Secure logging

Unanswered Question
Aug 22nd, 2008
User Badges:

I see that starting from version 8.x of ASA, an optional word "secure" has been added with logging host command. That is.,


logging host <int> <ip> <tcp/port> secure,


But has any one got it working, without using Cisco MARS. I am trying this with other end being KiwiSyslog listening on TCP and having secure tunnel using stunnel but not havening luck.


Gaurang.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Fri, 08/22/2008 - 02:56
User Badges:
  • Red, 2250 points or more

Is normal syslog working through your kiwi server ? Are you seeing any rejects from the server or the firewall in the log messages ? There is no explicit statement saying the secure option doesnt work with normal syslog servers ! Not much of information too on Cisco site ! It just works with TCP protocol ...


Raj

gaurang_pandya Fri, 08/22/2008 - 20:52
User Badges:

Yes it does work normally with Kiwi server, no info available not just with Cisco but anywhere else through googling. I dont think any one has got it working yet.

robertson.michael Thu, 08/28/2008 - 13:41
User Badges:
  • Silver, 250 points or more

Hi Gaurang,


The reason this isn't working is that Kiwi Syslog Daemon does not support SSL/TLS connections. The 'secure' keyword requires that the syslog server support SSL/TLS, so you'll need to switch to a different server.


Hope that helps.


-Mike

gaurang_pandya Fri, 08/29/2008 - 02:50
User Badges:

if you read my first post, i have clearly said..for secure connection i am using stunnel, which then forwards unencrypted packets to KiwiSyslog listening in TCP port.

Farrukh Haroon Fri, 08/29/2008 - 06:12
User Badges:
  • Red, 2250 points or more

in the logging statement on the ASA which port have u mentioned?


Is the same port listening on the stunnel application? (this is the accept port in the stunnel.conf)


If you have Hucaby's ASA book, he has detailed instructions to set this up, its not so simple. If you need further help let me know, I can summarize the steps for you.


Regards


Farrukh

gaurang_pandya Mon, 09/08/2008 - 09:14
User Badges:

yes, i have done right stunnel config, and right tcp/port given in ASA, it would be great if you can summarize steps or point me to url that explains this in detail.


Thanks,


Gaurang.

Actions

This Discussion