<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Where does docker's splunk-logging-plugin read splunk-capath from? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Where-does-docker-s-splunk-logging-plugin-read-splunk-capath/m-p/502949#M85669</link>
    <description>&lt;P&gt;Answering my question, the splunk logger runs in it's own docker container. &lt;A href="https://github.com/splunk/docker-logging-plugin/blob/develop/Dockerfile"&gt;https://github.com/splunk/docker-logging-plugin/blob/develop/Dockerfile&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;So splunk-capath is in this container. I guess you need to make your own image &lt;CODE&gt;FROM&lt;/CODE&gt; that one with your certs if you want to add certs to it.&lt;/P&gt;</description>
    <pubDate>Fri, 18 Oct 2019 18:54:48 GMT</pubDate>
    <dc:creator>positr0n</dc:creator>
    <dc:date>2019-10-18T18:54:48Z</dc:date>
    <item>
      <title>Where does docker's splunk-logging-plugin read splunk-capath from?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Where-does-docker-s-splunk-logging-plugin-read-splunk-capath/m-p/502948#M85668</link>
      <description>&lt;P&gt;I have docker running with docker-machine on my Mac.&lt;/P&gt;

&lt;P&gt;In my docker VM I have loaded my company's internal root certificate in &lt;CODE&gt;/etc/ssl/cacert.pem&lt;/CODE&gt;.&lt;/P&gt;

&lt;P&gt;Install the plugin with &lt;CODE&gt;docker plugin enable splunk-logging-plugin&lt;/CODE&gt;&lt;/P&gt;

&lt;P&gt;In &lt;CODE&gt;/etc/docker/daemon.json&lt;/CODE&gt; I set &lt;CODE&gt;splunk-capath&lt;/CODE&gt; to that file.&lt;/P&gt;

&lt;P&gt;When I start a docker image I get &lt;CODE&gt;error creating splunk logger: open /etc/ssl/cacert.pem: no such file or directory"&lt;/CODE&gt;&lt;/P&gt;

&lt;P&gt;When I change &lt;CODE&gt;splunk-capath&lt;/CODE&gt; to a random cert on the image I'm running it appears to load and try to use it for TLS verification.&lt;/P&gt;

&lt;P&gt;Does this mean I need to add the corporate certs to every docker image I am going to run for the docker splunk forwarder to work?&lt;/P&gt;</description>
      <pubDate>Thu, 17 Oct 2019 22:46:14 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Where-does-docker-s-splunk-logging-plugin-read-splunk-capath/m-p/502948#M85668</guid>
      <dc:creator>positr0n</dc:creator>
      <dc:date>2019-10-17T22:46:14Z</dc:date>
    </item>
    <item>
      <title>Re: Where does docker's splunk-logging-plugin read splunk-capath from?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Where-does-docker-s-splunk-logging-plugin-read-splunk-capath/m-p/502949#M85669</link>
      <description>&lt;P&gt;Answering my question, the splunk logger runs in it's own docker container. &lt;A href="https://github.com/splunk/docker-logging-plugin/blob/develop/Dockerfile"&gt;https://github.com/splunk/docker-logging-plugin/blob/develop/Dockerfile&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;So splunk-capath is in this container. I guess you need to make your own image &lt;CODE&gt;FROM&lt;/CODE&gt; that one with your certs if you want to add certs to it.&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 18:54:48 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Where-does-docker-s-splunk-logging-plugin-read-splunk-capath/m-p/502949#M85669</guid>
      <dc:creator>positr0n</dc:creator>
      <dc:date>2019-10-18T18:54:48Z</dc:date>
    </item>
  </channel>
</rss>

