Getting Data In

How to add new SSL input to heavy forwarder?

graju89
Path Finder

Hi all,

I am trying to add PAN traps logs into splunk. It is syslog and traps sends the log on SSL. I got the SSL certs. I need some help is setting up SSL connection from forwarder to traps cloud.

Anyone can help?

Thanks.

0 Karma

yannK
Splunk Employee
Splunk Employee

The docs recommend to use an intermediary software to receive the snmp traps (with ssl or not), then write them to a file on disk.
The use splunk to monitor the file and index it.
https://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventstoSplunk

The other input (Tcp with ssl) is for syslog, but I am not sure if this is appropriate for SNMP traps data.
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

0 Karma

graju89
Path Finder

Hi YannK,

Thanks for your reply. It is not SNMP traps. It is PAN traps log. The second link you mentioned, is not opening.

0 Karma

yannK
Splunk Employee
Splunk Employee

Sorry. I fixed the link
https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

So you are sending logs over classic syslog channels.
You can use the splunk UDP/TCP inputs described on the link
or you can use a syslog server to write the logs to disk, and have splunk monitor the files.

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...