Has anyone had luck setting up secure (encrypted) syslog with this Addon? It only mentions creating a TCP input which would not be encrypted. Our Proofpoint is hosted at their cloud, so encryption between their cloud and our Heavy Forwarder onsite is imperative.
you could use [tcp-ssl://1234] in inputs.conf - it offers encrypted receiving of data.
However, best practice is to run a dedicated syslog server, which receives the data and writes it to disk, and have Splunk monitor those files. This helps with reliability, as a syslog server restart might take less than one second, but restarting Splunk might take up to several minutes. You might loose data that would come in during such an restart - which also happens more often with Splunk instances than with syslog servers.
I'd therefore recommend to setup syslog-ng, with encryption enabled, and send your data there.
Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂