Getting Data In

How to get secure syslog from keysecure/ safenetat appliance?

nahfam
Path Finder

Hey splunksters, 
 
-Just curious if anyone has had success getting secure syslog over tcp-port 6514 . The safenet applicance is supposed to send data to the indexer which is being treated like the "syslog" server.  I have tried using my own certificates and carefully pointing the various inputs, web, and server.conf files LIKE THIS: 
 
https://wiki.splunk.com/Community:SplunkWeb_SSL_SelfSignedCert_NewRootCA 
 
AND LIKE THIS: 
 
https://community.splunk.com/t5/Getting-Data-In/How-to-configure-my-splunk-app-to-get-data-over-SSL/... 
 
-Through playing with the configuration stanzas, I am no longer getting any splunkd errors.  
 
-However, the INFO field (in splunkd) provides these msg: 
 
IPv4 port 6514 is reserved for raw input (SSL) 
 
IPv4 port 6514 is reserved for splunk 2 splunk 
 
IPv4 port 6514 will negotiate s2s protocol level 4 
 
creating raw acceptor for IPv4 port 6514 with SSL 
 
the server IS listening for port 6514, but wireshark does not show anything coming in or any flags for that port 
 
-So, I'm wondering if I need to allow client authentication?? 
 
- Do I have to use the Certificates from the safenet side instead? They have sent over 3 certificates (KeySecure client certificate and PKI CA certificate/certificate chain ) 

If so, How do I do I import/install their certificates and apply them in the .confs

Thanks!

Labels (1)
Tags (1)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!