[c-nsp] Can I encrypt syslog traffic in IOS

Christopher Pilkington cjp at 0x1.net
Fri Mar 25 16:27:05 EDT 2011


The tls option only applies using BEEP, not TCP syslog, at least on
15.0 mainline.

On Fri, Mar 25, 2011 at 4:22 PM, Bruce Pinsky <bep at whack.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hammer wrote:
>> Thanks Christopher. My research has yielded the same result. I went and told
>> the unix team about an hour ago that I was flipping our syslog from UDP to
>> TCP w/ SSL or VPN and he just about fell over. I'm trying to decide how much
>> of an effort I want to make on this. Right now, I'm just enjoying watching
>> him implode.
>>
>>
>
> Have you looked at this:
>
> http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html
>
> While it talks a bunch about BEEP, it would appear that TLS is also
> supported as a transport.  See the options here:
>
> http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_reliable_del_filter.html#wp1055009
>
> You can specify TLS as the transport and name the cipher and trustpoint
> credentials to be used.
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk2M+aEACgkQE1XcgMgrtyb2vQCg02JtyU+ij7k1LP9/Xpj2ukW5
> nFIAniW70iMjEYaZNFJGSBYJSmMYCVqM
> =bVGb
> -----END PGP SIGNATURE-----
>



More information about the cisco-nsp mailing list