[c-nsp] Can I encrypt syslog traffic in IOS

Bruce Pinsky bep at whack.org
Fri Mar 25 16:22:57 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hammer wrote:
> Thanks Christopher. My research has yielded the same result. I went and told
> the unix team about an hour ago that I was flipping our syslog from UDP to
> TCP w/ SSL or VPN and he just about fell over. I'm trying to decide how much
> of an effort I want to make on this. Right now, I'm just enjoying watching
> him implode.
> 
> 

Have you looked at this:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html

While it talks a bunch about BEEP, it would appear that TLS is also
supported as a transport.  See the options here:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html#wp1055009

You can specify TLS as the transport and name the cipher and trustpoint
credentials to be used.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2M+aEACgkQE1XcgMgrtyb2vQCg02JtyU+ij7k1LP9/Xpj2ukW5
nFIAniW70iMjEYaZNFJGSBYJSmMYCVqM
=bVGb
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list