify => false
    type       => "syslog"
  }
}

Sorry Havent sent logs from Logstash to logstash.

jasonrojas · December 12, 2023, 4:25pm

One of the routes I would suggest investigating is shipping logs to an intermediary buffer like redis, kafka etc, then have the other logstash pull from there.
This avoids any issues if the last logstash in your chain is offline for whatever reason and should help prevent the shipping logstash from OOM’ing.

ie:

logstash_shipper → Buffer(redis etc) → Logstash_receiver → wherever.

raj1209 · December 15, 2023, 10:19am

Thank you for replying @jasonrojas
Suppose If I use tcp output plugin in logstash A and tcp input plugin in logstash B does it have any impact of data loss if one of the logstash chain goes down ?

jasonrojas · December 18, 2023, 3:00pm

You would have to test that to be certain. I think logstash will buffer to a point however those internal buffers will be limited to heap size and system memory etc.

raj1209 · December 19, 2023, 9:57am

Thank you for the suggestion

Topic		Replies	Views
Logstash to Opensearch with Certs auth Data Prepper	5	1359	December 16, 2022
Sending logs to opensearch via filebeat Open Source Elasticsearch and Kibana discuss	2	60	November 2, 2024
Logstash to opensearch Open Source Elasticsearch and Kibana configure	4	2365	September 20, 2022
Secure communication from Logstash to opensearch cluster OpenSearch	4	649	September 16, 2023
Having problem forwarding logs from logstash to elasticsearch via SSL Open Source Elasticsearch and Kibana	1	409	February 7, 2023

Logstash to Logstash configuration

Related Topics