I have installed Splunk 6.0 (Free version) on Linux x64 system.
I can collect syslog inputs on UDP port 514. But I tried to add "tcp-ssl", it didn't work.
Here are my contents in /opt/splunk/etc/apps/launcher/local/inputs.conf file:
[udp://514]
connection_host = ip
source = SyslogTest
sourcetype = syslog
[tcp-ssl:10514]
source = SyslogSslTest
sourcetype = syslog
disabled = 0
[SSL]
serverCert = /root/splunk/cert.pem
rootCA = /root/splunk/ca.pem
password = $1$jC3aVtsP5w==
I did "/opt/splunk/bin/splunk btool check --debug", I didn't see anything wrong.
I did "/opt/splunk/bin/splunk start" to run "OK". Even the web interface shown tcp inputs.
But if I did "netstat -a | grep 514", I didn't see any my SSL port 10514 open.
Please advice any tips to run "syslog over ssl/tls" or debug the problem. Thanks!
... View more