How-To: Export your RADIUS Logs to Splunk

EZRADIUS enables your security team to monitor critical user actions by pushing the information to your SIEM. In this page we will show you how to connect your RADIUS logs to Splunk.

How To Connect Your Cloud RADIUS To Splunk

  1. Go to your EZRADIUS portal.
  2. Click on Settings. EZRADIUS Settings
  3. Scroll to the bottom and enable the “Send Audit Logs” to SIEM option. cloud radius send longs to Sentinel
  4. Select Splunk as the SIEM Provider. Set Splunk as the SIEM in EZRADIUS
  5. In another tab, go to your Splunk instance.
  6. Go to data inputs by clicking on the settings menu. Splunk Data Inputs
  7. Add a new Http Event Collector. Splunk Data Inputs http event collector
  8. Enter Keytos as the Name click next.
  9. Leave input settings with the default values and click next.
  10. Click Submit. Create Splunk http input
  11. Copy the splunk token we just created. Note this is a credential so do not share it publicly. Splunk http token
  12. Now let’s go back to the EZRADIUS portal and copy the url of your splunk instance and the token we just created.
  13. Click the “Test Connection” button, this will create a test log in your SIEM to make sure EZRADIUS can write to the SIEM. test splunk connection for cloud PKI
  14. If the connection test is successful, click “Save changes” at the top of the subscription. EZRADIUS save RADIUS Settings
  15. EZRADIUS will now send your security alerts to your SIEM. If an error occurs it will email your subscription administrators. See below to see the different events EZRADIUS will send.