Hello Everyone,
Actually, I don't know if this question is actually valid to be asked here or not. So, I'm going to give it a shot here.
I have a requirement to monitor Border Network Gateway (BNG)'s accounting traffic using Splunk. The data input seems to be quite straightforward with the usage of UDP port 1813 to send the traffic. But the problem is, to throw the traffic into Splunk, the BNG has to share a secret key just like when we are trying to throw the traffic to a RADIUS server. Below is the sample command from BNG side:
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
At Splunk side, what should be configured aside from inputs.conf to receive the traffic? Is there any alternative way if this were not possible?
Thanks in advance
Hi vincenteous, I believe that you will want to not directly forward the authentication events to Splunk itself, but instead setup a radius server to log the authentication events locally, and then use the splunk forwarder to input those events like any other file monitor input. In this way you don't have to worry about the shared secret key from the splunk perspective.
Let me know if this works out 😄
Hi vincenteous, I believe that you will want to not directly forward the authentication events to Splunk itself, but instead setup a radius server to log the authentication events locally, and then use the splunk forwarder to input those events like any other file monitor input. In this way you don't have to worry about the shared secret key from the splunk perspective.
Let me know if this works out 😄
I guess this is the best which I can do. Thanks muebel for the answer