Configure BeyondTrust Remote Support for Integration with Splunk

 

You must purchase this integration separately from both your BeyondTrust software and your Splunk solution. For more information, contact BeyondTrust sales.

In addition to the steps outlined in the BeyondTrust SIEM Tool Plugin Installation and Administration, the Splunk integration also supports consumption of syslog output directly from the Secure Remote Access Appliance.

All of the steps in this section take place in the BeyondTrust /appliance administrative interface.

  1. Access your BeyondTrust interface by going to the hostname of your Secure Remote Access Appliance followed by /appliance (e.g., https://support.example.com/appliance).
  2. Go to /appliance >Security > Appliance Administration and locate the Syslog section.
  3. Enter the hostname or IP address for your remote syslog server.
  4. Select a message format.
  5. Click Submit.