Security

Setup SSL for HEC (6.5.2)

JosIJntema
Explorer

Hi there,

I have setup my SSL for port 8000. Now I want to setup CORS and SSL for HEC.

I have used Let's Encrypt and have the following files:
cert.pem
fullchain.pem
privkey.pem
chain.pem

In the following folder:

/opt/splunk/etc/auth/analyticsimplementatie

I have the following in my input.conf in directory (/opt/splunk/etc/apps/splunk_httpinput/local)

[http]
disabled = 0
sourcetype = _json
enableSSL = 1

[http://Test]
disabled = 0
index = main
indexes = main
token =

In the documentation I cannot understand what I have to add exactly to the http-stanza.

Thanks so much for the help.

Tags (2)
0 Karma

ilyaresh
Path Finder

That's our set-up

[http]
enableSSL = 1
sslPassword = $1$IA1A1A1A1
privKeyPath = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.key
serverCert = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.pem

0 Karma

ischoenmaker
Explorer

Found your question, had the same. Posted a solution here:
answers.splunk.com/answers/462131/securing-http-event-collector.html

0 Karma

gjanders
SplunkTrust
SplunkTrust

Set up and use HTTP Event Collector

Via the GUI:

  1. To have HEC listen and communicate over HTTPS rather than HTTP, click the Enable SSL checkbox.

Or inputs.conf

[http] enableSSL = [0|1]
* Whether or not to use SSL for the event collector endpoint server.
* HEC shares SSL settings with the Splunk management server and cannot
have 'enableSSL' set to true when
the Splunk management server has SSL
disabled.
* Defaults to 0 (enabled).

It is on by default...

0 Karma
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...