Hello;
I've just installed "Technology Add-on for RSA SecurID" https://splunkbase.splunk.com/app/2872 on my syslog server (running a Universal Forwarder, that is pulling RSA logs from /var/adm/message, a to-do is to stuff RSA SecurID logs into a separate file). I've also installed on my indexers and search heads.
I am seeing sourcetypes:
rsa:runtime
rsa:system
rsa:admin
I was wondering if this add-on supports using the "RSA SecurID Application for Splunk" for reports (https://splunkbase.splunk.com/app/822) This app uses snmp to extract data, and I am unable to see where, or how, to alter it to use syslog instead.
Thank you,
-mi
Hi nychawk,
No it currently does not since the RSA app has not been updated in quite some time. I am however working on that as we speak and hope to have it updared/supported by early next week. I will post for you here when I am done.
Thanks,
Josh
Just stumbled across this as I just implemented your TA. Has there been any updates on making the TA and Splunk for RSA compatible?
Thanks,
Casey
Thank you Josh, I can offer up myself to test if needed.
Regards,
-mi