syslog through VPN tunnel

ljbenavides · ‎06-23-2004

I have a router to router VPN architecture, hub and spoke in design, with public addresses on the outside interfaces, and private addresses on the LAN side. I'd like to force all syslogs from the routers through the VPN tunnel to a privately addressed syslog server at the hub. What do you recommend?

thanks,

Louis

Richard Burts · ‎06-25-2004

I have almost your exact situation running at a customer site: multiple remote sites to a central site, router to router VPN, syslog sent from the remote router to a central syslog server on the campus. I think the essential parts of what we did include:

- we specify the source address of the log message using "logging source-interface ". By default the syslog message would use the IP address of the outbound interface (the public interface) as the source. Using this command we make sure that the source address of the syslog is in our address space. We source from a loopoback interface but you could certainly source from your private LAN interface.

- the ususal identification of the syslog server using "logging ".

- make sure that the routing logic on the router points the route to the syslog server through the VPN.

HTH. If you need anything else, post again.

Rick

HTH

Rick

ljbenavides · ‎06-25-2004

Rick,

Thanks for the response. I have used the "logging source-interface " with much success.

Louis

poggs · ‎06-29-2004

I'm doing similar - I just specify "logging 192.168.200.153", "logging trap informational", "logging source-interface loopback0" and "logging on" and it works like a dream.

Since syslog runs over UDP, you'll probably lose any messages such as VPN tunnels being torn down or reestablished so its not perfect, but it works fine for me.