Secure logging

Unanswered Question
Aug 22nd, 2008

I see that starting from version 8.x of ASA, an optional word "secure" has been added with logging host command. That is.,

logging host <int> <ip> <tcp/port> secure,

But has any one got it working, without using Cisco MARS. I am trying this with other end being KiwiSyslog listening on TCP and having secure tunnel using stunnel but not havening luck.

Gaurang.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Fri, 08/22/2008 - 02:56

Is normal syslog working through your kiwi server ? Are you seeing any rejects from the server or the firewall in the log messages ? There is no explicit statement saying the secure option doesnt work with normal syslog servers ! Not much of information too on Cisco site ! It just works with TCP protocol ...

Raj

gaurang_pandya Fri, 08/22/2008 - 20:52

Yes it does work normally with Kiwi server, no info available not just with Cisco but anywhere else through googling. I dont think any one has got it working yet.

robertson.michael Thu, 08/28/2008 - 13:41

Hi Gaurang,

The reason this isn't working is that Kiwi Syslog Daemon does not support SSL/TLS connections. The 'secure' keyword requires that the syslog server support SSL/TLS, so you'll need to switch to a different server.

Hope that helps.

-Mike

gaurang_pandya Fri, 08/29/2008 - 02:50

if you read my first post, i have clearly said..for secure connection i am using stunnel, which then forwards unencrypted packets to KiwiSyslog listening in TCP port.

Farrukh Haroon Fri, 08/29/2008 - 06:12

in the logging statement on the ASA which port have u mentioned?

Is the same port listening on the stunnel application? (this is the accept port in the stunnel.conf)

If you have Hucaby's ASA book, he has detailed instructions to set this up, its not so simple. If you need further help let me know, I can summarize the steps for you.

Regards

Farrukh

gaurang_pandya Mon, 09/08/2008 - 09:14

yes, i have done right stunnel config, and right tcp/port given in ASA, it would be great if you can summarize steps or point me to url that explains this in detail.

Thanks,

Gaurang.

Actions

This Discussion