Encrypt Syslog Audit Data

Syslog audit data, such as messages and traps, are usually sent unencrypted between a GigaVUE node and the syslog server using UDP over port 514. The messages are sent in plain text. To allow secure transmission, starting in software version 4.4, you can send encrypted syslog audit data by using TCP and SSH options.

For more information on the CLI commands used in the following section, refer to logging and ssh in the reference section.

Encryption Procedure

Use the following sample procedure to encrypt syslog audit data.

Step

Description

Command

Configure TCP Port

1.    

On the GigaVUE node, configure the TCP port on which the syslog server listens.

Note:  Starting in software version 4.7, use the logging command to specify an IPv4 address, an IPv6 address, or a hostname.

(config) # logging 192.168.1.25 tcp 51300

Generate Public Key

2.  

On the GigaVUE node, generate a public key for a user account on the node. If the user has the admin role, you must use the default admin account to generate the public key.

(config) # ssh client user admin identity rsa2 generate
3.  

On the GigaVUE node, display the key contents, then copy the key contents.

(config) # show ssh client

For example, copy all of the key contents:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZfGVW4+2S9Lng1Jo5lM7jJdnU93N4i ... grneMozmTIvJgB3vfV

Login to Server to Paste the Key

4.  

In Linux, log into the syslog server. In the following example, the IP address of the syslog server is 192.168.1.25 and the username is an existing user called sysloguser.

Log into IP address 192.168.1.25 with username sysloguser to see the Linux prompt:

#
5.  

On the syslog server, change the directory to .ssh.

# cd .ssh
6.  

On the syslog server, edit the authorized_keys file, located in the .ssh directory, using any editor, then paste the key contents.

For example, using the vi editor:

# vi authorized_keys

Paste the key contents that you copied in the previous step into the authorized_keys file in the following format <copied public key> <space> username@hostname.

NOTES:

■   If the authorized_keys file does not exist, create it, for example:

# vi authorized_keys

■   If the authorized_keys file exists but does not have write access, change the access, for example:

# chmod 644 authorized_keys
7.  

Change the access on the authorized_keys file back to secure.

# chmod 600 authorized_keys

Configure Secured TCP Connection

8.  

On the GigaVUE node, configure the secured TCP connection.

(config) # logging 192.168.1.25 tcp 51300 ssh username sysloguser
9.  

On the GigaVUE node, display the configuration.

(config) # show logging