PAM integration with Splunk syslog usage with UDP or TCP connection
search cancel

PAM integration with Splunk syslog usage with UDP or TCP connection

book

Article ID: 194617

calendar_today

Updated On: 05-06-2025

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Some customer security restrictions may require secure connections among their devices.
Is it possible to configure PAM to send the log events to Splunk using an encrypted mode through syslog over TLS or by using native integration with Splunk, or by another way ?

Environment

Product: Layer 7 Privileged Access Management.
Version: 4.x

Resolution

There are two potential ways to make PAM interact with Splunk:

  • The native PAM Splunk forwarder (at Configuration / 3rd Party / Splunk) which uses TCP to communicate with Splunk.
  • The PAM Syslog server feature (at Configuration / Logs / Syslog) to forward the data to your Splunk server, which in this case uses UDP.