Set up the RSA Authentication Manager to produce syslog and send it to Splunk.
How to validate all RSA appliances are pointed via syslog to Splunk?
How do I configure?
You could probably leverage the instructions here RSA SecurID Access Event Source Configuration Guide to configure syslog for RSA Authentication Manager.
I've moved your question about sending Authentication Manager syslog data to Splunk to the RSA SecurID Access space so that you can get an answer to your question.
Be sure to bookmark the page for future questions regarding Authentication Manager.
In the Security Console, click Setup > System Settings.
Select an instance.
From the Trace Log, Administrative Audit Log, Runtime Audit Log, and System Log drop-down lists, select a log level. For a description of each parameter, see Log Configuration Parameters.
Determine where to store the log data. You can choose to save it:
Locally in the internal database only
Locally in the internal database and in the local operating system Syslog
Locally in the internal database and the remote Syslog at a specified hostname or IP address. The remote host must be a valid UNIX machine that Authentication Manager is permitted to access. The system resolves the remote hostname by referring to the Domain Name System that was configured during Quick Setup. or instructions on configuring a remote Syslog host to log messages from Authentication Manager, see Configure the Remote Syslog Host for Real Time Log Monitoring.
If you are configuring log settings on the primary instance and you want to apply the same changes to the replica instance, click Apply the above settings to the replica instance(s) upon save.
Retrieving data ...