How to fix "ERROR TcpInputConfig - SSL context not...

simpkins1958 · ‎01-21-2016

Getting error: "TcpInputConfig - SSL context not found" when inputs.conf in etc/system/local has:

[tcp-ssl://6514]
connection_host = dns
sourcetype = syslog
disabled=0

What must be done to fix this error?

jworthington_sp · ‎01-21-2016

simpkins1958 · ‎01-21-2016

Needed to add the SSL stanza to inputs.conf. Now sending syslog data to splunk over TLS/SSL.

[tcp-ssl://6514]
connection_host = dns
sourcetype = syslog
disabled = 0

[SSL]
rootCA = $SPLUNK_HOME/etc/auth/cacert.pem
serverCert = $SPLUNK_HOME/etc/auth/server.pem
password = $1$B3HE+YB7UQbp

jbuckner85 · ‎10-20-2022

Thanks, this fixed my problem when updating my inputs.conf. I was also missing the SSL stanza.

simpkins1958 · ‎01-21-2016

This blog was helpful in figuring out how to use Splunk certs for syslog over TCP-SSL.

How to fix "ERROR TcpInputConfig - SSL context not found" when using inputs.conf [tcp-ssl://6514]?