We have setup a distributed sandbox system with release 8.1.2. We have configured scripted authentication on our search head based on the PAM scripts located in $SPLUNK_HOME/share/splunk/a...
Hi
We have just switched from native Splunk authentication to PAM scripted authentication.
We are running Splunk 6.3.4 under Linux Suse, sles 11.
After switching to PAM scripted authentication...
Hello,
I am requested to make a study on the possibility to integrate Splunk authentication/authorization with Cyberark PAM/PSM.
To get connected into Splunk, the users should g...
Hi, I want to rewrite the event based on some keyword in event.
For Example:
Junly 27 10:00:05 UTC IF_DOWN SYSLOG_DAEMON
So if i match SYSLOG from the event and add field in event on H...
...llegal user djras123 from 192.168.1.2 - dcos_sshd[17284] ras1-dan-cisco-swi error: PAM: Authentication failure for illegal user djras123 from 192.168.1.2 - dcos_sshd[29461] ras1-dan-cisco-swi error: PAM: Authentication...
...ocumentation on authentication.conf , it does not indicate that this can be done. I just wanted to know if this is not possible, or if it's just not documented well.
Basically I want to use both LDAP a...
We are trying to deploy splunk with SSO according to documentation found on http://www.splunk.com/base/Documentation/4.1/Admin/Usesinglesign-onwithSplunk but are hitting a wall.
The suspicion i...
...istory of SSH (or even tty) logged-in users. I've found some shell wrappers like sudosh, rootsh, snoopy and so on but all of them have some disadvantages like only binary log format or it was not e...
Hello Splunkers.
How can I integrate IdM (Identity Manager) with Splunk?
For LDAP data, I'm using the Splunk Support for Active Directory add-on so I can run a ldapsearch command.
But I'm k...
...ailed password for invalid user where the src is not parsed at all when PAM messages are also involved in the total login attempt.
Apr 9 14:43:48 test-backup sshd[16780]: PAM 2 more authentication...