[c-nsp] Can I encrypt syslog traffic in IOS

Hammer bhmccie at gmail.com
Tue Mar 29 12:27:11 EDT 2011


Oh yeah, and the other idea that was thrown way way out to me that was
interesting was to convert the syslog to SNMP traps and then use SNMPv3 to
push it to an NMS server. A bit on the edge but interesting too.


 -Hammer-

"I was a normal American nerd."
-Jack Herer





On Tue, Mar 29, 2011 at 11:26 AM, Hammer <bhmccie at gmail.com> wrote:

> Another option that was recently presented to me was using GDOI to
> authenticate the traffic from the client before it's sent. Then, only the
> syslog traffic would be encrypted and passed. I'm still researching this but
> it sounds plausable albeit overkill. In the end, we may just policy route
> the syslog traffic thru a tunnel. Thanks for all the input.
>
>
>  -Hammer-
>
> "I was a normal American nerd."
> -Jack Herer
>
>
>
>
>
>   On Fri, Mar 25, 2011 at 3:37 PM, Bruce Pinsky <bep at whack.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hammer wrote:
>> > Cool. Doesn't apply to IOS but will work for my CheckPoints. If I make
>> > some headway I'll post back to this thread. Don't hold your breath.
>> >
>>
>> Well, I was thinking of rsyslogd on the server side, not the client.  Then
>> if the IOS TLS transport works for syslog, you'd be good to go.
>>
>> - --
>> =========
>> bep
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAk2M/QoACgkQE1XcgMgrtyZAigCfT8tW61b/4/OJupm7R+x4PFLO
>> bRsAoOsRN/NrwOAgzTGA+OPsW3FCDBGF
>> =oOAL
>> -----END PGP SIGNATURE-----
>>
>
>


More information about the cisco-nsp mailing list