Does PAM integration with Splunk use UDP or TCP connection?

book

Article ID: 194617

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Some customer security restrictions may require secure connections among their devices.
Is it possible to configure PAM to send the log events to Splunk using an encrypted mode through syslog over TLS or by using native integration with Splunk, or by another way?

Environment

Product: Layer 7 Privileged Access Management.
Version: 3.x

Resolution

There are two potential ways to make PAM interact with Splunk:

  • The native PAM Splunk forwarder (at Configuration / 3rd Party / Splunk) which uses TCP to communicate with Splunk.
  • The PAM Syslog server feature (at Configuration / Logs / Syslog) to forward the data to your Splunk server, which in this case uses UDP.