0
answers

I have download an eval copy of nxlog EE, and am trying to send Microsoft DNS logs to my Splunk Cloud instance. I've read thru various documentation, but am getting an error "ERROR SSL certificate verification failed: self signed certificate in certificate chain (err: 19)", which is confusing me, because I am sending this to Splunk Cloud over HEC, which should have proper cert chain, so I'm not sure where it's getting a self-signed cert from. Here is what my config file looks like (not the whole thing, just the points of interest):

<Input dns_analytical>
Module im_etw
Provider Microsoft-Windows-DNSServer
</Input>

<Output splunk_out>
Module om_http
URL https://http-inputs-xxx.splunkcloud.com/services/collector
AddHeader Authorization: Splunk <auth key from Splunk HEC>
...
</Output>

<Route splunk>
Path dns_analytical => splunk_out
</Route>

I could use on my local on-prem heavy forwarder but I would really like to send directly to Splunk Cloud over HEC, since it will minimize some moving parts.

AskedDecember 30, 2019 - 2:46pm

Comments (1)

Answers (0)