Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Logstash only in DMZ?

https://support.nagios.com/forum/viewtopic.php?t=40084

Page 1 of 1

Logstash only in DMZ?

Posted: Thu Sep 01, 2016 2:02 pm
by vAJ
Anyone tried or have running a separate logstash instance listening in a secure zone (DMZ) then writing back to elastic in your LAN zone?

I'm getting static from InfoSec on the fact that nxlog traffic source ports are ephemeral. Having a listener inside DMZ that wasn't part of the cluster would be great. I don't want any of the cluster data stored/sharded in the DMZ, though.

-AJ

Re: Logstash only in DMZ?

Posted: Thu Sep 01, 2016 2:05 pm
by tmcdonald
Logjam?

https://github.com/gocardless/logjam

Re: Logstash only in DMZ?

Posted: Thu Sep 01, 2016 2:26 pm
by vAJ
I guess that works. Would need to switch from om_tcp to om_udp.

Sweet. I'll have to test that out.

Re: Logstash only in DMZ?

Posted: Thu Sep 01, 2016 2:29 pm
by mcapra
Let us know how it works! We've only ever played around with generic forwarders. Logjam definitely looks like a superior solution for your use case.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited