Splunk settings Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. Protect Application for Splunk
  4. Configure Syslog
  5. Splunk settings

Splunk
 settings

Note Regarding Syslog Over SSL
Sending data over encrypted protocols is recommended, when possible.
Cylance
 and
Splunk
 can communicate syslog data using plain-text and over SSL. For more information about how to configure forwarding, see the
Splunk
 documentation at: https://docs.splunk.com/Documentation/Splunk/6.6.1/Security/ConfigureSplunkforwardingtousesignedcertificates
To see instructions that work in
BlackBerry
’s development environment, please see Appendix: configure Syslog over SSL in Splunk in Appendix A.
Unencrypted syslog input is not recommended; however, for troubleshooting purposes, it can be enabled on a port other than 6514. You can enable Syslog in
Splunk
 Web in
Settings > Data Inputs > Local Inputs > TCP
. Enable TCP Port 6515.
Note on Multi-Tenant Configurations and Syslog
Each tenant will require its own stanza in inputs.conf, and each tenant requires its own port. For example, if there are two tenants, CompanyOne and CompanyTwo, inputs.conf should contain.
[tcp-ssl://6514]
disabled = false
sourcetype = syslog_protect
source = CompanyOne
index = cylance_protect
[tcp-ssl://6515]
disabled = false
sourcetype = syslog_protect
source = CompanyTwo
index = cylance_protect