Using a syslog server's self-signed cert to send secure Syslog

Enterprise Integration · ‎06-20-2023

We are trying to send secure Syslog on port 6514 on a Cisco 5516x. I have be given a cert from the syslog server to install, which I have. While the pcap capture shows the ASA sending it also shows the server resetting the connection. If we switch to normal Syslog over 514 all is good. I am not sure if I loaded the :self-Signed" cert correct

crypto ca trustpoint Sec-Syslog
keypair Sec-Syslog
enrollment terminal
!
cry ca authenticate Sec-Syslog
( I entered the base 64 encoded provide by Syslog server)
-----END CERTIFICATE----
quit
Do you accept this certificate? [yes/no]: y
!
!
logging host outside x.x.x.x 6/6514 secure

Any Help ?

Flavio Miranda · ‎06-20-2023

Hi

It seems on this video this guy did the same as you. I am not sure about the versions, but it might help anyway

https://www.youtube.com/watch?v=8QTg8kslk20

Enterprise Integration · ‎06-20-2023

Thank you for the reply. I have watched this video and many others. It is how I was able to get as far as I did. The issue Iam have is in the video he stats we will load two certs. One on the ASA and one that is generated on the ASA and loaded on the Syslog server. My server teams is tellingl me the cert. they generate on the Syslog server was a "Self-Signed" cert and that is all that is required. I am no expert on Cert.s but think they might be blowing smoke up my 4th point of contact. I has hoping to find some answer that states this is how you use Self-Singed certs, ether show them, or figure out want I'm not doing right

MHM Cisco World · ‎06-20-2023

Did you add DNS name to ASA cert. ?

Enterprise Integration · ‎06-20-2023

I believe so,

fqdn Device-Name.company.name.int

MHM Cisco World · ‎06-20-2023

Double check if you add dns name

And make sure add cert of asa to syslog server and add syslog cert to asa.

Enterprise Integration · ‎06-20-2023

Thank you. I really believe this is the issue "And make sure add cert of asa to syslog server and add syslog cert to asa." The Syslog teams is tell in No that the one they sent should suffice.

Enterprise Integration · ‎06-22-2023

As I suspected the sever team was giving the wrong file. Once thay provide me with a .pem file, here is what I did on the ASA to get it to send secure syslog

(config)#crypto key generate rsa general-key label Sec.Syslog.KP modulus 2048
(config)#cry ca trustpoint Sec.Syslog.TP
(config-ca-trustpoint)# fqdn IP of outside interface
(config-ca-trustpoint)#keypair Sec.Syslog.KP
(config-ca-trustpoint)# subject-name CN=ASA.Name,O=Company.Name,C=US,St=State,L=Location
(config-ca-trustpoint)# enrollment terminal
(config-ca-trustpoint)#exit
(config)# cry ca authenticate Sec.Syslog.Cert
Enter the base 64 encoded CA certificate.
End with the word "quit" on a line by itself
**Copy in .pem file provide**
-----BEGIN CERTIFICATE-----
………….Lots of wired stuff………
-----END CERTIFICATE-----
quit
Do you accept this certificate? [yes/no]: y

Enable Secure Syslog
(config)#logging host outside Public IP of syslog server 6/6514 secure

Thank for all the suggestion, and Hope this helps someone

MHM Cisco World · ‎06-22-2023

Glad your issue solved

Have a nice weekend

MHM

GhufranPervaiz2 · ‎11-29-2023

You add DNS name to ASA cert. ?