Getting Data In

How to configure Splunk to monitor Border Network Gateway (BNG) accounting traffic?

vincenteous
Communicator

Hello Everyone,

Actually, I don't know if this question is actually valid to be asked here or not. So, I'm going to give it a shot here.
I have a requirement to monitor Border Network Gateway (BNG)'s accounting traffic using Splunk. The data input seems to be quite straightforward with the usage of UDP port 1813 to send the traffic. But the problem is, to throw the traffic into Splunk, the BNG has to share a secret key just like when we are trying to throw the traffic to a RADIUS server. Below is the sample command from BNG side:

radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

At Splunk side, what should be configured aside from inputs.conf to receive the traffic? Is there any alternative way if this were not possible?

Thanks in advance

0 Karma
1 Solution

muebel
SplunkTrust
SplunkTrust

Hi vincenteous, I believe that you will want to not directly forward the authentication events to Splunk itself, but instead setup a radius server to log the authentication events locally, and then use the splunk forwarder to input those events like any other file monitor input. In this way you don't have to worry about the shared secret key from the splunk perspective.

Let me know if this works out 😄

View solution in original post

muebel
SplunkTrust
SplunkTrust

Hi vincenteous, I believe that you will want to not directly forward the authentication events to Splunk itself, but instead setup a radius server to log the authentication events locally, and then use the splunk forwarder to input those events like any other file monitor input. In this way you don't have to worry about the shared secret key from the splunk perspective.

Let me know if this works out 😄

vincenteous
Communicator

I guess this is the best which I can do. Thanks muebel for the answer

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...