https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319260#M59641 <P>Splunk wont be able to decrypt this. You're going to want to use rsyslog/syslog-ng to do this, and after the files are decrypted and written to disk, use the UF to read the files.</P> Thu, 07 Sep 2017 06:35:51 GMT esix_splunk 2017-09-07T06:35:51Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319257#M59638 <P>Hi, <BR /> i am trying to send encrypted logs from Syslog to Splunk. To decrypt them i changed the splunk/etc/system/local/inputs.conf file like so:<BR /> [tcp-ssl:5140]<BR /> [SSL]<BR /> serverCert = path.pem<BR /> sslPassword = password </P> <P>I already get the encrypted Logs but the decryption doesnt work. <BR /> Can you help me? </P> Wed, 06 Sep 2017 14:37:18 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319257#M59638 elli_i 2017-09-06T14:37:18Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319258#M59639 <P>The tcp-ssl stanza just enables ssl on the connection from the syslog server to the splunk server. It's not going to handle any decryption of the underlying data.</P> Wed, 06 Sep 2017 16:24:59 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319258#M59639 jkat54 2017-09-06T16:24:59Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319259#M59640 <P>Okay, thanks! And what handles the decryption? I thought by sharing the certificate, with the ssl stanza, decryption is enabled. Or do i have to add a personal script? If so, is there a possibility, to just point splunk to the script, and splunk handles it? </P> Thu, 07 Sep 2017 06:02:17 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319259#M59640 elli_i 2017-09-07T06:02:17Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319260#M59641 <P>Splunk wont be able to decrypt this. You're going to want to use rsyslog/syslog-ng to do this, and after the files are decrypted and written to disk, use the UF to read the files.</P> Thu, 07 Sep 2017 06:35:51 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319260#M59641 esix_splunk 2017-09-07T06:35:51Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319261#M59642 <P>I know has been long time, were you able to decryp the logs at the end?</P> Tue, 19 May 2020 21:28:28 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/319261#M59642 crendon_splunk 2020-05-19T21:28:28Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/540047#M90432 <P>Hi&nbsp;<A href="https://community.splunk.com/t5/user/viewprofilepage/user-id/202391" target="_blank">@esix_splunk</A>,&nbsp;</P><P>Is the above state still true with newer version of Splunk. Can Splunk decrypt the encrypted data coming from external?</P> Tue, 16 Feb 2021 05:23:04 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/540047#M90432 saravanan90 2021-02-16T05:23:04Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/540048#M90433 <P>Same still holds true, you cannot send SSL traffic to a Splunk-SSLTCP input and hope Splunk can decrypt it.</P><P>Splunk TCP/SSL is for Splunk2Splunk(S2S) over SSL.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 16 Feb 2021 05:31:41 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/540048#M90433 esix_splunk 2021-02-16T05:31:41Z https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/540049#M90434 <P>Thanks a lot for your quick help&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/202391">@esix_splunk</a>.</P> Tue, 16 Feb 2021 05:34:30 GMT https://community.splunk.com/t5/Getting-Data-In/Decode-Logs-coming-from-Syslog-SSL/m-p/540049#M90434 saravanan90 2021-02-16T05:34:30Z