Does PAM integration with Splunk use UDP or TCP connection?


Article ID: 194617


Updated On:


CA Privileged Access Manager (PAM)


Some customer security restrictions may require secure connections among their devices.
Is it possible to configure PAM to send the log events to Splunk using an encrypted mode through syslog over TLS or by using native integration with Splunk, or by another way?


Product: Layer 7 Privileged Access Management.
Version: 3.x


There are two potential ways to make PAM interact with Splunk:

  • The native PAM Splunk forwarder (at Configuration / 3rd Party / Splunk) which uses TCP to communicate with Splunk.
  • The PAM Syslog server feature (at Configuration / Logs / Syslog) to forward the data to your Splunk server, which in this case uses UDP.