Solved: Syslog SSL - FortiWeb Cloud to Splunk Enterprise

solg · ‎01-03-2025

We need to connect a FortiWeb Cloud with a Splunk Heavy Forwarder.

It is over internet so SSL must be used.

We are receiving the test event correctly using TCP (without SSL)

But it is not being decrypted with SSL

Reviewing the documentation, we do not undesrtand how to configure the ssl-tcp input, and what certificates should be configured in FortiWeb.

We have seen some solutions centered in SSL between Splunk components, but none of them explain what certificates should be configured on the source.

Does anyone know how to make this work? With FortiWeb or any other third party input

solg · ‎02-07-2025

We succesfully configured FortiWeb SaaS -> Splunk SSL syslog via inputs.conf

[tcp-ssl:6514]
index = <index>
sourcetype = fwbcld_log
disabled = 0

[SSL]
requireClientCert = false

solg · ‎02-07-2025

We succesfully configured FortiWeb SaaS -> Splunk SSL syslog via inputs.conf

[tcp-ssl:6514]
index = <index>
sourcetype = fwbcld_log
disabled = 0

[SSL]
requireClientCert = false

kiran_panchavat · ‎01-03-2025

I believe the link below will assist you with your question.

I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks.

Syslog SSL - FortiWeb Cloud to Splunk Enterprise