https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13099#M1138 <P>Maybe next gen syslog.</P> <P>Syslog but over a TCP connection.</P> <P><A href="http://www.debianhelp.co.uk/syslog-ng.htm">http://www.debianhelp.co.uk/syslog-ng.htm</A></P> Fri, 07 May 2010 18:58:52 GMT CerielTjuh 2010-05-07T18:58:52Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13096#M1135 <P>How do I secure my log file stream from our primary server to our dedicated Splunk server? Are there any secured layers I can use for the TCP transport?</P> <P>I have tried to do it with an SSH-tunnel, but when the tunnel breaks down, the next message going through the tunnel is lost.</P> <P>What do you do?</P> Fri, 07 May 2010 14:39:12 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13096#M1135 sipapress2go 2010-05-07T14:39:12Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13097#M1136 <P>Im not sure if this is what you mean but:</P> <P>If the primary server is a windows server you could use a splunk forwarder with ssl connection, this will ensure data transport and data integrity. (does not require a extra license, forwarder licenses are free)</P> <P>If the primary server is not a windows server, try a secure FTP connection to transfer the files to the splunk server.</P> <P>The first method is approved by our SAS70 compliancy auditors, so should work for you as well <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 07 May 2010 16:17:06 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13097#M1136 CerielTjuh 2010-05-07T16:17:06Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13098#M1137 <P>Both servers run Debian and also I want to be able to follow progress of the primary server in close to realtime (with a delay of max 10 sec.).</P> <P>Perhaps rsyslog is something I should look into?</P> Fri, 07 May 2010 16:28:06 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13098#M1137 sipapress2go 2010-05-07T16:28:06Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13099#M1138 <P>Maybe next gen syslog.</P> <P>Syslog but over a TCP connection.</P> <P><A href="http://www.debianhelp.co.uk/syslog-ng.htm">http://www.debianhelp.co.uk/syslog-ng.htm</A></P> Fri, 07 May 2010 18:58:52 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13099#M1138 CerielTjuh 2010-05-07T18:58:52Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13100#M1139 <P>Use a Splunk forwarder, configured in SSL mode. This is considered the best practice.</P> Fri, 07 May 2010 22:09:45 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13100#M1139 dwaddle 2010-05-07T22:09:45Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13101#M1140 <P>Splunk forwarders can encrypt their communication with the indexer using SSL, this can also be used to authenticate the forwarders which will prevent unauthorized forwarders from polluting your index. Documentation on how to configure encryption and authentication of forwarders using SSL can be found <A href="http://www.splunk.com/base/Documentation/latest/Admin/EncryptandauthenticatedatawithSSL" rel="nofollow">here</A></P> Fri, 07 May 2010 23:47:10 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13101#M1140 matt 2010-05-07T23:47:10Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13102#M1141 <P>the splunk forwarder with ssl will work between any two platforms on which splunk runs, which includes most unixes, linux, and windows. rsyslog is fine too, but you're more on your own with respect to setting up matching certificates, etc.</P> Fri, 07 May 2010 23:55:07 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13102#M1141 gkanapathy 2010-05-07T23:55:07Z https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13103#M1142 <P>true gkanapathy <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Mon, 10 May 2010 13:43:52 GMT https://community.splunk.com/t5/Getting-Data-In/Secure-transport-of-log-files-to-our-Splunk-Server/m-p/13103#M1142 CerielTjuh 2010-05-10T13:43:52Z