Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›February 28, 2023
Securing your internal systems with TLS can be a daunting task, even for experienced administrators. However, with the right tools and guidance, the process can be made more manageable. In this blog, we’ll show you how to enable TLS for your internal systems on your Cribl Leader Node. We’ll walk you through the steps, and provide a video tutorial embedded below to help you follow along.
Cribl.Cloud users can basically skip this. TLS on your Leader is handled by our team of experts.
First, let’s clarify which connections we are going to TLS-enable. There are many potential connections in your Cribl deployment. The first 3 pertain to connections to the Leader, which we will be covering in this doc.
The following connections concern Workers receiving and sending data, and won’t be covered here. More information is available in Cribl docs.
The process of getting a valid cert is outside the scope of this doc. Every Certificate Authority (CA) has its own process. You can also run a self-signed cert. Using OpenSSL to generate a self-signed cert is easy, and fine for testing, but a legitimate cert signed by your organization’s CA is considered best practice for production use.
Cribl’s Leader node listens by default on TCP 9000 for both the GUI you interact with as an admin, as well as the API used for scripting, automation, etc. We’ll start by adding TLS to this interface.
Mind the context! In Global Settings, you’ll find configurations relevant to the Leader as a system. This is the context we want to work with for this stage. Connections to Worker nodes will not be impacted. Their TLS settings are found in the Worker Group settings context.
The Global Settings area, since 4.0, is found in the top nav bar in Settings, or under the dropdown menu in the upper right corner:
Once there, go to System -> General Settings -> API Server Settings -> TLS and slide the Enabled switch to on:
After you slide the Enabled switch you’ll see new options in the screen. The first dropdown is to select which certificate to use. Chances are this is empty, unless you’ve cheated and worked ahead. If it is empty, click the Create button. On the resulting screen, you can drag-n-drop your certificate, key, and CA certificate files into place; hit the upload button; or you can copy-paste the ASCII versions of them into the boxes. Give your new certificate config a name, enter a private key password if required for your key file, and click Save.
This process creates a certificate object you can refer to in other places in the global config if needed. Worker Groups’ contexts cannot see this object. Config contexts are an important concept in Cribl.
Now that you’ve created (and/or selected) a cert, you can click Save on the TLS settings page. This action will cause Cribl to restart. It should redirect to the secure version automatically. If not, no worries, just change your URL to include https instead of http.
You can now communicate with your Leader node securely. Give yourself a pat on the back. You’re halfway there.
Note there are no changes to be made on the browser side in most situations. The client (browser) is using the certificate provided by the server side. This concept will come up again with the control channel.
Worker and Edge nodes communicate with the Leader over TCP 4200 to get their config instructions. By default, this channel is also unencrypted. Using the same basic process as above, we can enable TLS for the interface listening on TCP 4200. Navigate to System -> Distributed Settings -> TLS and slide the Enable Server TLS switch to Yes. The screen is nearly identical to the one we worked on a moment ago.
As noted in that section, you can re-use the same cert object. Best practice would probably dictate you do not. Instead, create a new cert just for this purpose. Take your pick.
Hint: Do the right thing. Use a different cert for different use cases!
They will drop from the Leader once you hit save! That’s because their configs were set-up before you enabled TLS. You’ll need to change them to connect using TLS. This can be done a few different ways, depending on how you initialized the nodes
Use the Bootstrap new link in Manage -> Workers -> Add/Update Worker to bring up the new node:
We’ve demonstrated that enabling TLS doesn’t have to be a trial. The process for enabling secure communications to the Leader for GUI, API, and Worker communications is pretty straightforward: Mind context, load up the cert, key, and CA cert, and restart. Roughly the same steps apply to Worker Groups to enable TLS on Worker Nodes for sources they receive.
Go forth and secure All The Things! Previously, we published a blog for mutual TLS enablement, which is a little more involved that you might want to check out as well.
The fastest way to get started with Cribl Stream, Edge, and Search is to try the Free Cloud Sandboxes.
Tomer Shvueli Sep 5, 2024
Patrick Wade Aug 26, 2024
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?