Views:

To configure the Splunk application, follow the steps below:

  1. Login to Apex Central web console, and go to Detections > Notifications > Notification Method Settings.
  2. In the Syslog Settings section, specify the following:
    • Server IP address: Type the IPv4 or IPv6 address of the syslog server.
    • Port: The the port number of the syslog server.
    • Facility: Select the facility code.

    Syslog Settings

  3. Click Save.
  4. Go to Detections > Notifications > Event Notifications.
  5. Select the Event type, then on the right pane, slide the switch to enable the notification for the events that you prefer.
  6. Configure the Notification Methods by clicking on the Event (e.g. Virus found - first and second actions unsuccessful).

    Event Notifications

  7. In the Notification Methods section, tick Syslog.

    Notification Method

  8. Click Save.

  1. Login to the TMCM web console, and go to Notifications > Notification Method Settings.
  2. In the Syslog Settings section, specify the following:
    • Server IP address: Type the IPv4 or IPv6 address of the syslog server.
    • Port: The the port number of the syslog server.
    • Facility: Select the facility code.

    Syslog Settings

  3. Click Save.
  4. Go to Notification > Event Notifications.
  5. Select the Event type, then on the right pane, slide the switch to enable the notification for the events that you prefer.
  6. Configure the Notification Methods by clicking on the Event (e.g. Virus found - first and second actions unsuccessful).

    Event Notifications

  7. In the Notification Methods section, tick Syslog.

    Notification Method

  8. Click Save.

  1. Login to the TMCM web console, and go to Administration > Event Center > General Event Settings.
  2. In the Syslog Settings section, specify the following:
    • Server IP address: Type the IPv4 or IPv6 address of the syslog server.
    • Server Port: The the port number of the syslog server.
    • Facility: Select the facility code.

    Syslog Settings

  3. Click Save.
  4. Go to Administration > Event Center > Event Notifications.
  5. Select the Event type, and tick the checkbox to enable the notification for the events that you prefer.
  6. Configure the Notification methods by clicking on the Recipients (e.g. Virus found - first and second actions unsuccessful).

    Event Category

  7. In the Notification methods section, tick Syslog.

    Notification Method

  8. Click Save.

  1. Click Add data.

    Add Data

  2. Choose syslog.

    Choose syslog

  3. Choose Consume syslog over UDP.

    syslog over UDP

  4. Set the communication port, and choose syslogas the source type list.

    Select Source Type

  5. Check the readiness of syslog:
    1. Choose Manage Inputs.

      Manage Inputs

    2. Select UDP.

      Select UDP

    3. Check the setting, the following values should be seen:
      • UDP Port: 514
      • Source Type: syslog

      UDP Page

  1. From the APP menu, click Dashboard.

    Click Dashboards

  2. Click Create New Dashboard.

    New Dashboard

  3. Provide a title of your preference (e.g. Top 20 Threats), then click Create Dashboard.

    Dashboard Details

  4. Click Edit Source.

    Edit Source

  5. Paste the XML codes into editor, then click Save.

    XML Code

     
    A sample XML template can be downloaded here. This XML template is a sample and can be modified depending on what needs to be displayed on the dashboard that will be created.
     
  6. The new dashboard will read the TMCM logs and generate a panel similar to the image below:

    Dashboard Home

Keywords: splunk,splunk applcation,display syslog,integrate splunk,enable syslog diplay on splunk