Secure syslog using SSL/TLS on Cisco switches, router and Firewall

p.juarezponte · ‎08-17-2018

Hello community

I am trying to find some documentation about secure syslog.

I have to send syslog messages to a server by using tcp encrypted traffic.

I only could find some and very slim information about implementing on a cisco ASA, but it's really very short information.

I have to implement this on a cisco asa 5545-x, on 2960-x switches and a Cisco ISR 4451 router too.

Should I have to import syslog certificate on my network devices?

Should I have to send my auto generate certificates to the syslog server admins?

I guess I have to import a new trustpoint with syslog's certificate in order to use it to send the messages, but really don't know how to do that or even is that is supported on all my devices.

I am pretty lost on this scenario.

Thank you for your help.

mnagired · ‎04-02-2019

Nope, its not a supported feature either on legacy or Catalyst 9k. There has been some discussion, but no plan is in place currently.

Alexander Hartmaier · ‎04-17-2019

The ASAs support it and you only need to add the CA certificates of the root CA to the ASA if your syslog server sends the complete intermediate certificate chain, if not all the CAs forming the certificate chain.

'show logging' will show you four connected tcp/tls connections if it works.

There is no way to configure the ciphers specifically for the syslog over tls connection, the ssl (tls) client settings seem to be used.