Setup

To enable the integration between Splunk and Secret Server , you must set up an audit server in Secret Server to forward events to Splunk.

Setting Up an Audit Server to Forward Events to Splunk

Use the steps below to set up an external audit server in Secret Server to gather events from your Secret Server On-Premises instance and export them to Splunk Enterprise. The Secret Server instance and the Splunk Enterprise instance must be on the same network.

  1. Log in to Secret Server.

  2. Go to Settings > Configuration.

  3. Under General, select Application and then select Edit.

  4. Go to Enable Syslog/CEF Log Output and select the Syslog/CEF Logging checkbox.

  1. Enter the Splunk server’s IP address in the Syslog/CEF Server box.

  2. Enter the Splunk server’s port in the Syslog/CEF Port box.

  3. From the Syslog/CEF Protocol drop-down list, select TCP.

  4. From the Syslog/CEF Site drop-down list, select Local.

  5. Click Save.