Re: Is it possible to set TLS to only one input?

joshuasolman · ‎06-09-2022

Is it possible to set TLS to only one input? For example:

Checkpoint --> TLS --> SC4S --> Splunk

CISCO ASA --> UDP514 --> SC4S --> Splunk

So far, i can only find information about enabling TLS for all, just wondering if i can set it per source.

Thanks!

isoutamo · ‎06-09-2022

Hi

based on this Syslog Source Configuration You could enable TLS globally or by some default ports like 6514 etc. Have you done the 1st one or second configuration? Usually there are many devices which cannot use TLS, so it's better to enable TLS only on some default ports and leave tcp/514 and ump/514 without it.

r. Ismo

joshuasolman · ‎06-10-2022

isoutamo, thank you for replying!

i think i was misunderstanding those options then assuming they were all grouped up. The first option would be to enable TLS globally, but you can leave that to default (no) and then enable the second option which would be to enable TLS receiver on whatever port you choose.

Am i right in that assumption?

isoutamo · ‎06-10-2022

That is how I understand it.

Is it possible to set TLS to only one input?

syslog

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...