cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1941
Views
5
Helpful
7
Replies

Secure logging

gaurang_pandya
Level 1
Level 1

I see that starting from version 8.x of ASA, an optional word "secure" has been added with logging host command. That is.,

logging host <int> <ip> <tcp/port> secure,

But has any one got it working, without using Cisco MARS. I am trying this with other end being KiwiSyslog listening on TCP and having secure tunnel using stunnel but not havening luck.

Gaurang.

7 Replies 7

sachinraja
Level 9
Level 9

Is normal syslog working through your kiwi server ? Are you seeing any rejects from the server or the firewall in the log messages ? There is no explicit statement saying the secure option doesnt work with normal syslog servers ! Not much of information too on Cisco site ! It just works with TCP protocol ...

Raj

Yes it does work normally with Kiwi server, no info available not just with Cisco but anywhere else through googling. I dont think any one has got it working yet.

Hi Gaurang,

The reason this isn't working is that Kiwi Syslog Daemon does not support SSL/TLS connections. The 'secure' keyword requires that the syslog server support SSL/TLS, so you'll need to switch to a different server.

Hope that helps.

-Mike

if you read my first post, i have clearly said..for secure connection i am using stunnel, which then forwards unencrypted packets to KiwiSyslog listening in TCP port.

in the logging statement on the ASA which port have u mentioned?

Is the same port listening on the stunnel application? (this is the accept port in the stunnel.conf)

If you have Hucaby's ASA book, he has detailed instructions to set this up, its not so simple. If you need further help let me know, I can summarize the steps for you.

Regards

Farrukh

yes, i have done right stunnel config, and right tcp/port given in ASA, it would be great if you can summarize steps or point me to url that explains this in detail.

Thanks,

Gaurang.

Sorry for the late reply.

Please find attached presentation from a Cisco TAC training to configure this.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: