Using Splunk® Enterprise Search Commands for Advanced Analysis of Ivanti Connect Secure© Logs

Analyzing the logs of even the smallest Information Technology (IT) system can be a challenge considering they can generate millions of lines of log data in a very short time. Splunk® Enterprise is an industry leading tool that allows analysis of log data, which can enhance troubleshooting capabilities, improve system performance, and improve the security posture of an IT system. Ivanti Connect Secure© (ICS) is a market-leading platform powered by the Ivanti Secure Socket Layer Virtual Private Network (SSL VPN) appliance, providing an architecture for secure access to and protection of network resources. This paper describes an approach for using Splunk Enterprise search capabilities to perform advanced data analysis of ICS logs.