Prerequisites for the BeyondTrust Remote Support Integration with Splunk

 

You must purchase this integration separately from both your BeyondTrust software and your Splunk solution. For more information, contact BeyondTrust sales.

Applicable Versions

  • BeyondTrust Remote Support: 14.x and newer
  • Splunk on-premise: 6.3.0 and newer

Network Considerations

The following network communication channels must be open for the integration to work properly:

Outbound From Inbound To TCP Port # Purpose
BeyondTrust Middleware Engine Server Splunk Server 1514 Session event data is pushed as specially formatted syslog messages into Splunk
Secure Remote Access Appliance Splunk Server 514 Syslog event information from the appliance

Prerequisite Installation and Configuration

The Splunk integration is a BeyondTrust Middleware Engine plugin. To install the BeyondTrust Middleware Engine, follow the instructions in the BeyondTrust Middleware Engine Configuration document.