Logstash Security and Monitoring - LogStash

What is Logstash Security and Monitoring?

In this episode, we will deliberate the security and monitoring features of Logstash.

Monitoring

Logstash is a very good tool to screen the servers and facilities in production environments. Applications in production produces different types of log data like access Logs, Error Logs, etc. Logstash can count or analyse the number of errors, accesses or other events using filter plugins. This examination and counting can be used for monitoring different servers and their services.

Logstash provides plugins like HTTP Poller to monitor the website status monitoring. Now, we are monitoring a website named mysite hosted on a local Apache Tomcat Server.

logstash.conf

In this config file, the http_poller plugin is used to hit the site stated in the plugin after a time interval stated in interval setting. Lastly, it writes the status of the site to a standard output.

Run logstash

We can run Logstash with the resulting command.

stdout

If the site is up, then the output will be −

If we stop the site by using the Manager App of Tomcat, the output will change to −

Security

Logstash offers adequate features for secure communication with external systems and supports authentication mechanism. All Logstash plugins support authentication and encryption over HTTP connections.

Security with HTTP protocol

There are settings like user and password for authentication purposes in numerous plugins offered by Logstash like in the Elasticsearch plugin.

The other verification is PKI (public key infrastructure) for Elasticsearch. The designer wants to define two settings in the Elasticsearch output plugin to enable the PKI authentication.

In the HTTPS protocol, a developer can use the authority’s certificate for SSL/TLS.

Security with Transport Protocol

To use the transport protocol with Elasticsearch, users want to set protocol setting to transport. This evades un-marshalling of JSON objects and leads to more efficiency.

The basic verification is same as done in http protocol in Elasticsearch output protocol.

The PKI authentication also needs the SSL sets to be true with other settings in the Elasticsearch output protocol −

Lastly, the SSL security needs a little with more settings than other security methods in communication.

Other Security Benefits from Logstash

Logstash can assist input system sources to stop contrary to attacks like denial of service attacks. The monitoring of logs and analysing the different events in those logs can help system administrators to check the difference in the incoming connections and errors. These evaluates can help to see if the attack is happening or going to happen on the servers.

Other products of the Elasticsearch Company such as x-pack and filebeat delivers some functionalit
y to communicate securely with Logstash.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

LogStash Topics