Getting Data In

How to get secure syslog from keysecure/ safenetat appliance?

Path Finder

Hey splunksters, 
-Just curious if anyone has had success getting secure syslog over tcp-port 6514 . The safenet applicance is supposed to send data to the indexer which is being treated like the "syslog" server.  I have tried using my own certificates and carefully pointing the various inputs, web, and server.conf files LIKE THIS: 
-Through playing with the configuration stanzas, I am no longer getting any splunkd errors.  
-However, the INFO field (in splunkd) provides these msg: 
IPv4 port 6514 is reserved for raw input (SSL) 
IPv4 port 6514 is reserved for splunk 2 splunk 
IPv4 port 6514 will negotiate s2s protocol level 4 
creating raw acceptor for IPv4 port 6514 with SSL 
the server IS listening for port 6514, but wireshark does not show anything coming in or any flags for that port 
-So, I'm wondering if I need to allow client authentication?? 
- Do I have to use the Certificates from the safenet side instead? They have sent over 3 certificates (KeySecure client certificate and PKI CA certificate/certificate chain ) 

If so, How do I do I import/install their certificates and apply them in the .confs


Labels (1)
Tags (1)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!