Hi Guys,
How would we know if password are sending into clear text format or not. Is there any query or way which can we see by the Splunk.
Can I get some guide or light on this?
Hi Steave4app, passwords are stored and sent encrypted. In addition, if you want, it's possible to use SSL to encrypt logs transfer from forwarders to Indexers. Management communications (port 8089) use always SSL.
See: http://docs.splunk.com/Documentation/Splunk/latest/Security/WhatyoucansecurewithSplunk
Bye. Giuseppe
How about user passwords? Any windows or linux or ssh password are sending in clear text format.. Is there any way to confirm this in the Splunk?
If password are logged in clear text, they remain in clear text, but it's possible to mask them in Input Phase or also in search Phase (but it's less secure). See https://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Anonymizedata
