Security

How to enable TCP Data Input with SSL?

emily12234
Explorer

Hi

7.1.2 Splunk on Windows, I need to send log through TCP with SSL.
How can I enable TCP SSL?

Thanks
Regards

0 Karma
1 Solution

renjith_nair
Legend

You could use tcp-ssl:port configuration in inputs.conf

[tcp-ssl:<port>]
* Use this stanza type if you are receiving encrypted, unparsed data from a
  forwarder or third-party system.
* Set <port> to the port on which the forwarder/third-party system is sending
  unparsed, encrypted data.
* To create multiple SSL inputs, you can add the following attributes to each 
[tcp-ssl:<port>] input stanza. If you do not configure a certificate in the 
port, the certificate information is pulled from the default [SSL] stanza: 
  * serverCert = <path_to_cert> 
  * sslRootCAPath = <path_to_cert> This attribute should only be added 
    if you have not configured your sslRootPath in server.conf. 
  * sslPassword = <password>
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair
Legend

You could use tcp-ssl:port configuration in inputs.conf

[tcp-ssl:<port>]
* Use this stanza type if you are receiving encrypted, unparsed data from a
  forwarder or third-party system.
* Set <port> to the port on which the forwarder/third-party system is sending
  unparsed, encrypted data.
* To create multiple SSL inputs, you can add the following attributes to each 
[tcp-ssl:<port>] input stanza. If you do not configure a certificate in the 
port, the certificate information is pulled from the default [SSL] stanza: 
  * serverCert = <path_to_cert> 
  * sslRootCAPath = <path_to_cert> This attribute should only be added 
    if you have not configured your sslRootPath in server.conf. 
  * sslPassword = <password>
---
What goes around comes around. If it helps, hit it with Karma 🙂

kevinitc
New Member

Tried this on fresh install : "Could not find config id for port ". Any thoughts ?

0 Karma

Hari
Observer

Same issue is comming in my system. Did you find any solution?

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...