Getting Data In

How to add new SSL input to heavy forwarder?

graju89
Path Finder

Hi all,

I am trying to add PAN traps logs into splunk. It is syslog and traps sends the log on SSL. I got the SSL certs. I need some help is setting up SSL connection from forwarder to traps cloud.

Anyone can help?

Thanks.

0 Karma

yannK
Splunk Employee
Splunk Employee

The docs recommend to use an intermediary software to receive the snmp traps (with ssl or not), then write them to a file on disk.
The use splunk to monitor the file and index it.
https://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

The other input (Tcp with ssl) is for syslog, but I am not sure if this is appropriate for SNMP traps data.
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

0 Karma

graju89
Path Finder

Hi YannK,

Thanks for your reply. It is not SNMP traps. It is PAN traps log. The second link you mentioned, is not opening.

0 Karma

yannK
Splunk Employee
Splunk Employee

Sorry. I fixed the link
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

So you are sending logs over classic syslog channels.
You can use the splunk UDP/TCP inputs described on the link
or you can use a syslog server to write the logs to disk, and have splunk monitor the files.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...