How to add new SSL input to heavy forwarder?

graju89 · ‎03-14-2019

Hi all,

I am trying to add PAN traps logs into splunk. It is syslog and traps sends the log on SSL. I got the SSL certs. I need some help is setting up SSL connection from forwarder to traps cloud.

Anyone can help?

Thanks.

yannK · ‎03-14-2019

The docs recommend to use an intermediary software to receive the snmp traps (with ssl or not), then write them to a file on disk.
The use splunk to monitor the file and index it.
https://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

The other input (Tcp with ssl) is for syslog, but I am not sure if this is appropriate for SNMP traps data.
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

graju89 · ‎03-15-2019

Hi YannK,

Thanks for your reply. It is not SNMP traps. It is PAN traps log. The second link you mentioned, is not opening.

yannK · ‎03-15-2019

Sorry. I fixed the link
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

So you are sending logs over classic syslog channels.
You can use the splunk UDP/TCP inputs described on the link
or you can use a syslog server to write the logs to disk, and have splunk monitor the files.

How to add new SSL input to heavy forwarder?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

How to add new SSL input to heavy forwarder?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I