Configure the syslog data connection over SSL for Linux Splunk
Linux
Splunk
- In theCylanceconsole, clickSettings>Applicationand select the TLS/SSL box.
- From theSplunkserver command line, using the script below, generate certificates.mkdir /opt/splunk/etc/certs export OPENSSL_CONF=/opt/splunk/openssl/openssl.cnf /opt/splunk/bin/genRootCA.sh -d /opt/splunk/etc/certs /opt/splunk/bin/genSignedServerCert.sh -d /opt/splunk/etc/certs -n splunk -c splunk -p
- In the $SPLUNK_HOME/etc/apps/cylance_protect/local/inputs.conf file, modify the two sections below using the following attributes:[tcp-ssl://6514] disabled = false sourcetype = syslog_protect index = cylance_protect source =<YourTenantNameHere>[SSL] serverCert = /opt/splunk/etc/certs/splunk.pem sslPassword =<The password that was used in the genSignedServerCert command above>requireClientCert = false
- Using the script below, restartSplunkand verify the open port.$SPLUNK_HOME/bin/splunk restart splunkd netstat -an | grep :6514
If you want the
CylancePROTECT
Application for Splunk
to receive threat data reports, see Configure threat data reporting.