I'm always nervous about sending plain text syslogs around the place, and rsyslog has some fantastic options (SSL and TLS).
Does splunk support reading these connectors, or would I have to setup a client / forwarder setup on the local box to do this?
I am not talking about a secured tunnel here.
asked 25 May '12, 03:21
Splunk does support a TCP w/ SSL input. See http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf . I have no experience to say how well this works with an rsyslog SSL sender.
It does, not, however, support syslog via UDP and DTLS. But, I don't think rsyslog can do this either (I may be wrong there).
Best practice (and my personal preference) is to still install a forwarder. It can definitely do SSL to Splunk, and can also support scripted inputs and other non-syslog data coming from those machines.
answered 25 May '12, 10:38