1

I use logstash with embedded elasticsearch. My logstash config looks like the following:

output {
  tdout { debug => true debug_format => "json"}

  elasticsearch {
    embedded => true
    cluster => "logs"
  }
}

When I issue command to see all opened ports by using

netstat -plunt

I get the following: enter image description here

What means :::* in the third column are? Does it mean that embedded elasticsearch opens 9200, 9300 and 9301 ports for listening from anywhere?

If so how could I restrict elasticsearch to listen only from localhost?

Erik
  • 203
  • 2
  • 5
  • 13

2 Answers2

1

Hey it seems I get a trick and I've bound elasticsearch to my local machine but I had to write full machine IP instead just "127.0.0.1" or localhost. Also in the third column I still see 

:::*

enter image description here

Whats wrong?

Erik
  • 203
  • 2
  • 5
  • 13
0

:::* you are right it listen from anywhere

To allow only to listen from localhost you can edit elasticsearch.yml file with next.

network.host: "127.0.0.1" http.host: 127.0.0.1

You can also edit the iptables config and deny incoming requests to the (9200-9300) elasticsearch ports

vladeli
  • 99
  • 2
  • Thanks for the reply but I have no elasticsearch.yml file because I installed logstash as java wrapper according by this http://spredzy.wordpress.com/2013/02/09/java-service-wrapper-or-how-to-daemonize-your-java-services-for-all-major-oses/ – Erik May 29 '14 at 18:44
  • can you try with iptables – vladeli May 29 '14 at 18:46
  • Can I create and point to this file somehow? – Erik May 29 '14 at 18:46
  • vladeli, but how could I use elasticsearch config in my case? – Erik May 29 '14 at 18:48
  • to be honest i never used elasticsearch as java wrapper so i dont have expirience in running like this, but try iptables it should work – vladeli May 29 '14 at 18:52