Getting Data In

How to add new SSL input to heavy forwarder?

graju89
Path Finder

Hi all,

I am trying to add PAN traps logs into splunk. It is syslog and traps sends the log on SSL. I got the SSL certs. I need some help is setting up SSL connection from forwarder to traps cloud.

Anyone can help?

Thanks.

0 Karma

yannK
Splunk Employee
Splunk Employee

The docs recommend to use an intermediary software to receive the snmp traps (with ssl or not), then write them to a file on disk.
The use splunk to monitor the file and index it.
https://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

The other input (Tcp with ssl) is for syslog, but I am not sure if this is appropriate for SNMP traps data.
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

0 Karma

graju89
Path Finder

Hi YannK,

Thanks for your reply. It is not SNMP traps. It is PAN traps log. The second link you mentioned, is not opening.

0 Karma

yannK
Splunk Employee
Splunk Employee

Sorry. I fixed the link
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

So you are sending logs over classic syslog channels.
You can use the splunk UDP/TCP inputs described on the link
or you can use a syslog server to write the logs to disk, and have splunk monitor the files.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!