How do I send data from Java to Splunk using SSL c...

markmaple · ‎04-06-2015

I am trying to send data from a Java program on one machine to Splunk on another machine using SSL. I have it working it using a regular Java socket, but not with an SSL socket.

In the Java code:

TrustManager[] allowAllCerts = new TrustManager[] { new X509TrustManager() {

    @Override
    public void checkClientTrusted(final X509Certificate[] chain, final String authType) {
 }

    @Override
    public void checkServerTrusted(final X509Certificate[] chain, final String authType) {
 }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

} };

String trustStore = "C:/Users/mwmapl/Misc/AWE/truststore.ts";
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", "password");

try {

// Install the all-trusting trust manager
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, allowAllCerts, new java.security.SecureRandom());

} catch(KeyManagementException e) {
e.printStackTrace();
} catch(NoSuchAlgorithmException e) {
e.printStackTrace();
}

SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();

socket = factory.createSocket(hostname, port);

pwsock = new PrintWriter(socket.getOutputStream());

pwsock.println(messageToSend);
pwsock.close();
socket.close();

In the Splunk file (Splunk\etc\system\local\inputs\inputs.conf):

[default]
host = 95D10012928

[tcp-ssl:8100]
disabled = 0

[SSL]
password = $1$S7P49guHmKbl
requireClientCert = false
rootCA = C:/Program Files/Splunk/etc/auth/cacert.pem
serverCert = C:/Program Files/Splunk/etc/auth/server.pem

splunkd.log

During restart of splunk:
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Instance not running as slave. Will disable replication data receiver.
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Instance not running as slave. Will disable replication data receiver.
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Initializing
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Initializing
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - creating tcp pipelineData queue
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - readConfig - clearing maps
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - readConfig - scanning configs
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputConfig - global prop rdnsMaxDutyCycle=10
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop enables2sHeartbeat=true
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop s2skeepaliveTimeout=600
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop inputShutdownTimeout=15
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop stopAcceptorAfterSeconds=300
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop negotiateNewProtocol=1
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop concurrentChannelLimit=300
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop aggregate_metrics=0 suppress_derived_info=0
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - Key file password requires decrypting
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _serverCert=C:\Program Files\Splunk/etc/auth/server.pem
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _rootCA=C:\Program Files\Splunk/etc/auth/cacert.pem
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _cipherSuite=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _ecdhCurveName=
04-06-2015 15:40:01.597 -0400 INFO TcpInputConfig - SSL supported versions=SSL3,TLS1.0,TLS1.1,TLS1.2
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _dhfile=
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _requireClientCert=0
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _quietShutdown=0
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 is reserved for raw input
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 will negotiate new-s2s protocol
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8102 is reserved for raw input
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8102 will negotiate new-s2s protocol
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 is reserved for raw input (SSL)
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 will negotiate new-s2s protocol
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - createAcceptor - creating acceptor for IPv4 port 8100
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - Initing raw Acceptor for IPv4 port 8100 with SSL
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - createAcceptor - creating acceptor for IPv4 port 8102
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - Initing raw Acceptor for IPv4 port 8102 with Non-SSL
04-06-2015 15:40:01.611 -0400 INFO TcpInputProc - Registering metrics callback for: tcpin_connections
04-06-2015 15:40:01.611 -0400 INFO PipelineComponent - Pipeline structuredparsing disabled in default-mode.conf file

Any help would be greatly appreciated.

somesoni2 · ‎04-06-2015

See if this helps you.. http://answers.splunk.com/answers/121089/splunk-net-sdk-steps-for-connecting-to-splunk-instance-usin...

How do I send data from Java to Splunk using SSL connection?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Are you a member of the Splunk Community?

How do I send data from Java to Splunk using SSL connection?

Enhance Your Splunk App Development: New Tools & Support

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code