How to configure a Log4j2 Socket Appender with a T...

apigeek · ‎05-07-2018

I am planning to configure a Log4j2 Socket Appender with a TCP-SSL Appender.

Here is the configuration I see in Log4j2 website.

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="warn" name="MyApp" packages="">
  <Appenders>
    <Socket name="socket" host="localhost" port="9500">
      <JsonLayout properties="true"/>
      <SSL>
        <KeyStore location="log4j2-keystore.jks" password="guessme!"/>
        <TrustStore location="truststore.jks" password="guessme!"/>
      </SSL>
    </Socket>
  </Appenders>
  <Loggers>
    <Root level="error">
      <AppenderRef ref="socket"/>
    </Root>
  </Loggers>
</Configuration>

In this config, what do the Keystore and TrustStore files contain? I don't have these files.

I want to send my logs to Splunk TCP port.

Do I need to create truststore.jks with SSL certs from my Splunk server so that my server trusts Splunk?

What is log4j2-keystore.jks, and where can I download it? Do I need a KeyStore file? What should go in it? Does Splunk need a corresponding public key or trusted certs?

Thanks,
Sanjay

How to configure a Log4j2 Socket Appender with a TCP-SSL Appender?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Are you a member of the Splunk Community?

How to configure a Log4j2 Socket Appender with a TCP-SSL Appender?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management