Security

How to configure a Log4j2 Socket Appender with a TCP-SSL Appender?

apigeek
New Member

I am planning to configure a Log4j2 Socket Appender with a TCP-SSL Appender.

Here is the configuration I see in Log4j2 website.

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="warn" name="MyApp" packages="">
  <Appenders>
    <Socket name="socket" host="localhost" port="9500">
      <JsonLayout properties="true"/>
      <SSL>
        <KeyStore location="log4j2-keystore.jks" password="guessme!"/>
        <TrustStore location="truststore.jks" password="guessme!"/>
      </SSL>
    </Socket>
  </Appenders>
  <Loggers>
    <Root level="error">
      <AppenderRef ref="socket"/>
    </Root>
  </Loggers>
</Configuration>

In this config, what do the Keystore and TrustStore files contain? I don't have these files.

I want to send my logs to Splunk TCP port.

Do I need to create truststore.jks with SSL certs from my Splunk server so that my server trusts Splunk?

What is log4j2-keystore.jks, and where can I download it? Do I need a KeyStore file? What should go in it? Does Splunk need a corresponding public key or trusted certs?

Thanks,
Sanjay

Tags (4)
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...