Currently we are using a basic splunk configuration for the outputs.conf on all of our clients.
We are working on enabling SSL which can ba accomplisehd by doing :
defaultGroup = splunkssl
compressed = true
server = server3:9998
sslCertPath = $SPLUNKHOME/etc/auth/server.pem
sslPassword = $1$iYxeTtEVRyXQ
sslRootCAPath = $SPLUNKHOME/etc/auth/cacert.pem
sslVerifyServerCert = false
The above for SSL accomplishes this for one servers, we need to have the same functionality as current. How do I enable SSL forwarding in a round robin manner as we are using today ?
In addition is it possible to use a single port in splunk to listen for both SSL and non SSL connections ?
You can have a server=server1:1234,server2:1234 line. To do the round robin autoLB=true.
Yes, but how do I do that with SSL enabled ? We already have that working without SSL.