Hi, Does CA PAM SC provide ability to send logs directly to splunk?
I see it can send logs to syslog.
We have posted a patch to allow PAMSC to forward events to a 3rd party SIEM solution.
Solutions and Patches - CA Privileged Access Manager Server Control - 14.0 - CA Technologies Documentation
Hope this helps - as found here, the splunk forwarder is pre-installed such that Splunk end-points can be configured as resources to CA PAMSplunk Server Configuration for Logging - CA Privileged Access Manager - 2.8.3 - CA Technologies Documentation
You may also want to reference the newest 3.0.1 document, which is consistent to the above.Splunk Server Configuration for Logging - CA Privileged Access Manager - 3.0.1 - CA Technologies Documentation
Kirk (Leslie Kuykendall)
I am talking here CA PAM Server Control
Yeah - I picked up on that - after my post.
I'll also look for any info for applying a splunk forwarder for SC
I reached out to a colleague, he shared that SC does not have the needed Splunk forwarder, which I find surprising. With that being said, I'll be sure to keep an eye on this thread to see if anyone can provide a resolution.Kirk
I see it allows logs to go to syslog. From where it can go to splunk, although not a direct way as of now
This is not provided as such, as you can see from the previous answers. However, splunk listens on syslog, in general in port 514, so this is feasible. You should simply make sure the splunk server listens on that port, or whatever port you use for sending to syslog in PAM SC and that would make it.
This question was posted under the Privileged Access Manager category, rather than the Privileged Access Manager Server Control category. I am not sure if it can be moved over to the correct category. It seems that Leslie got the answer from a PAM SC person, so I will mark this question as answered. Since it appears that a Splunk forwarder is not a feature of PAM SC you should open an Enhancement Request for PAM SC, requesting that this be added. This is a feature of PAM, with which you can send data to Splunk using our built in forwarder or by sending syslog to port 514 on the Splunk server.
Retrieving data ...