Verifying Logstash Input and Output Plugins
Logstash Input Plugins Verification
Logstash input plugins collect data from various sources including files, databases, queues (Kafka, RabbitMQ), and network protocols (Beats, Syslog), ensuring uninterrupted data flow for processing and delivery to target systems such as SA Data Collector.
1. Check Active Pipelines
cat ${LOGSTASH_HOME}/config/pipeline.yml
2. Locate Input Section
Identify which input plugins utilize SSL/TLS.
3. Verify SSL/TLS Parameters
For secure connections, ensure these parameters are configured:
-
ssl_certificate_authorities— path to CA certificate ortruststore -
ssl_truststore_path— path to JKStruststore(if used) -
ssl_truststore_password—truststorepassword (if used) -
ssl_verify_mode— certificate verification mode (e.g., peer for server certificate validation)
4. Beats Configuration Example:
input {
beats {
port => 5044
ssl => true
ssl_certificate_authorities => ["/path/to/ca-cert.pem"]
}
}
5. Kafka Configuration Example:
input {
kafka {
bootstrap_servers => "kafka-server:9092"
topics => ["logs"]
ssl_truststore_location => "/path/to/truststore.jks"
ssl_truststore_password => "password"
}
}
6. Certificate Chain Verification
-
For default certificates: The chain was added according to Adding the CA Certificate Chain of the Infrastructure to the Search Anywhere Framework Component CA Certificate
-
For custom CA files: Manually add the chain following the same procedure Adding the CA Certificate Chain of the Infrastructure to the Search Anywhere Framework Component CA Certificate
7. Truststore Verification
-
For default truststore: The chain was added per Adding the CA Certificate Chain of the Infrastructure to the Truststore (JKS)
-
For custom
truststore: Manually add the chain following the same procedure Adding the CA Certificate Chain of the Infrastructure to the Search Anywhere Framework Component CA Certificate
Logstash Output Plugins Verification
Logstash output plugins deliver data to target systems like SM Data Storage. Verify SSL/TLS configurations are correct and error-free.
1. View Active Pipelines
To view the current configurations, run the command:
cat ${LOGSTASH_HOME}/config/pipeline.yml
2. Locate Output Section
Identify which output plugins utilize SSL/TLS.
3. Checking output parameters when using cacert
For pipelines writing to SA Data Storage, verify the output section's SSL and CA certificate usage.
Example:
output {
opensearch {
hosts => ["https://<OS_HOSTS>:9200"]
index => "<INDEX_NAME>"
user => "logstash"
password => "${ES_PWD}"
ssl => true
cacert => "${LOGSTASH_HOME}/config/ca-cert.pem"
ecs_compatibility => v8
}
}
- If the default certificate is used, the certificate chain has been added to according to the section Adding the CA Certificate Chain of the Infrastructure to the Search Anywhere Framework Component CA Certificate
- If an alternative CA file is used, then you must add the certificate chain to this file, also according to the section Adding the CA Certificate Chain of the Infrastructure to the Search Anywhere Framework Component CA Certificate
4. Checking the output parameters when using the truststore
If the pipeline uses the truststore, make sure that the settings are set correctly.
Example:
output {
opensearch {
hosts => ["https://<OS_HOSTS>:9200"]
index => "<INDEX_NAME>"
user => "logstash"
password => "${ES_PWD}"
ssl => true
truststore => "${LOGSTASH_HOME}/config/cacerts.jks"
ecs_compatibility => v8
}
}
- If the default certificate is used, the certificate chain has been added according to the section Adding the CA Certificate Chain of the Infrastructure to the Truststore (JKS)
- If an alternative truststore file is used, then you must add the certificate chain to this file, also according to the section Adding the CA Certificate Chain of the Infrastructure to the Truststore (JKS)