Users Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem

sslPassword = <password>

2. Restart the Splunk server.

After the restart, splunkd.log will have entries similar to the following:

07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL)

07-10-2017 16:27:02.646 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s protocol

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 is reserved for raw input (SSL)

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 5540 will negotiate new-s2s protocol

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 is reserved for splunk 2 splunk

07-10-2017 16:27:02.653 -0500 INFO TcpInputConfig - IPv4 port 9997 will negotiate new-s2s protocol

07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5540 with SSL

07-10-2017 16:27:02.653 -0500 INFO TcpInputProc - Creating raw Acceptor for IPv4 port 5541 with Non-SSL

07-10-2017 16:27:02.654 -0500 INFO TcpInputProc - Creating fwd data Acceptor for IPv4 port 9997 with Non-SSL

3. Configure the Dell Server to communicate with the Splunk server and export audit events.

Use the keytool command to add the Splunk server's root certificate (cacert.pem) to the Dell Server operating system

Java keystore. The certificate is added to the operating system Java keystore and not to the Dell Server application Java

keystore.

keytool -keystore <keystore_location> -alias <alias-name> -importcert -file

<certificate_file>

For Security Management Server - Add the Splunk server's root certificate (cacert.pem) to the Java keystore, which in

Windows is usually located in this path: C:\Program Files\Dell\Java Runtime\jre1.8\lib\security

\cacerts

For Security Management Server Virtual - Add the Splunk server's root certificate (cacert.pem) to /etc/ssl/certs/

java/cacerts and restart the Dell Server.

4. Modify the Dell Server database to change the SSL value from false to true.

In the database, navigate to the information table, SIEM-specific support configuration.

Change the "SSL":"false" value to "SSL":"true" - for example:

{"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":"./logs/siem/

audit-export.log"},"exportToSyslog":

{"enabled":"true","protocol":"TCP","SSL":"true","host":"yourDellServer.yourdomain.com"

,"port":"5540"}}}

[DDPS-5234]

Resolved Customer Issues

● Custom ipWhitelist values are now retained in /opt/dell/server/security-server/conf/webdefault.xml after

upgrade. [DDPS-5075]

● Attempts to re-register a Data Guardian user that is already registered now fail with a messages that the user is already

registered and confirmed. [DDPS-5133]

● An issue related with Microsoft platform validation profile changes that prevented BitLocker Manager from beginning to

encrypt on Windows 10 is now resolved. [DDPS-5243]

● The Device Lease Period can now be reduced to a minimum of 14 days. [DDPS-5281]

● An issue that resulted in an access violation error in module 'GKConsole.exe' is now resolved. [DDPS-5300]

● A page selector and drop-down list now allows the administrator to navigate between pages of Endpoint Groups and select

the number of groups to display per page. [DDPS-5349]

● Policy commit comments that begin with special characters are now logged in Commit History. [DDPS-5353]

● Duplicate entries no longer display in the BitLocker Manager Detail report in Compliance Reporter after upgrade.

[DDPS-5432]

● An issue is resolved with Threat Protection (TP) licenses for Web Protection and Firewall, and they now match consumed

licenses for Advanced Threat Prevention (ATP) with Web Protection and Firewall. [DDPS-5491]

Dell Security Management Server Virtual Technical Advisories