Is it possible to have index cluster tier which can support both non-ssl and ssl forwarders without running multiple instances?
Building on above answers. Here are examples at least for Splunk 6.6
inputs.conf on the indexer
# non ssl
[splunktcp://<non_ssl_port>]
# ssl
[splunktcp-ssl:<ssl_port>]
[SSL]
requireClientCert = true
sslCommonNameToCheck = mycommonName
serverCert = /path/to/ssl/servercert.pem
outputs.conf on a forwarder using SSL
[tcpout]
defaultGroup = splunkindexer-ssl
[tcpout:splunkindexer-ssl]
autoLBFrequency = 30
compressed = false
server = server1:<ssl_port>,server2:<ssl_port>,server3:<ssl_port>
clientCert = /path_to_cert/servercert.pem
sslPassword = password
sslRootCAPath = /path_to_ca_cert/ca.cert.pem
sslCommonNameToCheck = mycommonName
sslVersions = tls1.2
Thanks everyone!!
Building on above answers. Here are examples at least for Splunk 6.6
inputs.conf on the indexer
# non ssl
[splunktcp://<non_ssl_port>]
# ssl
[splunktcp-ssl:<ssl_port>]
[SSL]
requireClientCert = true
sslCommonNameToCheck = mycommonName
serverCert = /path/to/ssl/servercert.pem
outputs.conf on a forwarder using SSL
[tcpout]
defaultGroup = splunkindexer-ssl
[tcpout:splunkindexer-ssl]
autoLBFrequency = 30
compressed = false
server = server1:<ssl_port>,server2:<ssl_port>,server3:<ssl_port>
clientCert = /path_to_cert/servercert.pem
sslPassword = password
sslRootCAPath = /path_to_ca_cert/ca.cert.pem
sslCommonNameToCheck = mycommonName
sslVersions = tls1.2
Thanks so much for two answers!!
so,
I need inputs.conf with two ports one for one port for non-ssl(default 9997) and another for SSL?
Then just use SSL configs in outputs.conf for each forwarders where we need SSL?
is there some splunk docs out there which I can take a look?
Just look at the inputs.conf specifictaions. It's all described there.
Skalli
Sure, you can do that by setting on each forwarder outputs.conf
as you choose to with or without ssl. If your outputs.conf
is deployed via the apps then you can deploy to each set of forwarders the desired ssl or not configurations.
Yes, but they cannot be on the same port. You will need to have one [splunktcp-ssl:] stanza and [splunktcp:] stanza in your inputs.conf.