Getting Data In

Splunk add-on for Fudo PAM | How to parse logs from Fudo?

splunky_diamond
Path Finder

Hello splunkers!

Has anyone had experience with getting data in Splunk from PAM (Privileged Access Management) systems? I want to do the integration of Splunk with Fudo PAM. Question of getting logs from Fudo to Splunk is not a problem at all, it's easily done over syslog. However, I don't know how to parse these logs. The syslog sourcetype doesn't properly parse the events, it misses a lot of useful information such as: users, processes, action done, accounts, basically almost everything except for the IP of the node and the timestamp of the event. 

Does anyone know if there is a good add-on for parsing logs from Fudo PAM? Or any other good way how to parse its logs? 

Thanks for taking time reading and replying to my post ❤️

Labels (2)
0 Karma

tej57
Communicator

Hello @splunky_diamond ,

I am unsure if there are any apps/TAs available for Fudo PAM data. The best would be to write magic 8 props for parsing the data. You can find the relevant documentation links below:

https://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkdoeswithyourdata

https://docs.splunk.com/Documentation/Splunk/latest/Data/Overviewofeventprocessing

https://docs.splunk.com/Documentation/Splunk/latest/Data/Createsourcetypes

https://lantern.splunk.com/Splunk_Platform/Product_Tips/Data_Management/Configuring_new_source_types

 

Thanks,
Tejas.

 

---

If the above solution helps, an upvote is appreciated.

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...