Deployment Architecture

DB Connect encryption

RicoSuave
Builder

Does the splunk DB connect app encrypt communication between splunk and the Database(s) it's connected to?

Tags (1)
1 Solution

ziegfried
Influencer

Unfortunately there is no definitive answer for this question. DB Connect uses JDBC drivers to connect to databases. Some of those JDBC drivers do support encryption, some don't. Some of them encrypt the connection by default, others don't.

Here's a quick list from the top of my head:

  • Microsoft SQL Server: SSL encryption is requested by default by the JDBC driver - so it depends on the server settings whether the connection is actually encrypted. It can be enforced to encrypt the connection, though.
  • Oracle: The JDBC driver supports multiple connection encryption levels (REJECTED, ACCEPTED, REQUESTED, REQUIRED). Encrypted connection are accepted by default (if enabled on the database server side)
  • MySQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)
  • PostgreSQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)

To summarize: In most cases encryption can be enabled but mostly requires some configuration on both sides (server and client).

If you have questions on how to enable encryption on the Splunk side for specific database types, make sure to ask them here on Answers.

Here's an answer that deals with PostgreSQL and SSL: http://splunk-base.splunk.com/answers/68899/dbx-connection-to-postgressql-error-ssl-off

View solution in original post

ziegfried
Influencer

Unfortunately there is no definitive answer for this question. DB Connect uses JDBC drivers to connect to databases. Some of those JDBC drivers do support encryption, some don't. Some of them encrypt the connection by default, others don't.

Here's a quick list from the top of my head:

  • Microsoft SQL Server: SSL encryption is requested by default by the JDBC driver - so it depends on the server settings whether the connection is actually encrypted. It can be enforced to encrypt the connection, though.
  • Oracle: The JDBC driver supports multiple connection encryption levels (REJECTED, ACCEPTED, REQUESTED, REQUIRED). Encrypted connection are accepted by default (if enabled on the database server side)
  • MySQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)
  • PostgreSQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)

To summarize: In most cases encryption can be enabled but mostly requires some configuration on both sides (server and client).

If you have questions on how to enable encryption on the Splunk side for specific database types, make sure to ask them here on Answers.

Here's an answer that deals with PostgreSQL and SSL: http://splunk-base.splunk.com/answers/68899/dbx-connection-to-postgressql-error-ssl-off

splunkIT
Splunk Employee
Splunk Employee

The connection is via JDBC; so I would assume it depends on the channel between the JDBC driver and the database itself.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...