TOC & Recently Viewed

Recently Viewed Topics

Configure the Splunk Client Policy

Using the Client Policy Builder, you can create and modify policies for your LCE Splunk Client. The following steps are performed via the web interface on the LCE server that you configured your LCE Splunk Client to communicate with.

Caution: The LCE Splunk Client can process a maximum of 500 logs per second. Processing more than 500 logs per second can result in a loss of data. This is an absolute limit and cannot be increased by improving the system hardware.

Steps

  1. Using the Client Policy Builder, create a policy for your LCE Splunk Client. This documentation includes a list of valid configuration items for the client policy.

    Note: The LCE Splunk Client policy requires at least one IP address for a Splunk server. If no IP addresses are provided, the client will not open the Listen port.

    In order for the Splunk Client to function, you will need to edit the Client policy, include the required syntax noted below, and specify your Splunk server.

    XML Example:

    <splunk-server>172.26.0.10</splunk-server>

  2. Assign the policy to the LCE Splunk Client.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.