Layer7 Privileged Access Management

Expand all | Collapse all

CA PAM SC 14 logs to splunk?

Jump to Best Answer
  • 1.  CA PAM SC 14 logs to splunk?

    Posted 10-19-2017 01:33 PM

    Hi, Does CA PAM SC provide ability to send logs directly to splunk?

     

    I see it can send logs to syslog.



  • 2.  Re: CA PAM SC 14 logs to splunk?

    Posted 10-19-2017 01:44 PM

    Hope this helps - as found here, the splunk forwarder is pre-installed such that Splunk end-points can be configured as resources to CA PAM
    Splunk Server Configuration for Logging - CA Privileged Access Manager - 2.8.3 - CA Technologies Documentation 

    You may also want to reference the newest 3.0.1 document, which is consistent to the above.
    Splunk Server Configuration for Logging - CA Privileged Access Manager - 3.0.1 - CA Technologies Documentation 

     

    Take care,

    Kirk (Leslie Kuykendall)



  • 3.  Re: CA PAM SC 14 logs to splunk?

    Posted 10-19-2017 01:47 PM

    I am talking here CA PAM Server Control



  • 4.  Re: CA PAM SC 14 logs to splunk?

    Posted 10-19-2017 01:51 PM

    Yeah - I picked up on that - after my post.  

    I'll also look for any info for applying a splunk forwarder for SC



  • 5.  Re: CA PAM SC 14 logs to splunk?

    Posted 10-19-2017 02:09 PM

    I reached out to a colleague, he shared that SC does not have the needed Splunk forwarder, which I find surprising.  With that being said, I'll be sure to keep an eye on this thread to see if anyone can provide a resolution.
    Kirk



  • 6.  Re: CA PAM SC 14 logs to splunk?

    Posted 10-19-2017 02:14 PM

    I see it allows logs to go to syslog. From where it can go to splunk, although not a direct way as of now



  • 7.  Re: CA PAM SC 14 logs to splunk?

    Posted 10-23-2017 02:31 AM

    This is not provided as such, as you can see from the previous answers. However, splunk listens on syslog, in general in port 514, so this is feasible. You should simply make sure the splunk server listens on that port, or whatever port you use for sending to syslog in PAM SC and that would make it.



  • 8.  Re: CA PAM SC 14 logs to splunk?

    Posted 11-03-2017 04:03 PM

    This question was posted under the Privileged Access Manager category, rather than the Privileged Access Manager Server Control category.  I am not sure if it can be moved over to the correct category.  It seems that Leslie got the answer from a PAM SC person, so I will mark this question as answered.  Since it appears that a Splunk forwarder is not a feature of PAM SC you should open an Enhancement Request for PAM SC, requesting that this be added.  This is a feature of PAM, with which you can send data to Splunk using our built in forwarder or by sending syslog to port 514 on the Splunk server.



  • 9.  Re: CA PAM SC 14 logs to splunk?
    Best Answer

    Posted 01-03-2018 02:47 PM

    Hello, 

     

    We have posted a patch to allow PAMSC to forward events to a 3rd party SIEM solution. 

    Solutions and Patches - CA Privileged Access Manager Server Control - 14.0 - CA Technologies Documentation 

     

    Thanks, 

     

    Aaron Armagost