Getting Data In

TLS/SSL Syslog Splunk Support


I'm always nervous about sending plain text syslogs around the place, and rsyslog has some fantastic options (SSL and TLS).

Does splunk support reading these connectors, or would I have to setup a client / forwarder setup on the local box to do this?

I am not talking about a secured tunnel here.


Re: TLS/SSL Syslog Splunk Support


Splunk does support a TCP w/ SSL input. See . I have no experience to say how well this works with an rsyslog SSL sender.

It does, not, however, support syslog via UDP and DTLS. But, I don't think rsyslog can do this either (I may be wrong there).

Best practice (and my personal preference) is to still install a forwarder. It can definitely do SSL to Splunk, and can also support scripted inputs and other non-syslog data coming from those machines.