Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
859
Views
5
Helpful
2
Replies

Encrypted Syslogs to collector

steve0miller
Level 1
Level 1

‎02-15-2010 07:00 AM - edited ‎03-06-2019 09:42 AM

Hi everyone,

We have a Catalyst 2960 layer 2 switch in a secure DMZ.  Our Information Assurance folks will not let us configure that switch to send syslog messages to our syslog collector on the "inside" network because syslogs are send in cleartext.

I was wondering if anyone knows of a IOS feature that will encrypt syslogs messges?  If so, can you please post a link with information on how to configure it?

Thanks,

SM

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎02-15-2010 07:17 AM 

steve0miller wrote:
Hi everyone,
We have a Catalyst 2960 layer 2 switch in a secure DMZ.  Our Information Assurance folks will not let us configure that switch to send syslog messages to our syslog collector on the "inside" network because syslogs are send in cleartext.
I was wondering if anyone knows of a IOS feature that will encrypt syslogs messges?  If so, can you please post a link with information on how to configure it?
Thanks,
SM

Steve

I'm not aware of any method to encrypt syslog messages on the 2960 and send them to a syslog server. Bear in mind the syslog server itself would also then need to be able to decrypt the syslog messages.

What you could do is create an IPSEC tunnel from your firewall to the inside network and then send the syslog messages down that. Only drawback is that the network device on the inside would also need to be able to do IPSEC and switches don't this except for the 6500 but you then need SPA cards. If you had a spare router you could terminate it on that internally and then send the messages onto the syslog server.

Other than that syslog can be configured to forward messages so you could have a syslog server in the DMZ and then forward on to the internal syslog server. You could then encrypt the messages with something like this -

Encrypted syslog

Jon

steve0miller
Level 1
Level 1
In response to Jon Marshall

‎02-15-2010 07:26 AM

Thank you for the suggestion Jon.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card