Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

inputs.conf and outputs.conf for SSL encryption

chintan_shah
Path Finder
‎10-23-2017 03:29 PM

Hi,
Can someone share with me the recent inputs & outputs conf file for SSL encryption? I am having some trouble for securing the connection between forwarder and indexer.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎10-24-2017 12:33 AM

Hi chintan_shah,
this is an example that I used:
outputs.conf on Forwarders

[tcpout]
defaultGroup = default-autolb-group

[tcpout-server://xx.xxx.xxx.xxx:9997]
[tcpout-server://yy.yyy.yyy.yyy:9997]

[tcpout:default-autolb-group]
server = xx.xxx.xxx.xxx:9997, yy.yyy.yyy.yyy:9997
disabled=false
sslCertPath = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
sslVerifyServerCert = false
useACK=true
disabled = false

inputs.conf on Indexers

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/server.pem
password = password
requireClientCert = false

This is a default configuration that you can modify following https://docs.splunk.com/Documentation/Splunk/7.0.0/Security/AboutsecuringyourSplunkconfigurationwith... .
Obvioulsy change password!

Bye.
Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎10-24-2017 12:33 AM

Hi chintan_shah,
this is an example that I used:
outputs.conf on Forwarders

[tcpout]
defaultGroup = default-autolb-group

[tcpout-server://xx.xxx.xxx.xxx:9997]
[tcpout-server://yy.yyy.yyy.yyy:9997]

[tcpout:default-autolb-group]
server = xx.xxx.xxx.xxx:9997, yy.yyy.yyy.yyy:9997
disabled=false
sslCertPath = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
sslVerifyServerCert = false
useACK=true
disabled = false

inputs.conf on Indexers

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/server.pem
password = password
requireClientCert = false

This is a default configuration that you can modify following https://docs.splunk.com/Documentation/Splunk/7.0.0/Security/AboutsecuringyourSplunkconfigurationwith... .
Obvioulsy change password!

Bye.
Giuseppe

Reply
Solved! Jump to solution

kunalmao
Communicator
‎10-23-2017 08:40 PM

https://answers.splunk.com/answers/397/how-to-configure-ssl-for-forwarding-and-receiving-data.html

just look at this answer, hope it helps.

Please let me know if this solution does not fit you.

0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...