Flume moves large log streams and should be hardened for transport and sink credentials.
¶ Transport and Agent Security
- Bind sources to private interfaces where possible.
- Use TLS-secured channels between agents and collectors.
- Restrict agent ports using firewall policy.
¶ Sink and Backend Protection
- Protect credentials for HDFS/Kafka/DB sinks.
- Apply least privilege on sink-side service accounts.
- Audit and monitor failed writes/retries.