Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Security
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Re: How to enable TCP Data Input with SSL?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emily12234
Explorer
08-31-2018
01:08 AM
Hi
7.1.2 Splunk on Windows, I need to send log through TCP with SSL.
How can I enable TCP SSL?
Thanks
Regards
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
08-31-2018
07:06 AM
You could use tcp-ssl:port configuration in inputs.conf
[tcp-ssl:<port>]
* Use this stanza type if you are receiving encrypted, unparsed data from a
forwarder or third-party system.
* Set <port> to the port on which the forwarder/third-party system is sending
unparsed, encrypted data.
* To create multiple SSL inputs, you can add the following attributes to each
[tcp-ssl:<port>] input stanza. If you do not configure a certificate in the
port, the certificate information is pulled from the default [SSL] stanza:
* serverCert = <path_to_cert>
* sslRootCAPath = <path_to_cert> This attribute should only be added
if you have not configured your sslRootPath in server.conf.
* sslPassword = <password>
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
08-31-2018
07:06 AM
You could use tcp-ssl:port configuration in inputs.conf
[tcp-ssl:<port>]
* Use this stanza type if you are receiving encrypted, unparsed data from a
forwarder or third-party system.
* Set <port> to the port on which the forwarder/third-party system is sending
unparsed, encrypted data.
* To create multiple SSL inputs, you can add the following attributes to each
[tcp-ssl:<port>] input stanza. If you do not configure a certificate in the
port, the certificate information is pulled from the default [SSL] stanza:
* serverCert = <path_to_cert>
* sslRootCAPath = <path_to_cert> This attribute should only be added
if you have not configured your sslRootPath in server.conf.
* sslPassword = <password>
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kevinitc
New Member
03-05-2019
03:46 AM
Tried this on fresh install : "Could not find config id for port ". Any thoughts ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hari
Observer
09-01-2020
06:07 AM
Same issue is comming in my system. Did you find any solution?
Get Updates on the Splunk Community!
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...
They're back! Join the SplunkTrust and MVP at .conf24
With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...
Enterprise Security Content Update (ESCU) | New Releases
Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...
