Security

Reply
Frequent Contributor II

ClearPass integration with Splunk

Hello community,

 

I'm planning to send ClearPass syslog to Splunk for long-term storage and analysis. I've read the tech note "ClearPass integration with Splunk v1", but my setup is going to be a bit different than what was documented. I'm not sending the syslog directly to Splunk over UDP 514, but via a syslog proxy instead, which will then forward the log to Splunk through port 9997.

 

Can this deployment work? And how should I configure Splunk in this case? Since the proxy will send log to Splunk via a different port (not UDP 514), I'm not sure whether it works if I still configure Splunk to listen on UDP 514 per instructions from the tech note.

 

Thank you,

Highlighted
Guru Elite

Re: ClearPass integration with Splunk

Not something we've tested, but you can try changing the ports on in the Splunk app and ClearPass syslog server definition.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: