Getting Data In
Highlighted

Splunk Forwarder SSL Configuration

Explorer

Currently we are using a basic splunk configuration for the outputs.conf on all of our clients.

[tcpout:indexerGroup]
server=server1:8182,server2:8182,server3:8182

We are working on enabling SSL which can ba accomplisehd by doing :
[tcpout]
defaultGroup = splunkssl

[tcpout:splunkssl]
compressed = true
server = server3:9998
sslCertPath = $SPLUNKHOME/etc/auth/server.pem
sslPassword = $1$iYxeTtEVRyXQ
sslRootCAPath = $SPLUNK
HOME/etc/auth/cacert.pem
sslVerifyServerCert = false

The above for SSL accomplishes this for one servers, we need to have the same functionality as current. How do I enable SSL forwarding in a round robin manner as we are using today ?

In addition is it possible to use a single port in splunk to listen for both SSL and non SSL connections ?

Tags (2)
Highlighted

Re: Splunk Forwarder SSL Configuration

Communicator

You can have a server=server1:1234,server2:1234 line. To do the round robin autoLB=true.

0 Karma
Highlighted

Re: Splunk Forwarder SSL Configuration

Explorer

Yes, but how do I do that with SSL enabled ? We already have that working without SSL.

0 Karma