CA PAM and Splunk integration


Article ID: 126311


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


PAM Administrator needs to integrate PAM into Splunk and wants to understand the steps.


PAM 3.x


In Splunk:
  1. Log into Splunk with an Admin User
  2. Click on "Settings"
  3. Locate "Data" section
  4. Click on "Forwarding and Receiving"
  5. Locate "Receive Data" section
  6. Click on "Configure Receiving" 
  7. Use your current "listening" port or click on "New Receiving Port"


  1. Login with an Admin User
  2. Click on "Configuration"
  3. Click on "3rd Party"
  4. Click "Splunk"
  5. Cick "Add" 
  6. Add the servername\ip address and the receiving port you had configured in above step 7
  7. Click OK

Additional Information

Alternatively if you are looking to integrate into Splunk via Syslog, please follow this Knowledge Document:

The above KB article is now available with the new URL as below ( How to: Forward PAM's Syslog to Splunk for data analytics)