Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
111112113114115116117118119120
Security Management Server v10.2.10 AdminHelp
101
requireClientCert = false
$SPLUNK_HOME\etc\system\local\server.conf
[sslConfig]
sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem
sslPassword = <password>
2. Restart the Splunk server.
After the restart, splunkd.log will have entries similar to the following:
07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input
(SSL)
07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input
(SSL)
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 is reserved for splunk 2
splunk
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5540
with SSL
07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5541
with Non-SSL
07-10-2017 16:27:02.654 -0500 INFO TcpInputProc - Creating fwd data Acceptor for IPv4 port
9997 with Non-SSL
3. Configure the Dell Server to communicate with the Splunk server and export audit events.
Use the keytool command to add the Splunk server's root certificate (cacert.pem) to the Dell
Server operating system Java keystore. The certificate is added to the operating system Java
keystore and not to the Dell Server application Java keystore.
keytool -keystore <keystore_location> -alias <alias-name> -importcert -file
<certificate_file>
Add the Splunk server's root certificate (cacert.pem) to the Java keystore, which in Windows is
usually located at: C:\Program Files\Dell\Java Runtime\jre1.8\lib\security\cacerts
4. Modify the Dell Server database to change the SSL value from false to true:
In the database, navigate to the information table, SIEM-specific support configuration.
Change the "SSL":"false" value to "SSL":"true" for example:
{"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":"./logs/siem/audit-
export.log"},"exportToSyslog":{"enabled":"true","protocol":"TCP","SSL":"true","host":"yourDellSe
rver.yourdomain.com","port":"5540"}}}