Configure Splunk Server

In this step, provide networking information about the Splunk syslog server, and specify the protocols, and ports for receiving syslog events.

Procedure

Step 1

In the Configure Splunk server page, from the Host object or IP address drop-down, choose the host object or enter an IP address of the Splunk server. To create a host object, click the Create link in the drop-down list.

Step 2

Click the Protocol (UDP, TCP, or TLS) that you want the Splunk server to use for communicating with Firewall Management Center and Firewall Threat Defense device.

Step 3

In the Port field, enter the port number applicable for the selected protocol:

  • UDP: Enter the port number 514, or a number between 1025 and 65535. The default UDP port is 514.

  • TCP: Enter the port number between 1025 and 65535. The default TCP port is 1470.

  • TLS: Enter the port number between 1 and 65535. The default TLS port is 6514.

Step 4

(Optional) If you selected TLS, specify the trusted CA name to securely establish the connection on the Splunk server. From the Trusted certificate authority drop-down list, choose the CA. (To import a new CA object, click the Create link in the drop-down list.)

Step 5

To forward the events logged by a facility, from the Facility drop-down list, choose the corresponding facility.

Step 6

To forward the events with a specific severity, from the Severity drop-down list, choose the severity level.

Step 7

(Optional) In the Tag field, enter an alphanumeric string by which to identify the message in the server.

Step 8

(Optional) To cancel the creation of the Splunk profile, click Cancel.

Step 9

To move to the next step in the Splunk configuration, click Next.