CA PAM and Splunk integration

book

Article ID: 126311

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Administrator needs to integrate PAM into Splunk and wants to understand the steps.

Environment

PAM 3.x

Resolution

In Splunk:
  1. Log into Splunk with an Admin User
  2. Click on "Settings"
  3. Locate "Data" section
  4. Click on "Forwarding and Receiving"
  5. Locate "Receive Data" section
  6. Click on "Configure Receiving" 
  7. Use your current "listening" port or click on "New Receiving Port"

In PAM:

  1. Login with an Admin User
  2. Click on "Configuration"
  3. Click on "3rd Party"
  4. Click "Splunk"
  5. Cick "Add" 
  6. Add the servername\ip address and the receiving port you had configured in above step 7
  7. Click OK

Additional Information

Alternatively if you are looking to integrate into Splunk via Syslog, please follow this Knowledge Document:
https://comm.support.ca.com/kb/how-to-forward-pams-syslog-to-splunk-for-data-analytics/kb000097550

The above KB article is now available with the new URL as below ( How to: Forward PAM's Syslog to Splunk for data analytics)

https://knowledge.broadcom.com/external/article?articleId=97550