Getting error: "TcpInputConfig - SSL context not found" when inputs.conf in etc/system/local has:
[tcp-ssl://6514]
connection_host = dns
sourcetype = syslog
disabled=0
What must be done to fix this error?
You might also check out the official docs here: http://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwith...
Needed to add the SSL stanza to inputs.conf. Now sending syslog data to splunk over TLS/SSL.
[tcp-ssl://6514]
connection_host = dns
sourcetype = syslog
disabled = 0
[SSL]
rootCA = $SPLUNK_HOME/etc/auth/cacert.pem
serverCert = $SPLUNK_HOME/etc/auth/server.pem
password = $1$B3HE+YB7UQbp
Thanks, this fixed my problem when updating my inputs.conf. I was also missing the SSL stanza.
This blog was helpful in figuring out how to use Splunk certs for syslog over TCP-SSL.
https://wiki.splunk.com/Community:Splunk2Splunk_SSL_DefaultCerts