run logstash-forwarder in untrusted network-environment -

i want figure out safe way run logstash-forwarder respectively logstash lumberjack-input in untrusted network-environment.

as far understand, ssl-certificate ensures encrypted connection between client , server und authenticates server client (as in "ok, know server real logging-server"). how can authenticate client server (as in "ok, know client trying send me events 1 of machines, not else")?

ssl certificates can work in bidirectional way. can used authenticate server ("ok, server real logging-server") , other way around ("ok, know client 1 of machines"). second case need use client certificates.

although logstash forwarder allows configure client certificate, logstash's lumberjack input does not support client certs. there open github issue regarding feature.

to overcome dilemma can use alternative log client , logstash's tcp input supports client certs. input this:

input {        tcp {         port => 9999         ssl_cert => "/path/to/server.crt"         ssl_key => "/path/to/server.key"         ssl_cacert => "/path/to/ca.crt"         ssl_enable => true         ssl_verify => true     } } 

on client side can use several tools. nxlog. proper nxlog output config this:

<output logstash>     module  om_ssl     host    yourhost     port    9999     cafile  %certdir%/ca.crt     certfile    %certdir%/client.crt     certkeyfile %certdir%/client.key </output> 

unfortunately workaround software i'm afraid there no native lumberjack solution.