Getting Data In
Highlighted

How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

New Member

Hello guys,

we are working with a Heavy forwarder and its receiving logs from a lot of sources and of course sending them into a Splunk Indexer. However, now I'm trying add the functionality to forward (firewall) logs of a specific sourcetype via syslog to another instance which is not from Splunk using a certificate.

I tried the steps of the documentation but i wasn't able to do it work properly. Can you give me some help with this please?

PD: The documentation i was using: http://docs.splunk.com/Documentation/Splunk/6.5.2/Forwarding/Forwarddatatothird-partysystemsd

Thanks you in advance

0 Karma
Highlighted

Re: How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

Builder

Can you describe more about the issue you are facing ? Is there an error you are getting or is it just not forwarding anything ?

0 Karma
Highlighted

Re: How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

New Member

Thanks for your response.

I'm receiving firewall logs into a heavy forwarder and i need to send those logs to 1) Splunk indexers and 2) McAfee SIEM using certificate for the second. but i have no idea how to do it, I tried to send syslogs to another instance and it worked but i dont know how to do it using certificate. Ofcourse it needs to be a certificate who can work with splunk and mcfee

0 Karma
Highlighted

Re: How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

Builder

So the issue lies with the certificates then and not the forwarding/routing ?

0 Karma
Highlighted

Re: How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

New Member

Yes, thats exactly my issue.

In addition: I was making some test and i was able to send those logs to another instance but if you have a guide like "better practices" to do this, i would be very grateful.

0 Karma