AppScope supports TLS over TCP connections:
To see the TLS-related environment variables, run the command:
ldscope --help configuration | grep TLS
scope.yml config file, the
transport definition includes an optional
tls element. See Config Files.
In Cribl.Cloud, when communicating with LogStream, AppScope uses TLS by default.
Within Cribl.Cloud, a front-end load balancer (reverse proxy) handles the encrypted TLS traffic and relays it to the AppScope Source port in LogStream. The connection from the load balancer to LogStream does not use TLS, and you should not enable TLS on the AppScope Source in LogStream. No changes in LogStream configuration are needed.
AppScope connects to port 10090 of the Cribl.Cloud Ingest Endpoint. Use the tenant hostname you were assigned when you joined Cribl.Cloud.
Use scope with the
scope -c tls://host:10090
To connect AppScope to a LogStream Cloud instance using TLS:
To enable TLS in
scope.yml, adapt the example below to your environment:
cribl: enable: true transport: type: tcp # don't use tls here, use tcp and enable tls below host: in.logstream.example-tenant.cribl.cloud port: 10090 # cribl.cloud's port for the TLS AppScope Source tls: enable: true validateserver: true cacertpath: ''
If you prefer to communicate in without encryption, connect to port 10091 instead of port 10090.
If it is enabled, disable the
tls element in
If connecting to LogStream in Cribl.Cloud, no changes in LogStream configuration are needed.