natefaerber
commented
9 years ago bump. What's the status of this issue reported by @zabbal? Does the certificate file need the key embedded in it? (I guess I can test that.) Will 1.5.0 Lumberjack output work against a 1.4.2 Lumberjack input?
@jordansissel , I believe you requested people to start using full logstash client instead of logstash-forwarder at the SF Elasticon this year. Is the goal still to replace logstash-forwarder with the full logstash client? If so, is Lumberjack part of that?
(This issue was originally filed by @zabbal at https://github.com/elastic/logstash/issues/2126)
There's significant difference between logstash-forwarder and logstash when it comes to ssl configuration: forwarder supports following options - ssl_certificate, ssl_key, ssl_ca - which are pretty-much self-explanatory However if I want to ship logs from one logstash to another it becomes much tricker: there is only single "ssl_certificate" option with no example or explanation in the docs I've found so far. How should I supply private key for ssl certificate for logstash sender? How will logstash sender verify receiver certificate without option for CA certificate?
I've found numerous toy configuration examples which are of not much use because I'd like to roll out logstash for production setup - which means we already have CA issuing proper certificates for both logstash instances, sender and receiver.
Would be nice to have an example of shipping logs from one logstash to another in a secure way. Ideally, the option names should be compatible between logstash-forwarder and logstash so migration between those 2 would be as easy as possible.