Hi.
I am struggling with this since few days. :(
I sure that I don't understand some steps correct so that's the reason.
So I trying to configure sendings logs from my NAS servers (Synology) to my Splunk instance.
Logs are correctly receiving when I not use SSL in my Synology sendings log configuration. But when I enable SSL and import certificate in Synology then the logs are receiving but are hashed.
**I searching for simple instruction how to set up Splunk to receiving Input Data via TCP and self-signed certificate.**
I generated certificates with this instruction
https://docs.splunk.com/Documentation/Splunk/8.0.2/Security/Howtoself-signcertificates
I generated files in /opt/splunk/etc/auth/mycerts
- CACertificate.csr
- CACertificate.pem
- CAPrivate.key
- ServerCertificate.csr
- ServerCertificate.pem
- ServerPrivate.key
After that I configure my Synology to sendings log via TCP port 514 with enabled SSL and imported CACertificate.pem
So I still don't understand how to configure Inputs.conf and server.conf in my Splunk Server to receiving ssl syslog over TCP
I've tried to configure like:
**inputs.conf**
[tcp-ssl:514]
sourcetype = syslog
[SSL]
rootCA = /opt/splunk/etc/auth/mycerts/CACertificate.pem
serverCert = /optsplunk/etc/auth/mycerts/ServerCertificate.pem
What I am doing wrong.
↧