Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise and Forwarders 9.3.2 on Windows TLS Configuration

rasmith1
Engager
‎12-20-2024 11:46 AM

Using "Securing the Splunk platform with TLS" I have converted Microsoft provided certificates to pem format and verified with the "openssl verify -CAfile "CAfile.pem" "Server.pem" "  command.

TLS configuration of the web interface using web.conf is successful.

TLS configuration of forwarder to indexer has failed consistently using the indexer server.conf file and the forwarder server.conf file as detailed in the doc. Our deployment is very simple; 1 indexer and a collection of windows forwarders.

Has anyone been able to get TLS working between forwarder - indexer on version 9+ ?

Any tips on splunkd.log entries that may point to the issue(s)?

 

Thanks for any help. I will be out of office next week but will return Dec 30 and check this. Thanks again.

 

Labels (2)
0 Karma
Reply

marnall
Motivator
‎12-22-2024 06:36 AM

Could you log in as the Splunk user on your indexer and then run btool for the stanzas relating the TLS-secured forwarding?

/opt/splunk/bin/splunk btool inputs list SSL
/opt/splunk/bin/splunk btool inputs list splunktcp-ssl
/opt/splunk/bin/splunk btool server list sslConfig

Make sure that the settings are set according to the instructions in the article. If they are the wrong values, then add --debug to the btool commands to find the file which is setting the command.

If there are no problems there, then do you find specific complaints in the splunkd log of the forwarder? E.g. "Invalid certificate", or does the connection time out?

Have you been able to forward logs, even _internal logs, before setting up TLS?

Reply

rasmith1
Engager
‎12-30-2024 01:48 PM

After some more searching I found SEC1936B .conf23 and followed the file configuration instructions.

I have TLS connections now.

Thank you for your time.

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top