I am planning to configure a Log4j2 Socket Appender with a TCP-SSL Appender.
Here is the configuration I see in Log4j2 website.
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="warn" name="MyApp" packages="">
<Appenders>
<Socket name="socket" host="localhost" port="9500">
<JsonLayout properties="true"/>
<SSL>
<KeyStore location="log4j2-keystore.jks" password="guessme!"/>
<TrustStore location="truststore.jks" password="guessme!"/>
</SSL>
</Socket>
</Appenders>
<Loggers>
<Root level="error">
<AppenderRef ref="socket"/>
</Root>
</Loggers>
</Configuration>
In this config, what do the Keystore and TrustStore files contain? I don't have these files.
I want to send my logs to Splunk TCP port.
Do I need to create truststore.jks with SSL certs from my Splunk server so that my server trusts Splunk?
What is log4j2-keystore.jks, and where can I download it? Do I need a KeyStore file? What should go in it? Does Splunk need a corresponding public key or trusted certs?
Thanks,
Sanjay
... View more