Reference Guide
Security Management Server Virtual v10.2.7 AdminHelp
113
Export to Local File allows export of audit events to a file. Enter the location in which to store the file.
This option also provides a backup of the audit events database.
Export to Syslog allows specification of the syslog server to which to export the file. If TCP protocol is
not selected, select it.
4. Click Save Preferences.
Export Audit Events with TLS/SSL over TCP
To use TLS/SSL,the syslog server must be configured to listen for TLS/SSL messages. The root
certificate used for the syslog server configuration must be added to the Dell Server Java keystore.
The following example shows necessary configurations for a Splunk server with default certificates.
Configurations are specific to individual environments. Property values vary when using non-default
certificates.
1. Configure the Splunk server to use the Splunk server certificate and root certificate to listen on
TCP for TLS/SSL messages:
$SPLUNK_HOME\etc\system\local\inputs.conf
[tcp-ssl:<port number>]
disabled = 0
[SSL]
serverCert = $SPLUNK_HOME\etc\auth\server.pem
sslPassword = <password>
requireClientCert = false
$SPLUNK_HOME\etc\system\local\server.conf
[sslConfig]
sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem
sslPassword = <password>
2. Restart the Splunk server.
After the restart, splunkd.log will have entries similar to the following:
07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input
(SSL)
07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input
(SSL)
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 is reserved for splunk 2
splunk
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 will negotiate new-s2s
protocol