Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Secure transport of log files to our Splunk Server

sipapress2go
Engager
‎05-07-2010 07:39 AM

How do I secure my log file stream from our primary server to our dedicated Splunk server? Are there any secured layers I can use for the TCP transport?

I have tried to do it with an SSH-tunnel, but when the tunnel breaks down, the next message going through the tunnel is lost.

What do you do?

Reply
1 Solution
Solved! Jump to solution
Solution

matt
Splunk Employee
Splunk Employee
‎05-07-2010 04:47 PM

Splunk forwarders can encrypt their communication with the indexer using SSL, this can also be used to authenticate the forwarders which will prevent unauthorized forwarders from polluting your index. Documentation on how to configure encryption and authentication of forwarders using SSL can be found here

View solution in original post

Reply
Solved! Jump to solution
Solution

matt
Splunk Employee
Splunk Employee
‎05-07-2010 04:47 PM

Splunk forwarders can encrypt their communication with the indexer using SSL, this can also be used to authenticate the forwarders which will prevent unauthorized forwarders from polluting your index. Documentation on how to configure encryption and authentication of forwarders using SSL can be found here

Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎05-07-2010 03:09 PM

Use a Splunk forwarder, configured in SSL mode. This is considered the best practice.

Reply
Solved! Jump to solution

CerielTjuh
Path Finder
‎05-07-2010 09:17 AM

Im not sure if this is what you mean but:

If the primary server is a windows server you could use a splunk forwarder with ssl connection, this will ensure data transport and data integrity. (does not require a extra license, forwarder licenses are free)

If the primary server is not a windows server, try a secure FTP connection to transfer the files to the splunk server.

The first method is approved by our SAS70 compliancy auditors, so should work for you as well 🙂

0 Karma
Reply
Solved! Jump to solution

CerielTjuh
Path Finder
‎05-10-2010 06:43 AM

true gkanapathy 😉

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎05-07-2010 04:55 PM

the splunk forwarder with ssl will work between any two platforms on which splunk runs, which includes most unixes, linux, and windows. rsyslog is fine too, but you're more on your own with respect to setting up matching certificates, etc.

0 Karma
Reply
Solved! Jump to solution

CerielTjuh
Path Finder
‎05-07-2010 11:58 AM

Maybe next gen syslog.

Syslog but over a TCP connection.

http://www.debianhelp.co.uk/syslog-ng.htm

0 Karma
Reply
Solved! Jump to solution

sipapress2go
Engager
‎05-07-2010 09:28 AM

Both servers run Debian and also I want to be able to follow progress of the primary server in close to realtime (with a delay of max 10 sec.).

Perhaps rsyslog is something I should look into?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...