- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- How do I send data from Java to Splunk using SSL c...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I send data from Java to Splunk using SSL connection?
I am trying to send data from a Java program on one machine to Splunk on another machine using SSL. I have it working it using a regular Java socket, but not with an SSL socket.
In the Java code:
TrustManager[] allowAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(final X509Certificate[] chain, final String authType) {
}
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} };
String trustStore = "C:/Users/mwmapl/Misc/AWE/truststore.ts";
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", "password");
try {
// Install the all-trusting trust manager
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, allowAllCerts, new java.security.SecureRandom());
} catch(KeyManagementException e) {
e.printStackTrace();
} catch(NoSuchAlgorithmException e) {
e.printStackTrace();
}
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
socket = factory.createSocket(hostname, port);
pwsock = new PrintWriter(socket.getOutputStream());
pwsock.println(messageToSend);
pwsock.close();
socket.close();
In the Splunk file (Splunk\etc\system\local\inputs\inputs.conf):
[default]
host = 95D10012928
[tcp-ssl:8100]
disabled = 0
[SSL]
password = $1$S7P49guHmKbl
requireClientCert = false
rootCA = C:/Program Files/Splunk/etc/auth/cacert.pem
serverCert = C:/Program Files/Splunk/etc/auth/server.pem
splunkd.log
During restart of splunk:
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Instance not running as slave. Will disable replication data receiver.
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Instance not running as slave. Will disable replication data receiver.
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Initializing
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - Initializing
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - creating tcp pipelineData queue
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - readConfig - clearing maps
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputProc - readConfig - scanning configs
04-06-2015 15:40:01.596 -0400 DEBUG TcpInputConfig - global prop rdnsMaxDutyCycle=10
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop enables2sHeartbeat=true
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop s2skeepaliveTimeout=600
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop inputShutdownTimeout=15
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop stopAcceptorAfterSeconds=300
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop negotiateNewProtocol=1
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop concurrentChannelLimit=300
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - global prop aggregate_metrics=0 suppress_derived_info=0
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - Key file password requires decrypting
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _serverCert=C:\Program Files\Splunk/etc/auth/server.pem
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _rootCA=C:\Program Files\Splunk/etc/auth/cacert.pem
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _cipherSuite=ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _ecdhCurveName=
04-06-2015 15:40:01.597 -0400 INFO TcpInputConfig - SSL supported versions=SSL3,TLS1.0,TLS1.1,TLS1.2
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _dhfile=
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _requireClientCert=0
04-06-2015 15:40:01.597 -0400 DEBUG TcpInputConfig - SSL _quietShutdown=0
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 is reserved for raw input
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 will negotiate new-s2s protocol
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8102 is reserved for raw input
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8102 will negotiate new-s2s protocol
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 is reserved for raw input (SSL)
04-06-2015 15:40:01.610 -0400 INFO TcpInputConfig - IPv4 port 8100 will negotiate new-s2s protocol
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - createAcceptor - creating acceptor for IPv4 port 8100
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - Initing raw Acceptor for IPv4 port 8100 with SSL
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - createAcceptor - creating acceptor for IPv4 port 8102
04-06-2015 15:40:01.611 -0400 DEBUG TcpInputProc - Initing raw Acceptor for IPv4 port 8102 with Non-SSL
04-06-2015 15:40:01.611 -0400 INFO TcpInputProc - Registering metrics callback for: tcpin_connections
04-06-2015 15:40:01.611 -0400 INFO PipelineComponent - Pipeline structuredparsing disabled in default-mode.conf file
Any help would be greatly appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
