Configure BeyondTrust Privileged Remote Access for Integration with Splunk

 

You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Privileged Identity solutions. For more information, contact BeyondTrust sales.

In addition to the steps outlined in the BeyondTrust SIEM Tool Plugin Installation and Administration, the Splunk integration also supports consumption of syslog output directly from the BeyondTrust Appliance.

All of the steps in this section take place in the BeyondTrust /appliance administrative interface.

  1. Access your BeyondTrust interface by going to the hostname of your BeyondTrust Appliance followed by /appliance (e.g., https://access.example.com/appliance).
  2. Go to /appliance >Security > Appliance Administration and locate the Syslog section.
  3. Enter the hostname or IP address for your remote syslog server.
  4. Select a message format.
  5. Click Submit.