Configure an Inline SSL Session Logging Server Using CLI

You can configure an inline SSL session logging server to store the logged events that are generated when there are any changes made to the devices. You can specify the type of events that must be logged in to the server.

The following table provides a mapping of the severity, log level and its description:

Severity

Log Level

Description

0

Emergency

System is unusable

1

Alert

Action must be taken immediately

2

Critical

Critical condition

3

Error

Error condition

4

Warning

Warning condition

5

Notice

Normal but significant condition

6

Informational

Informational message

7

Debug

Debug message

The logged events are stored in the Common Event Format (CEF) as follows:

<SYSLOG_HEADER> <Timestamp> <hostname:engine> CEF:0|Gigamon|<Device Model>|<GigaVUE OS Version>|<Event ID>|<Event name>|<Severity>|[Extension]

Here is an example of a logged event:

Thu Jun 14 15:50:16 2018 hostname:hc2_test:1/1/e1CEF:0|Gigamon|HC2|5.5.0|102|SESSION_DECRYPT|6|src=126.1.0.20dst=126.1.0.10 spt=34267 dpt=443 dhost=example.comcs1Label=Certificate Subject cs1=C\=US, ST\=CA, L\=Santa Clara,CN=*.example.com cs2Label=Cipher Suite cs2=DHE-RSA-AES128-GCM-SHA256

You can view and track these logs to troubleshoot system issues, maintain audit trails, and for compliance purpose.

To configure an inline SSL session logging server:

Step

Description

Command

1.    

Configure an IP interface and attach a GigaSMART group.

(config) # ip interface <port alias> attach <tool_port_id> ip <IP address> <netmask | mask length> gateway <gateway IP address> gsggroup add <GigaSMART group alias>

2.  

Configure the session log levels under the GigaSMART parameters (gsparams).

Note:  If you set the session log level as None, the logs will not be sent to the inline SSL session logging server.

HC2 (config) # gsparams gsgroup <alias> session logging level <err|warning|notice|info|debug|none>

3.  

Add the inline SSL session logging server details under the GigaSMART parameters (gsparams).

Note:  You can configure only one inline SSL session logging server.

HC1 (config) # gsparams gsgroup <alias> session logging add remote-ip <syslog_ip | ipv6 <syslog_ipv6>> portdst <port> interface <ip_interface | ipv6_interface>

Use the following CLI command to delete the configured inline SSL session logging server:

HC1 (config) # gsparams gsgroup <alias> session logging delete remote-ip <syslog_ip | <syslog_ipv6>>

Note:  IPV6 traffic decryption is supported only for GEN 3 cards. Refer to the GigaVUE-HC1 Hardware Installation Guide and GigaVUE-HC3 Hardware Installation Guide for the list of GEN 3 card numbers.