Prerequisites for the BeyondTrust Privileged Remote Access Integration with Splunk

 

You must purchase this integration separately from your BeyondTrust Privileged Remote Access solution. For more information, contact BeyondTrust sales.

Applicable Versions

  • BeyondTrust Privileged Remote Access: 15.x and newer
  • Splunk On-Premises or Cloud: 6.3.0 and newer

Network Considerations

The following network communication channels must be open for the integration to work properly:

Outbound From Inbound To TCP Port # Purpose
BeyondTrust Middleware Engine Server Splunk Server 1514 Session event data is pushed as specially formatted syslog messages into Splunk
BeyondTrust Appliance B Series Splunk Server 514 Syslog event information from the B Series Appliance

Prerequisite Installation and Configuration

The Splunk integration is a BeyondTrust Middleware Engine plugin. To install the BeyondTrust Middleware Engine, follow the instructions in the BeyondTrust Middleware Engine Configuration document.