Getting Data In

How to add new SSL input to heavy forwarder?

graju89
Path Finder

Hi all,

I am trying to add PAN traps logs into splunk. It is syslog and traps sends the log on SSL. I got the SSL certs. I need some help is setting up SSL connection from forwarder to traps cloud.

Anyone can help?

Thanks.

0 Karma

yannK
Splunk Employee
Splunk Employee

The docs recommend to use an intermediary software to receive the snmp traps (with ssl or not), then write them to a file on disk.
The use splunk to monitor the file and index it.
https://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

The other input (Tcp with ssl) is for syslog, but I am not sure if this is appropriate for SNMP traps data.
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

0 Karma

graju89
Path Finder

Hi YannK,

Thanks for your reply. It is not SNMP traps. It is PAN traps log. The second link you mentioned, is not opening.

0 Karma

yannK
Splunk Employee
Splunk Employee

Sorry. I fixed the link
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

So you are sending logs over classic syslog channels.
You can use the splunk UDP/TCP inputs described on the link
or you can use a syslog server to write the logs to disk, and have splunk monitor the files.

0 Karma
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...