Security

Reply
Contributor I

ClearPass integration with Splunk

Hello community,

 

I'm planning to send ClearPass syslog to Splunk for long-term storage and analysis. I've read the tech note "ClearPass integration with Splunk v1", but my setup is going to be a bit different than what was documented. I'm not sending the syslog directly to Splunk over UDP 514, but via a syslog proxy instead, which will then forward the log to Splunk through port 9997.

 

Can this deployment work? And how should I configure Splunk in this case? Since the proxy will send log to Splunk via a different port (not UDP 514), I'm not sure whether it works if I still configure Splunk to listen on UDP 514 per instructions from the tech note.

 

Thank you,

Guru Elite

Re: ClearPass integration with Splunk

Not something we've tested, but you can try changing the ports on in the Splunk app and ClearPass syslog server definition.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: