Encrypted Syslogs to collector

Unanswered Question
Feb 15th, 2010

Hi everyone,

We have a Catalyst 2960 layer 2 switch in a secure DMZ.  Our Information Assurance folks will not let us configure that switch to send syslog messages to our syslog collector on the "inside" network because syslogs are send in cleartext.

I was wondering if anyone knows of a IOS feature that will encrypt syslogs messges?  If so, can you please post a link with information on how to configure it?

Thanks,

SM

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 02/15/2010 - 07:17

steve0miller wrote:

Hi everyone,

We have a Catalyst 2960 layer 2 switch in a secure DMZ.  Our Information Assurance folks will not let us configure that switch to send syslog messages to our syslog collector on the "inside" network because syslogs are send in cleartext.

I was wondering if anyone knows of a IOS feature that will encrypt syslogs messges?  If so, can you please post a link with information on how to configure it?

Thanks,

SM

Steve

I'm not aware of any method to encrypt syslog messages on the 2960 and send them to a syslog server. Bear in mind the syslog server itself would also then need to be able to decrypt the syslog messages.

What you could do is create an IPSEC tunnel from your firewall to the inside network and then send the syslog messages down that. Only drawback is that the network device on the inside would also need to be able to do IPSEC and switches don't this except for the 6500 but you then need SPA cards. If you had a spare router you could terminate it on that internally and then send the messages onto the syslog server.

Other than that syslog can be configured to forward messages so you could have a syslog server in the DMZ and then forward on to the internal syslog server. You could then encrypt the messages with something like this -

Encrypted syslog

Jon

Actions

This Discussion