Configure the syslog data connection over SSL for Linux Splunk Skip Navigation

Configure the syslog data connection over SSL for
Linux
Splunk

  1. In the
    Cylance
    console, click
    Settings
    >
    Application
    and select the TLS/SSL box.
  2. From the
    Splunk
    server command line, using the script below, generate certificates.
    mkdir /opt/splunk/etc/certs export OPENSSL_CONF=/opt/splunk/openssl/openssl.cnf /opt/splunk/bin/genRootCA.sh -d /opt/splunk/etc/certs /opt/splunk/bin/genSignedServerCert.sh -d /opt/splunk/etc/certs -n splunk -c splunk -p
  3. In the $SPLUNK_HOME/etc/apps/cylance_protect/local/inputs.conf file, modify the two sections below using the following attributes:
    [tcp-ssl://6514] disabled = false sourcetype = syslog_protect index = cylance_protect source =
    <YourTenantNameHere>
    [SSL] serverCert = /opt/splunk/etc/certs/splunk.pem sslPassword =
    <The password that was used in the genSignedServerCert command above>
    requireClientCert = false
  4. Using the script below, restart
    Splunk
    and verify the open port.
    $SPLUNK_HOME/bin/splunk restart splunkd netstat -an | grep :6514
If you want the
CylancePROTECT
Application for
Splunk
to receive threat data reports, see Configure threat data reporting.