We have updated our Terms of Service, Code of Conduct, and Addendum.

Which TLS certs are used for syslog in Cribl Cloud?

Tony Reinke - Cribl
Tony Reinke - Cribl Posts: 134 admin
edited March 2023 in Cloud

In a cribl cloud deployment, what certificate do we use for TLS for syslog?

Tagged:

Best Answer

  • Martin Prado
    Martin Prado Posts: 27 mod
    edited September 2023 Answer ✓

    Cribl Cloud TLS Cert docs have moved here. In Cloud, we provide a pre-configured TLS Cert that can be used for any new source. Specify the following settings within the TLS Settings tab.

    https://docs.cribl.io/stream/securing-and-monitoring/#tls-cloud

    TLS in Cribl.Cloud

    TLS encryption is pre-enabled on several Sources in Cribl.Cloud, indicated on the Cribl.Cloud portal's Data Sources tab. All TLS is terminated by individual Nodes.

    To enable TLS settings for additional Sources, use these configuration settings:

    • Private key path: /opt/criblcerts/criblcloud.key
    • CA certificate path/opt/criblcerts/criblcloud.crt
    • Minimum TLS versionTLSv1.2

    Currently, Cribl.Cloud does not enable you to import your own certificates for mutual TLS authentication. Cribl.Cloud uses TLS to provide encryption in the wire, but leaves authentication at the protocol layer – e.g., Splunk HEC or S2S tokens, Kafka authorization, etc.

Answers

  • pie
    pie Posts: 22 ✭✭

    the documentation for Data Sources, Ports and TLS settings is here:
    LogStream Cloud Deployment

  • Martin Prado
    Martin Prado Posts: 27 mod
    edited September 2023 Answer ✓

    Cribl Cloud TLS Cert docs have moved here. In Cloud, we provide a pre-configured TLS Cert that can be used for any new source. Specify the following settings within the TLS Settings tab.

    https://docs.cribl.io/stream/securing-and-monitoring/#tls-cloud

    TLS in Cribl.Cloud

    TLS encryption is pre-enabled on several Sources in Cribl.Cloud, indicated on the Cribl.Cloud portal's Data Sources tab. All TLS is terminated by individual Nodes.

    To enable TLS settings for additional Sources, use these configuration settings:

    • Private key path: /opt/criblcerts/criblcloud.key
    • CA certificate path/opt/criblcerts/criblcloud.crt
    • Minimum TLS versionTLSv1.2

    Currently, Cribl.Cloud does not enable you to import your own certificates for mutual TLS authentication. Cribl.Cloud uses TLS to provide encryption in the wire, but leaves authentication at the protocol layer – e.g., Splunk HEC or S2S tokens, Kafka authorization, etc.