Getting Data In

forwarding question

roshanjan
New Member

Hello,
I want to configure 1 receiver, done! I want to have roughly 10-20 *nix systems sending data using forwarders.
I have some issues, any help is appreciated.

I have a receiver:

hostname is splunk, and it is listening on port 9997 as a receiver
I have a forwarded, let's call it HR.

root@splunk:/opt/splunk# bin/splunk list forward-server
Your session is invalid. Please login.
Splunk username: admin
Password:
Active forwards:
None
Configured but inactive forwards:
hr:8089

root@hr:/opt/splunk# bin/splunk list forward-server
Your session is invalid. Please login.
Splunk username: admin
Password:
Active forwards:
None
Configured but inactive forwards:
splunk:9997
root@hris:/opt/splunk#

I am getting some data in splunk when I search by host="hr", but this host is not automatically added to my Unix app either.

There are also all these errors:
04-16-2012 17:08:19.001 -0400 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
04-16-2012 17:08:19.001 -0400 ERROR TcpInputFd - SSL Error for fd from HOST:10.10.10.10, IP:10.10.10.10, PORT:39728
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error = error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error for fd from HOST:10.10.10.10, IP:10.10.10.10, PORT:39729
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error = error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - ACCEPT_RESULT=-1 VERIFY_RESULT=0
04-16-2012 17:08:19.003 -0400 ERROR TcpInputFd - SSL Error for fd from HOST:10.10.10.10, IP:10.10.10.10, PORT:39730

Tags (1)
0 Karma

tschramm
New Member

Did you ever find an answer to this? I'm getting the same thing for my redhat clients? Windows clients are fine.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...