Getting Data In

Does Splunk support two-way SSL between the Universal Forwarder TCP port and external application?

ankithreddy777
Contributor

Does Splunk's Universal Forwarder supports SSL for TCP inputs (i.e It is receiving data from external application)? Does Splunk supports 2 way SSL between them?

0 Karma

koshyk
Super Champion
  1. We use TLS1.2 for Splunk UF to Indexers using certificates. So answer for 1st question is YES
  2. I'm not sure what you mean as 2 way SSL between them? You mean from Deployment-server to UF? (Yes in that case). Indexers don't need to communicate back to UF, so it is one way traffic only.
0 Karma

ankithreddy777
Contributor

Hi Koshyk,
I mean Does the traffic between external system (say Cloud foundry) to tcp port of Splunk UF has SSL b/w them?

Splunk UF TCP port xxx is receiving data from external source and forwarding it to Splunk Indexers.

Coming to splunk UF and indexers. In case when indexers send acknowledgement back to forwarders, is it not secured by SSL?

Thank you

0 Karma

koshyk
Super Champion

if the connection is between Cloud-foundry and UF, you can enable SSL/TLS if you enable certificates accordingly.

if its between UF & Indexers/HF/UF => the network connection is opened by UF and is Secured. So the acknowledgement is using the same connection and hence is secured.

0 Karma

ankithreddy777
Contributor

Hi Koshyk,
yes, the connection is between Cloud-foundry and UF, How to enable certificates for UF. Splunk docs gave information about how to configure inputs.conf for indexers and outputs.conf for UF for enabling SSL in case of connection between UF and Indexers. But how to configure splunk conf in my case?

thankyou

0 Karma

koshyk
Super Champion

The documents provide step by step method. Please use Link : http://docs.splunk.com/Documentation/Splunk/6.5.3/Security/ConfigureSplunkforwardingtousesignedcerti...

(Please mark answer if you are satisfied. cheers)

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...