We have generated default certs in Splunk for forwarder and its working fine with Splunk Universal forwarder. Can you please provide the steps to deploy the these certs in syslog-ng with configuration details.
We have found the setting here,
http://docs.splunk.com/Documentation/Storm/Storm/User/Howtosetupsyslog-ng
added the certs like below config.
destination d_splunk {
tcp("splunkindexer.xyc.com" port(5140) tls(peer-verify(required-untrusted) ca_dir("/opt/syslogng/etc/syslog-ng/ca.d")));
};
We have found the setting here,
http://docs.splunk.com/Documentation/Storm/Storm/User/Howtosetupsyslog-ng
added the certs like below config.
destination d_splunk {
tcp("splunkindexer.xyc.com" port(5140) tls(peer-verify(required-untrusted) ca_dir("/opt/syslogng/etc/syslog-ng/ca.d")));
};