Logstash pipe elasticsearch through ssl?

Question

I'm not sure if this is even possible - I'm pretty new to using Logstash (watched a talk a few weeks back and just started toying with it today). My problem is this:

I have several machines out on the big, bad Internet that need to ship logs home. I have Elasticsearch setup behind an Nginx reverse proxy that's going to handle the SSL for me on the central log point.

But the client machines are mostly AS400 beasts, so I can't do something fun like run the logstashforwarder (lumberjack) on them. Given what I've seen of Logstash, what I think might be possible is something like this:

(Most inputs) --> elasticsearch output --> <something> --> https output --> (scary internet) --> nginx --> elasticsearch

Would that actually work? And if so, how could I do that?

Answer 1

What appears to work is using the logstash forwarder protocol. So I have on my central logserver a logstash instance running like so:

$ bin/logstash -e 'input { lumberjack {port => 7766 ssl_certificate => "my.crt" ssl_key => "my.key"} } output { elasticsearch { host => localhost } }'

And then on my remote machines I can have another logstash instance running that looks a little something like this:

$ bin/logstash -e 'input { stdin{} } output { stdout{} lumberjack { hosts => ["localhost"] port => 7766 ssl_certificate => "my.crt" }}'

I'll have to actually verify that the traffic is being encrypted, but it looks as though it should be.