Configure the SIEM Tool Plugin for Integration between Splunk and Bomgar Remote Support
To begin configuration, launch the Middleware Administration Tool and click on the clipboard icon next to the plugin name.
The first portion of plugin configuration provides the necessary settings for communication between the plugin and the Bomgar Appliance. These fields are described in the Bomgar SIEM Tool Plugin Installation and Administration.
- Target SIEM System: Select Splunk from the list.
- SIEM Syslog Host: Enter the hostname or IP address of the Splunk instance that should receive messages.
- SIEM Syslog Port: Enter the port used by the Splunk instance to receive syslog messages, usually port 1514.
- SIEM Syslog Protocol: Select the appropriate protocol from the list, usually UDP.
- Events to Process: Bomgar session data may contain many different event types. All types are available; however, only a subset may be desired in the SIEM tool. Select only the events you would like sent to Splunk. Events matching unchecked event types are ignored.