How to hide credentials in logstash configuration files?

2018-03-27-logstash-keystore-blog

How to hide credentials in logstash configuration files?

logstash 6.2 let you protect credentials with the keystore.

Let’s see how to use logstash-keystore?

e.g. In the following, we will hide the ‘changeme’ password from the elasticsearch output of your logstash pipeline config file.

To create a logstash.keystorefile, open a terminal window and type the following commands

./bin/logstash-keystore create
./bin/logstash-keystore add es_password

ℹ️ the default directory is the same directory as the logstash.yml settings file.

./bin/logstash-keystore list should show you es_password as answser.

📌 The option -path.settings will set the directory for the keystore. (e.g. bin/logstash-keystore --path.settings /etc/logstash/.keystore create). The keystore must be located in Logstash’s path.settings directory.

📌 When you run Logstash from an RPM or DEB package installation, the environment variables are sourced from /etc/sysconfig/logstash. You might need to create /etc/sysconfig/logstash ; Please keep in mind that this file should be owned by root with 600 permissions.

# use es_password in the pipeline:
output {
	elasticsearch {
		hosts => …
		user => “elastic”
		password => “${es_password}”
	}
}

ℹ️ you can set the environment variable LOGSTASH_KEYSTORE_PASS to act as the keystore password.

Documentation

➡️ Official guide – logstash-keystore

To get help with the cli, simply use: $ ./bin/logstash-keystore help

Usefulness of an MQ layer in an ELK stack

Usefulness of an MQ layer in an ELK stack

First things first, disambiguation; let’s talk about these strange words.

What does ELK means?

An ELK stack is composed of Elasticsearch, Logstash, and Kibana; these 3 components are owned by the elastic.co company and are particulary useful to handle Data. (ship, enrich, index and search your Data)

What does MQ means?

In computer science, The message queue paradigm is a sibling of the publisher/subscriber pattern.
You can imagine an MQ componant works like several mailboxes; meaning that publisher(s)/subscriber(s) do not interact with the message at the same time, many publishers can post a message for one subsriber and vice versa.

➡ Redis or Kafka or RabbitMQ can be used as buffer in the ELK stack.

Read more

Contact Us