Skip Navigation

Verify configuration of Syslog

You can now perform a basic test to verify that
BlackBerry Protect Desktop
is forwarding syslog messages to the
Splunk
app:
  • In the
    Splunk
    Search bar, with the time set to the Real-time one-minute Window, run the following query:
    eventtype=cylance_index sourcetype=syslog
  • In the
    BlackBerry
    Console, go to
    Settings > Application
  • Under Syslog/SIEM, in the Integrations section, click the
    Test Connection
    button. You should see a green popup with a message: Connection was successful
  • In
    Splunk
    , below the search bar in the results part of the page, an event should appear which contains the text:
    CylancePROTECT---Test Connection Message
All of the provided syslog dashboards should begin populating as events occur.
In addition, by adhering to the Common Information Model, the
CylancePROTECT
Application for
Splunk
provides
BlackBerry
Console syslog data that is ready for integration with other
Splunk
apps such as the
Splunk
for Enterprise Security app.