Configure the On-Premises PCE

You must make configuration changes on the PCE so that data is forwarded to the Splunk server.

Configure the Syslog

Use the information in the "Additional PCE Installation Tasks" topic in PCE Installation and Upgrade Guide.

Configure the Runtime PCE

Note

This procedure is for PCE versions earlier than 18.2.1. If you are running version 18.2.1 or later, skip this procedure.

To generate and send traffic flow summaries to the PCE syslog and forward them to Splunk, you need to make the following changes to the runtime_env.yml PCE Runtime Environment file. You need to make changes to the runtime_env.yml file on all PCE nodes in the cluster, and you need to restart the PCE to make your changes take effect.

export_flow_summaries_to_syslog:

- accepted

- potentially_blocked

- blocked

For more information about runtime_env.yml and the export_flow_summaries_to_syslog setting, see PCE Installation and Upgrade Guide.

PCE runtime_env.yml Configuration

export_flow_summaries_to_syslog:

- accepted

- potentially_blocked

- blocked

For more information about runtime_env.yml and the setting export_flow_summaries_to_syslog, see the Illumio ASP PCE Deployment Guide.

Integrations

Configure the On-Premises PCE

Configure the Syslog

Configure the Runtime PCE

Note

PCE runtime_env.yml Configuration

Search results