Getting Data In

How to forward logs of a specific source to a third-party, non-Splunk system using a certificate?

rgb22
New Member

Hello guys,

we are working with a Heavy forwarder and its receiving logs from a lot of sources and of course sending them into a Splunk Indexer. However, now I'm trying add the functionality to forward (firewall) logs of a specific sourcetype via syslog to another instance which is not from Splunk using a certificate.

I tried the steps of the documentation but i wasn't able to do it work properly. Can you give me some help with this please?

PD: The documentation i was using: http://docs.splunk.com/Documentation/Splunk/6.5.2/Forwarding/Forwarddatatothird-partysystemsd

Thanks you in advance

0 Karma

mwdbhyat
Builder

Can you describe more about the issue you are facing ? Is there an error you are getting or is it just not forwarding anything ?

0 Karma

rgb22
New Member

Thanks for your response.

I'm receiving firewall logs into a heavy forwarder and i need to send those logs to 1) Splunk indexers and 2) McAfee SIEM using certificate for the second. but i have no idea how to do it, I tried to send syslogs to another instance and it worked but i dont know how to do it using certificate. Ofcourse it needs to be a certificate who can work with splunk and mcfee

0 Karma

mwdbhyat
Builder

So the issue lies with the certificates then and not the forwarding/routing ?

0 Karma

rgb22
New Member

Yes, thats exactly my issue.

In addition: I was making some test and i was able to send those logs to another instance but if you have a guide like "better practices" to do this, i would be very grateful.

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...