Security

How to enable TCP Data Input with SSL?

emily12234
Explorer

Hi

7.1.2 Splunk on Windows, I need to send log through TCP with SSL.
How can I enable TCP SSL?

Thanks
Regards

0 Karma
1 Solution

renjith_nair
Legend

You could use tcp-ssl:port configuration in inputs.conf

[tcp-ssl:<port>]
* Use this stanza type if you are receiving encrypted, unparsed data from a
  forwarder or third-party system.
* Set <port> to the port on which the forwarder/third-party system is sending
  unparsed, encrypted data.
* To create multiple SSL inputs, you can add the following attributes to each 
[tcp-ssl:<port>] input stanza. If you do not configure a certificate in the 
port, the certificate information is pulled from the default [SSL] stanza: 
  * serverCert = <path_to_cert> 
  * sslRootCAPath = <path_to_cert> This attribute should only be added 
    if you have not configured your sslRootPath in server.conf. 
  * sslPassword = <password>
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair
Legend

You could use tcp-ssl:port configuration in inputs.conf

[tcp-ssl:<port>]
* Use this stanza type if you are receiving encrypted, unparsed data from a
  forwarder or third-party system.
* Set <port> to the port on which the forwarder/third-party system is sending
  unparsed, encrypted data.
* To create multiple SSL inputs, you can add the following attributes to each 
[tcp-ssl:<port>] input stanza. If you do not configure a certificate in the 
port, the certificate information is pulled from the default [SSL] stanza: 
  * serverCert = <path_to_cert> 
  * sslRootCAPath = <path_to_cert> This attribute should only be added 
    if you have not configured your sslRootPath in server.conf. 
  * sslPassword = <password>
---
What goes around comes around. If it helps, hit it with Karma 🙂

kevinitc
New Member

Tried this on fresh install : "Could not find config id for port ". Any thoughts ?

0 Karma

Hari
Observer

Same issue is comming in my system. Did you find any solution?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...

Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents

Tech Talk Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents   Correlating ...

Observability Simplified: Combining User Experience, Application Performance & ...

  Tech Talk Network to App: Observability Unlocked   Today’s digital environments span applications, ...