All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Encryption on ports 9997 and 8089
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
04-12-2019
01:02 AM
Hello,
I have a question concerning encryption.
- Is the log transmission over the port 9997 per default encrypted?
- The same for the port 8089, if I use it to access the Splunk from Python over the 8089, is the data encrypted per default?
Kind Regards,
Kamil
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-12-2019
01:44 AM
Hi,
Have a look at table on Splunk doc https://docs.splunk.com/Documentation/Splunk/7.2.5/Security/AboutsecuringyourSplunkconfigurationwith...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-12-2019
01:44 AM
Hi,
Have a look at table on Splunk doc https://docs.splunk.com/Documentation/Splunk/7.2.5/Security/AboutsecuringyourSplunkconfigurationwith...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damucka
Builder
04-12-2019
04:55 AM
Hello @harsmarvania57
Thank you for the prompt answer. It helped to clarify and prepare the encryption for the forwarder --> indexer log transfer.
With the second question I still would need a help. If I connect to the Splunk using the splunk-python-sdk like below:
import sys
import splunklib.client as client
HOST = "splunk.mo.sap.corp"
PORT = 8089
USERNAME = "XXX"
PASSWORD = "YYY"
#searchQuery = "SSS"
# Create a Service instance and log in
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
...
Would the communication over port 8089 be encrypted in this case?
Kind Regards,
Kamil
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-12-2019
05:04 AM
If you look at "Type of Exchange" -> "Distributed search" in that splunk document it says on splunkd (Which means port 8089) encryption is enabled by default but cert authentication is not enabled by default and due to this we can say that this connection is not encrypted if you don't have correct certificate on client.
When you don't have correct certificate chain present on client side, it will try to encrypt connection when you connect from client to server but by default splunk will strictly not check certificate validation and you can connect to splunkd and that communication is not encrypted as per my knowledge.
Get Updates on the Splunk Community!
Detecting Brute Force Account Takeover Fraud with Splunk
This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...
Buttercup Games: Further Dashboarding Techniques (Part 9)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Buttercup Games: Further Dashboarding Techniques (Part 8)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
