Prerequisites for the BeyondTrust Privileged Remote Access Integration with Splunk

 

You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Privileged Identity solutions. For more information, contact BeyondTrust sales.

Applicable Versions

  • BeyondTrust Privileged Remote Access: 15.x and newer
  • Splunk on-premise: 6.3.0 and newer

Network Considerations

The following network communication channels must be open for the integration to work properly:

Outbound From Inbound To TCP Port # Purpose
BeyondTrust Middleware Engine Server Splunk Server 1514 Session event data is pushed as specially formatted syslog messages into Splunk
BeyondTrust Appliance Splunk Server 514 Syslog event information from the appliance

Prerequisite Installation and Configuration

The Splunk integration is a BeyondTrust Middleware Engine plugin. To install the BeyondTrust Middleware Engine, follow the instructions in the BeyondTrust Middleware Engine Configuration document.