Frequent Contributor II

ClearPass integration with Splunk

Hello community,


I'm planning to send ClearPass syslog to Splunk for long-term storage and analysis. I've read the tech note "ClearPass integration with Splunk v1", but my setup is going to be a bit different than what was documented. I'm not sending the syslog directly to Splunk over UDP 514, but via a syslog proxy instead, which will then forward the log to Splunk through port 9997.


Can this deployment work? And how should I configure Splunk in this case? Since the proxy will send log to Splunk via a different port (not UDP 514), I'm not sure whether it works if I still configure Splunk to listen on UDP 514 per instructions from the tech note.


Thank you,

Guru Elite

Re: ClearPass integration with Splunk

Not something we've tested, but you can try changing the ports on in the Splunk app and ClearPass syslog server definition.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: