- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hunk X509 authentication for Splunk virtual index
Splunk 7.0.2 Mongo 3.6
Trying to create a virtual index that uses X509 cert instead of the CR username and pw. Have found a couple sources that recommend using:
vix.mongodb.auth.mechanism = X509
vix.mongodb.auth.username = [username]
Only issue here is there is no path to the keycert.pem and ca.cert.pem. The splunk answers have this "what about the path" question in the comments but no answers. Any ideas?
EDIT:
Hoping this makes the question a bit more clear. What I'm trying to do is ingest data from a remote mongo database. I have data on 192.168.1.1 in mongo and need to pull it into splunk on 192.168.1.2. In the splunk GUI, Settings > Virtual Indexes, I set up my provider (connection to remote server with mongo db) then set up the virtual index with the credentials to access that data base and the collection I want to ingest.
It's working with un/pw credentials but I need to set up a X509 cert auth.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried to first add the certificate using a mongo shell to mongodb, and only then try to connect using the Splunk App?
See the steps at the bottom of this page:
https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rdagan Thanks for your reply. Yes, I have already added those to mongodb and also I am able to access the mongodb using terminal. The part I am not able to figure out is where I should be providing the path to certificates on Splunk for Virtual Indexes while creating them. Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rdagan it will be great if you can provide some insight on the above asked question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In that case, you may want to try one of these options:
1) Modify the Java code of the App itself to include the option to add a path to the certificate
2) Experiment with Splunk DB Connect and see if the MongoDB JDBC driver includes the option to authenticate using X509
3) Remove the requirement for X509 and replace it with one of the other authentication options
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rdagan thanks a lot for your input. I will look into the options you provided and will update here if anything works out well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you try :
vix.mongodb.auth.mechanism = X509
vix.mongodb.auth.username = [username]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Refer this video for virtual index:
https://www.youtube.com/watch?v=O6ZRP3VBn7I
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @p_gurav for your reply. I am actually looking for the configuration settings i.e. where i can provide the path to X509 certificates. It will be helpful if you can provide me with those.
