Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

adding second TCP listener for SSL

mfrost8
Builder
‎01-09-2012 01:02 PM

When we setup Splunk some time ago, I did not setup encryption for data received from light/universal forwarders. Now I want to encrypt data from all of those forwarders. I can't realistically cutover every last forwarder at the same time (and I'd worry about events getting dropped in the process of a cutover).

It appears that you can't have one port do both encrypted and non-encrypted data. I believe I saw in another post that you would need to create another TCP listener port and configure that to use SSL.

I looked around and am not really sure how to create a second port. Is this just adding a new TCP listener in "Data Inputs" and then somehow configuring it with the SSL encryption-only configuration?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

itinney
Path Finder
‎01-09-2012 01:20 PM

Yes you can add another listening port by either:
a) Using the UI by going to Manager->
b) Using the command-line command, ./splunk enable listen 9998 -auth admin:change me
c) editing the inputs.conf file and adding a new stanza like [splunktcp://9998]

See this documentation:
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutforwardingandreceivingdata

Regarding SSL encryption, you need to decide whether you want to use your own certificates or the ones supplied by Splunk. I suggest you read this:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwa...

View solution in original post

Reply
Solved! Jump to solution
Solution

itinney
Path Finder
‎01-09-2012 01:20 PM

Yes you can add another listening port by either:
a) Using the UI by going to Manager->
b) Using the command-line command, ./splunk enable listen 9998 -auth admin:change me
c) editing the inputs.conf file and adding a new stanza like [splunktcp://9998]

See this documentation:
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutforwardingandreceivingdata

Regarding SSL encryption, you need to decide whether you want to use your own certificates or the ones supplied by Splunk. I suggest you read this:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwa...

Reply
Solved! Jump to solution

itinney
Path Finder
‎01-09-2012 01:26 PM

no nothing different, it's simply that the examples use the standard port. You can have many TCP listening ports with or without SSL encryption configured.

0 Karma
Reply
Solved! Jump to solution

mfrost8
Builder
‎01-09-2012 01:24 PM

Thanks, itinney. I had read the SSL document you referred to (and the wiki and a few other things), but all those docs seemed to assume configuration against the standard listener port. It was clear to me if there was anything special about creating this second port.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...