Reference Guide
Navigate the Dell Server
100
[tcp-ssl:<port number>]
disabled = 0
[SSL]
serverCert = $SPLUNK_HOME\etc\auth\server.pem
sslPassword = <password>
requireClientCert = false
$SPLUNK_HOME\etc\system\local\server.conf
[sslConfig]
sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem
sslPassword = <password>
2. Restart the Splunk server.
After the restart, splunkd.log will have entries similar to the following:
07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input
(SSL)
07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input
(SSL)
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 is reserved for splunk 2
splunk
07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 will negotiate new-s2s
protocol
07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5540
with SSL
07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5541
with Non-SSL
07-10-2017 16:27:02.654 -0500 INFO TcpInputProc - Creating fwd data Acceptor for IPv4 port
9997 with Non-SSL
3. Configure the Dell Server to communicate with the Splunk server and export audit events.
Use the keytool command to add the Splunk server's root certificate (cacert.pem) to the Dell Server
operating system Java keystore. The certificate is added to the operating system Java keystore and
not to the Dell Server application Java keystore.
keytool -keystore <keystore_location> -alias <alias-name> -importcert -file <certificate_file>
For Security Management Server - Add the Splunk server's root certificate (cacert.pem) to the Java
keystore, which in Windows is usually located in this path: C:\Program Files\Dell\Java
Runtime\jre1.8\lib\security\cacerts