08-17-2018 01:03 AM - edited 02-21-2020 08:07 AM
Hello community
I am trying to find some documentation about secure syslog.
I have to send syslog messages to a server by using tcp encrypted traffic.
I only could find some and very slim information about implementing on a cisco ASA, but it's really very short information.
I have to implement this on a cisco asa 5545-x, on 2960-x switches and a Cisco ISR 4451 router too.
Should I have to import syslog certificate on my network devices?
Should I have to send my auto generate certificates to the syslog server admins?
I guess I have to import a new trustpoint with syslog's certificate in order to use it to send the messages, but really don't know how to do that or even is that is supported on all my devices.
I am pretty lost on this scenario.
Thank you for your help.
04-02-2019 04:27 PM
Nope, its not a supported feature either on legacy or Catalyst 9k. There has been some discussion, but no plan is in place currently.
04-17-2019 08:56 AM
The ASAs support it and you only need to add the CA certificates of the root CA to the ASA if your syslog server sends the complete intermediate certificate chain, if not all the CAs forming the certificate chain.
'show logging' will show you four connected tcp/tls connections if it works.
There is no way to configure the ciphers specifically for the syslog over tls connection, the ssl (tls) client settings seem to be used.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide