TLS/SSL Syslog Splunk Support

I'm always nervous about sending plain text syslogs around the place, and rsyslog has some fantastic options (SSL and TLS).

Does splunk support reading these connectors, or would I have to setup a client / forwarder setup on the local box to do this?

I am not talking about a secured tunnel here.

asked 25 May '12, 03:21

pacepace
31●2
accept rate: 0%

One Answer:

oldest newest most voted

Splunk does support a TCP w/ SSL input. See http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf . I have no experience to say how well this works with an rsyslog SSL sender.

It does, not, however, support syslog via UDP and DTLS. But, I don't think rsyslog can do this either (I may be wrong there).

Best practice (and my personal preference) is to still install a forwarder. It can definitely do SSL to Splunk, and can also support scripted inputs and other non-syslog data coming from those machines.

link

answered 25 May '12, 10:38

dwaddle ♦
15.5k●2●9●24
accept rate: 33%

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

syslog ×280
ssl ×106
secure ×5
tls ×5
encrypted ×2

Asked: 25 May '12, 03:21

Seen: 1,030 times

Last updated: 25 May '12, 10:38

TLS/SSL Syslog Splunk Support

Follow this question

Splunk Resources

Related questions