Getting Data In

Syslog + SSL connection logs?

PabloJulian
New Member

Hello All,
I am trying to configure McAfee ePO to send syslogs to Splunk; ePO requires the use of SSL. I've tried to configure an SSL input on port 6514 for TCP - syslog, and followed all the steps found in the web / manuals / etc. but I can't seem to be able to get this to work.

Here's my question: Where can I find logs that show the detail of the SSL negotiation with the remote host, and what is failing?

Thanks all,

Pablo

0 Karma

bcyates
Communicator

Sending syslog directly to Splunk is against best practice. You should send it to a syslog server like Rsyslog or Syslog-ng. Regardless, you would have to install certificates on the receiving host, otherwise handshake will fail.

Check out the answer here: https://answers.splunk.com/answers/658055/setup-secure-encrypted-syslog.html

But the splunkd.log would have any errors. /opt/splunk/var/log/splunk |grep -i error

0 Karma
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...