Integration of splunk with Mcafee ESM

ramkidurai · ‎01-07-2014

Hi,

I would need to integrate splunk(version 6.0) with Mcafee ESM(Version 9.2.1).

What is the requirements to be met in order to forward the splunk logs into ESM. I have enabled the forwarded with the IP and port number to forward logs.

Also at the ESM end, the properties are set to receive logs.

Iam new to splunk as well as new to ESM, and I believe I have missed out some configuration/settings to be made. Please let me know if any one has tried this and succeeded. Awaiting for suggestions/help.

Thanks,
Ramesh

araitz · ‎01-07-2014

Check out this documentation on forwarding to a third-party system:

http://docs.splunk.com/Documentation/Splunk/6.0.1/Forwarding/Forwarddatatothird-partysystemsd

ramkidurai · ‎02-12-2014

Hi,

I have this document already and configured/made changes to output.conf, props.conf and transforms.conf files as per this. Still I could not forward logs from Splunk to McAfee ESM. I would need all syslog data to forward from Splunk.

Irrespective of data/port, when I enable forwarding or receiving in splunk, I get an error msg:
"Tcp output pipeline blocked. Attempt '100' to insert data failed." Any idea on this error would be helpful.

Also let me know what would be the target group in output.conf under :Forward Syslog data([syslog:]). ?

Integration of splunk with Mcafee ESM

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms