1 使用cipher plugin之前要提前安装plugin:
px@px-VirtualBox:/usr/share/logstash$ sudo bin/logstash-plugin install logstash-filter-cipher
Validating logstash-filter-cipher
Installing logstash-filter-cipher
Installation successful
查看安装成功:
px@px-VirtualBox:/usr/share/logstash$ sudo bin/logstash-plugin list --verbose |grep -i cipher
logstash-filter-cipher (4.0.0)
2. 使用AES对称加密(使用标准输入输出实现,输入为明文,输出为密文):
input { stdin { } }
filter {
cipher {
mode => "encrypt"
algorithm => "aes-128-cbc"
key_size => 16
iv_random_length => 16
key => "1234567890123456"
source => "message"
target => "ciphertext"
enable_metric => false
remove_field => [ "message" ]
}
}
output { stdout {} }
3. 使用AES对称加密(使用标准输入输出实现,输入为密文,输出为明文):
input { stdin { } }
filter {
cipher {
mode => "decrypt"
algorithm => "aes-128-cbc"
key_size => 16
iv_random_length => 16
key => "1234567890123456"
source => "message"
target => "plaintext"
enable_metric => false
remove_field => [ "message" ]
}
}
output { stdout {} }
4. 加载上述配置文件运行logstash进程。
bin/logstash -f shipper.conf
5. 在标准输入中分别输入明文,密文尝试加密解密。
a. 加密模式输入:
abcdefghijklmnopqrst
加密模式输出:
{
"@version" => "1",
"@timestamp" => 2020-01-05T11:16:13.954Z,
"host" => "px-VirtualBox",
"ciphertext" => "XV01y1mQ9yBSTR6jAZeU6L8EkfU6jMfZLPwmkjtcZjl7DtiPXge5OYHPD7FTXOMC"
}
b. 解密模式输入:
XV01y1mQ9yBSTR6jAZeU6L8EkfU6jMfZLPwmkjtcZjl7DtiPXge5OYHPD7FTXOMC
解密模式输出:
{
"@version" => "1",
"host" => "px-VirtualBox",
"@timestamp" => 2020-01-05T11:22:37.270Z,
"plaintext" => "abcdefghijklmnopqrst"
}