Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise and Forwarders 9.3.2 on Windows TLS Configuration

rasmith1
Engager
‎12-20-2024 11:46 AM

Using "Securing the Splunk platform with TLS" I have converted Microsoft provided certificates to pem format and verified with the "openssl verify -CAfile "CAfile.pem" "Server.pem" "  command.

TLS configuration of the web interface using web.conf is successful.

TLS configuration of forwarder to indexer has failed consistently using the indexer server.conf file and the forwarder server.conf file as detailed in the doc. Our deployment is very simple; 1 indexer and a collection of windows forwarders.

Has anyone been able to get TLS working between forwarder - indexer on version 9+ ?

Any tips on splunkd.log entries that may point to the issue(s)?

 

Thanks for any help. I will be out of office next week but will return Dec 30 and check this. Thanks again.

 

Labels (2)
0 Karma
Reply

marnall
Motivator
‎12-22-2024 06:36 AM

Could you log in as the Splunk user on your indexer and then run btool for the stanzas relating the TLS-secured forwarding?

/opt/splunk/bin/splunk btool inputs list SSL
/opt/splunk/bin/splunk btool inputs list splunktcp-ssl
/opt/splunk/bin/splunk btool server list sslConfig

Make sure that the settings are set according to the instructions in the article. If they are the wrong values, then add --debug to the btool commands to find the file which is setting the command.

If there are no problems there, then do you find specific complaints in the splunkd log of the forwarder? E.g. "Invalid certificate", or does the connection time out?

Have you been able to forward logs, even _internal logs, before setting up TLS?

Reply

rasmith1
Engager
‎12-30-2024 01:48 PM

After some more searching I found SEC1936B .conf23 and followed the file configuration instructions.

I have TLS connections now.

Thank you for your time.

0 Karma
Reply
Get Updates on the Splunk Community!

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...
Top