Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

adding second TCP listener for SSL

mfrost8
Builder
‎01-09-2012 01:02 PM

When we setup Splunk some time ago, I did not setup encryption for data received from light/universal forwarders. Now I want to encrypt data from all of those forwarders. I can't realistically cutover every last forwarder at the same time (and I'd worry about events getting dropped in the process of a cutover).

It appears that you can't have one port do both encrypted and non-encrypted data. I believe I saw in another post that you would need to create another TCP listener port and configure that to use SSL.

I looked around and am not really sure how to create a second port. Is this just adding a new TCP listener in "Data Inputs" and then somehow configuring it with the SSL encryption-only configuration?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

itinney
Path Finder
‎01-09-2012 01:20 PM

Yes you can add another listening port by either:
a) Using the UI by going to Manager->
b) Using the command-line command, ./splunk enable listen 9998 -auth admin:change me
c) editing the inputs.conf file and adding a new stanza like [splunktcp://9998]

See this documentation:
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutforwardingandreceivingdata

Regarding SSL encryption, you need to decide whether you want to use your own certificates or the ones supplied by Splunk. I suggest you read this:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwa...

View solution in original post

Reply
Solved! Jump to solution
Solution

itinney
Path Finder
‎01-09-2012 01:20 PM

Yes you can add another listening port by either:
a) Using the UI by going to Manager->
b) Using the command-line command, ./splunk enable listen 9998 -auth admin:change me
c) editing the inputs.conf file and adding a new stanza like [splunktcp://9998]

See this documentation:
http://docs.splunk.com/Documentation/Splunk/latest/Deploy/Aboutforwardingandreceivingdata

Regarding SSL encryption, you need to decide whether you want to use your own certificates or the ones supplied by Splunk. I suggest you read this:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/UseSSLtoencryptandauthenticatedatafromforwa...

Reply
Solved! Jump to solution

itinney
Path Finder
‎01-09-2012 01:26 PM

no nothing different, it's simply that the examples use the standard port. You can have many TCP listening ports with or without SSL encryption configured.

0 Karma
Reply
Solved! Jump to solution

mfrost8
Builder
‎01-09-2012 01:24 PM

Thanks, itinney. I had read the SSL document you referred to (and the wiki and a few other things), but all those docs seemed to assume configuration against the standard listener port. It was clear to me if there was anything special about creating this second port.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...