Our anti-virus application is located in the "cloud" and is sending syslog data to the indexer over TCP port 6514. The application has the ability to use SSL to encrypt this data. Looking at previous answers, it looks like I should add [tcp-ssl://6514] to \etc\system\local\inputs.conf. After modifing the config and changing the remote end to use SSL, I get gibberish like this -
\x00\x00\x00\x00\x00\x00
index = avprogram source = tcp:6514 sourcetype = syslog
When I remove the SSL requirement from the remote end, the data shows up as correct. It looks to me that I am missing a setting to decrypt the incoming data.
Any suggestions on what I need to do?
↧
How do I set up inputs.conf to allow for a cloud application to send syslog over a SSL connection?
↧