Getting Data In

How to get secure syslog from keysecure/ safenetat appliance?

Path Finder

Hey splunksters, 
 
-Just curious if anyone has had success getting secure syslog over tcp-port 6514 . The safenet applicance is supposed to send data to the indexer which is being treated like the "syslog" server.  I have tried using my own certificates and carefully pointing the various inputs, web, and server.conf files LIKE THIS: 
 
https://wiki.splunk.com/Community:SplunkWeb_SSL_SelfSignedCert_NewRootCA 
 
AND LIKE THIS: 
 
https://community.splunk.com/t5/Getting-Data-In/How-to-configure-my-splunk-app-to-get-data-over-SSL/... 
 
-Through playing with the configuration stanzas, I am no longer getting any splunkd errors.  
 
-However, the INFO field (in splunkd) provides these msg: 
 
IPv4 port 6514 is reserved for raw input (SSL) 
 
IPv4 port 6514 is reserved for splunk 2 splunk 
 
IPv4 port 6514 will negotiate s2s protocol level 4 
 
creating raw acceptor for IPv4 port 6514 with SSL 
 
the server IS listening for port 6514, but wireshark does not show anything coming in or any flags for that port 
 
-So, I'm wondering if I need to allow client authentication?? 
 
- Do I have to use the Certificates from the safenet side instead? They have sent over 3 certificates (KeySecure client certificate and PKI CA certificate/certificate chain ) 

If so, How do I do I import/install their certificates and apply them in the .confs

Thanks!

Labels (1)
Tags (1)
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!