I am struggling with this since few days. 😞
I sure that I don't understand some steps correct so that's the reason.
So I trying to configure sendings logs from my NAS servers (Synology) to my Splunk instance.
Logs are correctly receiving when I not use SSL in my Synology sendings log configuration. But when I enable SSL and import certificate in Synology then the logs are receiving but are hashed.
I searching for simple instruction how to set up Splunk to receiving Input Data via TCP and self-signed certificate.
I generated certificates with this instruction
I generated files in /opt/splunk/etc/auth/mycerts
After that I configure my Synology to sendings log via TCP port 514 with enabled SSL and imported CACertificate.pem
So I still don't understand how to configure Inputs.conf and server.conf in my Splunk Server to receiving ssl syslog over TCP
I've tried to configure like:
sourcetype = syslog
rootCA = /opt/splunk/etc/auth/mycerts/CACertificate.pem
serverCert = /optsplunk/etc/auth/mycerts/ServerCertificate.pem
What I am doing wrong.
Config you need, on the syslog:
[SSL] serverCert = .pem sslPassword = requireClientCert = true
clientCert = .pem
useClientSSLCompression = true
serverCert = .pem
sslRootCAPath = .pem
This is for the certs only, include other key/pair as required
So.. if I correct understand
inputs.conf (file on Splunk Server side)
server.cont (Splunk Server side)
outputs.conf (in my case is Synology NAS )
I don't understand why there is sslPassword needed.
I don't set up any password for SSL, is it require?.
On my synology server there is no option to set up password for sending logs via syslog.
Thank's for help.
I am not sure did I correct understand how to implement this in my case.
On Splunk side a need to configure inputs.conf and server.conf.
The outputs.conf is use on client side (sending syslog device/ universal forwarder etc).
In my case I don't have option to configure password to sendings log from Synology. I Can only import certificate, if ssl is enabled to sending syslog.
I don't really understand why there is password needed. I don't setup any password for ssl. Is it require to set password.