Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

adding second TCP listener for SSL

mfrost8
Builder
‎01-09-2012 01:02 PM

When we setup Splunk some time ago, I did not setup encryption for data received from light/universal forwarders. Now I want to encrypt data from all of those forwarders. I can't realistically cutover every last forwarder at the same time (and I'd worry about events getting dropped in the process of a cutover).

It appears that you can't have one port do both encrypted and non-encrypted data. I believe I saw in another post that you would need to create another TCP listener port and configure that to use SSL.

I looked around and am not really sure how to create a second port. Is this just adding a new TCP listener in "Data Inputs" and then somehow configuring it with the SSL encryption-only configuration?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

itinney
Path Finder
‎01-09-2012 01:20 PM

Yes you can add another listening port by either:
a) Using the UI by going to Manager->
b) Using the command-line command, ./splunk enable listen 9998 -auth admin:change me
c) editing the inputs.conf file and adding a new stanza like [splunktcp://9998]

See this documentation:
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutforwardingandreceivingdata

Regarding SSL encryption, you need to decide whether you want to use your own certificates or the ones supplied by Splunk. I suggest you read this:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwa...

View solution in original post

Reply
Solved! Jump to solution
Solution

itinney
Path Finder
‎01-09-2012 01:20 PM

Yes you can add another listening port by either:
a) Using the UI by going to Manager->
b) Using the command-line command, ./splunk enable listen 9998 -auth admin:change me
c) editing the inputs.conf file and adding a new stanza like [splunktcp://9998]

See this documentation:
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutforwardingandreceivingdata

Regarding SSL encryption, you need to decide whether you want to use your own certificates or the ones supplied by Splunk. I suggest you read this:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwa...

Reply
Solved! Jump to solution

itinney
Path Finder
‎01-09-2012 01:26 PM

no nothing different, it's simply that the examples use the standard port. You can have many TCP listening ports with or without SSL encryption configured.

0 Karma
Reply
Solved! Jump to solution

mfrost8
Builder
‎01-09-2012 01:24 PM

Thanks, itinney. I had read the SSL document you referred to (and the wiki and a few other things), but all those docs seemed to assume configuration against the standard listener port. It was clear to me if there was anything special about creating this second port.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...