How-To: Export your EZCMS Logs to Splunk

Learn how to export your EZCMS Audit Logs to Splunk for advanced analysis and monitoring.

Prerequisites

How to Export your Passwordless Onboarding Audit Logs to Splunk

How To Enable Log Export in EZCMS Portal

  1. Go to your EZCMS portal.

  2. Click on Settings.

    EZCMS Settings

  3. Scroll down to SIEM Connection Settings and enable the Send Alerts to SIEM option.

    EZCMS Send Audit Logs to SIEM checkbox

How to Configure the Splunk Exporter

  1. In another tab, go to your Splunk instance.

  2. Go to Data inputs by clicking on the Settings menu.

    Splunk Data Inputs

  3. Add a new Http Event Collector.

    Splunk Data Inputs http event collector

  4. Enter “Keytos” as the Name click next.

  5. Leave input settings with the default values and click Next.

  6. Click Submit.

    Create Splunk http input

  7. Copy the Splunk token we just created.

    Splunk http token

How to Configure the Splunk SIEM in EZCMS Portal

  1. Navigate back to the EZCMS Portal.

  2. Select Splunk as the SIEM Provider.

    Set Splunk as the SIEM in EZCMS

  3. Paste the URL instance and the token from the Splunk portal into EZCMS.

  4. Click the Test Connection"** button, this will create a test log in your SIEM to make sure EZCMS can write to the SIEM.

    test splunk connection for cloud PKI

  5. If the connection test is successful, click Save changes

    EZCA Settings Save Changes

  6. EZCMS will now send your audit logs to your SIEM. If an error occurs it will email your subscription administrators.