<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: How to configure sending encrypted syslog via TCP in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481598#M82530</link>
    <description>&lt;P&gt;Config you need, on the syslog:&lt;BR /&gt;
- inputs.conf&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[SSL]
serverCert = .pem
sslPassword = 
requireClientCert = true
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;UL&gt;
&lt;LI&gt;&lt;P&gt;outputs.conf &lt;/P&gt;

&lt;P&gt;[tcpout]&lt;BR /&gt;
sslPassword = &lt;BR /&gt;
clientCert = .pem&lt;BR /&gt;
useClientSSLCompression = true&lt;/P&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;server.conf&lt;/P&gt;

&lt;P&gt;[sslConfig]&lt;BR /&gt;
serverCert = .pem&lt;BR /&gt;
sslRootCAPath = .pem&lt;BR /&gt;
sslPassword = &lt;/P&gt;&lt;/LI&gt;
&lt;/UL&gt;

&lt;P&gt;This is for the certs only, include other key/pair as required&lt;/P&gt;</description>
    <pubDate>Tue, 03 Mar 2020 21:09:43 GMT</pubDate>
    <dc:creator>anmolpatel</dc:creator>
    <dc:date>2020-03-03T21:09:43Z</dc:date>
    <item>
      <title>How to configure sending encrypted syslog via TCP</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481597#M82529</link>
      <description>&lt;P&gt;Hi.&lt;BR /&gt;
I am struggling with this since few days. &lt;span class="lia-unicode-emoji" title=":disappointed_face:"&gt;😞&lt;/span&gt;&lt;/P&gt;

&lt;P&gt;I sure that I don't understand some steps correct so that's the reason. &lt;BR /&gt;
So I trying to configure sendings logs from my NAS servers (Synology) to my Splunk instance.&lt;/P&gt;

&lt;P&gt;Logs are correctly receiving when I not use SSL in my Synology sendings log configuration. But when I enable SSL and import certificate in Synology then the logs are receiving but are hashed.&lt;/P&gt;

&lt;P&gt;&lt;STRONG&gt;I searching for simple instruction how to set up Splunk to receiving Input Data via TCP and self-signed certificate.&lt;/STRONG&gt;&lt;/P&gt;

&lt;P&gt;I generated certificates with this instruction&lt;/P&gt;

&lt;P&gt;&lt;A href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Security/Howtoself-signcertificates"&gt;https://docs.splunk.com/Documentation/Splunk/8.0.2/Security/Howtoself-signcertificates&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;I generated files in /opt/splunk/etc/auth/mycerts&lt;BR /&gt;
- CACertificate.csr&lt;BR /&gt;
- CACertificate.pem&lt;BR /&gt;
- CAPrivate.key&lt;BR /&gt;
- ServerCertificate.csr&lt;BR /&gt;
- ServerCertificate.pem&lt;BR /&gt;
- ServerPrivate.key&lt;/P&gt;

&lt;P&gt;After that I configure my Synology to sendings log via TCP port 514  with enabled SSL and imported CACertificate.pem&lt;/P&gt;

&lt;P&gt;So I still don't understand how to configure Inputs.conf and server.conf in my Splunk Server to receiving ssl syslog over TCP&lt;BR /&gt;
I've tried to configure like:&lt;/P&gt;

&lt;P&gt;&lt;STRONG&gt;inputs.conf&lt;/STRONG&gt;&lt;BR /&gt;
[tcp-ssl:514]&lt;BR /&gt;
sourcetype = syslog&lt;BR /&gt;
[SSL]&lt;BR /&gt;
rootCA = /opt/splunk/etc/auth/mycerts/CACertificate.pem&lt;BR /&gt;
serverCert = /optsplunk/etc/auth/mycerts/ServerCertificate.pem&lt;/P&gt;

&lt;P&gt;What I am doing wrong.&lt;/P&gt;</description>
      <pubDate>Tue, 03 Mar 2020 12:52:49 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481597#M82529</guid>
      <dc:creator>tskubisz</dc:creator>
      <dc:date>2020-03-03T12:52:49Z</dc:date>
    </item>
    <item>
      <title>Re: How to configure sending encrypted syslog via TCP</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481598#M82530</link>
      <description>&lt;P&gt;Config you need, on the syslog:&lt;BR /&gt;
- inputs.conf&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[SSL]
serverCert = .pem
sslPassword = 
requireClientCert = true
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;UL&gt;
&lt;LI&gt;&lt;P&gt;outputs.conf &lt;/P&gt;

&lt;P&gt;[tcpout]&lt;BR /&gt;
sslPassword = &lt;BR /&gt;
clientCert = .pem&lt;BR /&gt;
useClientSSLCompression = true&lt;/P&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;server.conf&lt;/P&gt;

&lt;P&gt;[sslConfig]&lt;BR /&gt;
serverCert = .pem&lt;BR /&gt;
sslRootCAPath = .pem&lt;BR /&gt;
sslPassword = &lt;/P&gt;&lt;/LI&gt;
&lt;/UL&gt;

&lt;P&gt;This is for the certs only, include other key/pair as required&lt;/P&gt;</description>
      <pubDate>Tue, 03 Mar 2020 21:09:43 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481598#M82530</guid>
      <dc:creator>anmolpatel</dc:creator>
      <dc:date>2020-03-03T21:09:43Z</dc:date>
    </item>
    <item>
      <title>Re: How to configure sending encrypted syslog via TCP</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481599#M82531</link>
      <description>&lt;P&gt;So.. if I correct understand &lt;/P&gt;

&lt;P&gt;inputs.conf (file on Splunk Server side)&lt;BR /&gt;
server.cont (Splunk Server side)&lt;BR /&gt;
outputs.conf (in my case is Synology NAS )&lt;/P&gt;

&lt;P&gt;I don't understand why there is sslPassword needed.&lt;BR /&gt;
I don't set up any password for SSL, is it require?. &lt;BR /&gt;
On my synology server there is no option to set up password for sending  logs via syslog. &lt;/P&gt;</description>
      <pubDate>Wed, 04 Mar 2020 07:58:43 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481599#M82531</guid>
      <dc:creator>tskubisz</dc:creator>
      <dc:date>2020-03-04T07:58:43Z</dc:date>
    </item>
    <item>
      <title>Re: How to configure sending encrypted syslog via TCP</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481600#M82532</link>
      <description>&lt;P&gt;Thank's for help.&lt;BR /&gt;
I am not sure did I correct understand how to implement this in my case.&lt;/P&gt;

&lt;P&gt;On Splunk side a need to configure inputs.conf and server.conf.&lt;BR /&gt;
The outputs.conf is use on client side (sending syslog device/ universal forwarder etc). &lt;BR /&gt;
In my case I don't have option to configure password to sendings log from Synology. I Can only import certificate, if ssl is enabled to sending syslog.&lt;/P&gt;

&lt;P&gt;I don't really understand why there is password needed. I don't setup any password for ssl. Is it require to set password. &lt;/P&gt;</description>
      <pubDate>Wed, 04 Mar 2020 10:39:54 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-configure-sending-encrypted-syslog-via-TCP/m-p/481600#M82532</guid>
      <dc:creator>tskubisz</dc:creator>
      <dc:date>2020-03-04T10:39:54Z</dc:date>
    </item>
  </channel>
</rss>

