Entrust PKI Hub provides the log-forwarder solution for forwarding logs to a Splunk SIEM (Security Information and Event Management) server. 

To configure and deploy Entrust log-forwarder with the Management Console

1. Login into the Management Console as explained in Logging into the Management Console.

2. In the content pane, click Manage Solution under Entrust log-forwarder.
   
3. Activate the Import configuration toggle switch if you want to import configuration settings from a file, such as a sample configuration file included in the product release.
   
4. Active the Enable Advanced Configuration if you want to configure the full set of configuration parameters supported by the solution.
5. Click Next.
6. Configure the solution settings described in the following sections. 
   • Type
   • Host
   • Port
   • Token
   • TLS

1. Click Validate to validate the configured settings. 
2. Correct any detected configuration error until the Validate option displays no warnings.
3. Optionally, click the Download button to export the current configuration. You can later import this configuration with the already mentioned Import configuration toggle switch.
4. Click Submit and wait while Entrust PKI Hub uploads the configuration and any attached file, such as a P12 file with authentication credentials.
5. Click Deploy.

Type

The type of SIEM server. The current Entrust PKI Hub release only supports selecting Splunk.

Mandatory: Yes

Host

The IP address or hostname of the external SIEM server.

Mandatory: Yes

Port

The port of the SIEM service.

Mandatory: Yes

Token

A secret authentication token provided by the external SIEM service.

Mandatory: Yes

TLS

Configuration of the TLS security in communications with the external SIEM server.