Users Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

[SSL]

serverCert = $SPLUNK_HOME\etc\auth\server.pem

sslPassword = <password>

requireClientCert = false

$SPLUNK_HOME\etc\system\local\server.conf

[sslConfig]

sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem

sslPassword = <password>

2. Restart the Splunk server.

After the restart, splunkd.log will have entries similar to the following:

07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL)

07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s protocol

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL)

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s protocol

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 is reserved for splunk 2 splunk

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 will negotiate new-s2s protocol

07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5540 with SSL

07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5541 with Non-SSL

07-10-2017 16:27:02.654 -0500 INFO TcpInputProc - Creating fwd data Acceptor for IPv4 port 9997 with Non-SSL

3. Configure the Dell Server to communicate with the Splunk server and export audit events.

Use the keytool command to add the Splunk server's root certificate (cacert.pem) to the Dell Server operating system

Java keystore. The certificate is added to the operating system Java keystore and not to the Dell Server application Java

keystore.

keytool -keystore <keystore_location> -alias <alias-name> -importcert -file

<certificate_file>

For Security Management Server - Add the Splunk server's root certificate (cacert.pem) to the Java keystore, which in

Windows is usually located in this path: C:\Program Files\Dell\Java Runtime\jre1.8\lib\security

\cacerts

For Security Management Server Virtual - Add the Splunk server's root certificate (cacert.pem) to /etc/ssl/certs/

java/cacerts and restart the Dell Server.

4. Modify the Dell Server database to change the SSL value from false to true.

In the database, navigate to the information table, SIEM-specific support configuration.

Change the "SSL":"false" value to "SSL":"true" - for example:

{"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":"./logs/siem/

audit-export.log"},"exportToSyslog":

{"enabled":"true","protocol":"TCP","SSL":"true","host":"yourDellServer.yourdomain.com"

,"port":"5540"}}}

[DDPS-5234]

Resolved Customer Issues

● An issue is resolved that resulted in a license import failure with an error in the Security Server log that the system cannot

find the \AppData\Local\Temp\ folder. [DDPS-4240]

● Installation now proceeds as expected when the Service Runtime Account password that is used during installation contains

"$_" (dollar sign followed by underscore). [DDPS-4923]

● Attempts to re-register a Data Guardian user that is already registered now fail with a messages that the user is already

registered and confirmed. [DDPS-5133]

● An issue related with Microsoft platform validation profile changes that prevented BitLocker Manager from beginning to

encrypt on Windows 10 is now resolved. [DDPS-5243]

Dell Security Management Server Technical Advisories