All Apps and Add-ons

Does the Splunk Add-on for RSA SecurID require the input use UDP 514, or can it be any port?

dwbizzle
New Member

This add-on doesn't appear to work correctly following the instructions. Does this add-on require the input use udp/514 or can it be any port? Using 514 isn't an option for me.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

The Splunk Add-on For RSA SecurID does not have a modular input. Its an app that expects a sourcetype of [rsa:securid:*] to be available.

This is a syslog format input.

So to circle back to your question, you dont have to use UDP514 for ingesting this. You can use a syslog server to collect the logs and then a use a input to read the syslog files. Or you could move the UDP input to a different port and use that also.

Splunk best practices would be to use a syslog server, and then ingest the files into Splunk by using an monitor on the file. Better control and more redundancy for you.

Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!