Secure Connection from EMS to Syslog
This feature supports secure connections from EMS to remote Syslog servers using the OpenSSL library of APIs. The configuration of an EMS Syslog server target is enhanced to enable management of information necessary for establishing a trusted channel using TLS and providing for X509v3 authentication. Additionally, new EMS events are created as necessary for logging secure connection failure conditions and configuration changes.
Supported Platforms
Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X620, X440-G2 series switches.
Changed CLI Commands
Changes are underlined.
configure syslog [{add} [ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port}] {vr vr_name} [local] | delete [ [ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port} ] {vr vr_name} [local] | all {local} {vr vr_name}]]
enable log target [ upm {upm_profile_name}| xml-notification {xml_target_name}| console | session | memory-buffer | primary-msm | primary-mm | primary-node | backup-msm | backup-mm | backup-node | nvram | syslog [[all | ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port}] {vr vr_name} {local}]]
disable log target [ upm {upm_profile_name}| xml-notification {xml_target_name}| console | session | memory-buffer | primary-msm | primary-mm | primary-node | backup-msm | backup-mm | backup-node | nvram | syslog [[all | ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port} ] {vr vr_name} {local}]]
configure log target [upm [all | upm_profile_name] | xml-notification [all | xml_target_name] | console | session | memory-buffer | primary-msm | primary-mm | primary-node | backup-msm | backup-mm | backup-node | nvram | syslog [all | ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port} ] {vr vr_name} {local}] [filter filter-name {severity severity {only}} |severity severity {only}]
unconfigure log target [console | session | memory-buffer | nvram | syslog [all | ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port} ] {vr vr_name} {local} | xml-notification {xml_target_name}] format
configure log target [upm [all | upm_profile_name] | xml-notification [all | xml_target_name] | console | session | memory-buffer | primary-msm | primary-mm | primary-node | backup-msm | backup-mm | backup-node | nvram | syslog [all | ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port} ] {vr vr_name} {local}] match {any | regex}
configure log target syslog [all | ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port} ] {vr vr_name} {local} from source-ip-address
configure log target syslog [all | ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port{tls_port} ] {vr vr_name} {local} format [timestamp [ seconds | hundredths | none]] [date [ dd-Mmm-yyyy | yyyy-mm-dd | Mmm-dd | mm-dd-yyyy | mm/dd/yyyy | dd-mm-yyyy | none]] {event-name [component | condition | none]} {process-slot} {severity} {priority} {source-function} {source-line} {host-name} {tag-id} {tag-name}
The following show command now displays the port type (TLS or UPD) (shown in bold):
show log configuration {target { upm {upm_profile_name} | xml-notification {xml_target_name} | console | session | memory-buffer | primary-msm | primary-mm | primary-node | backup-msm | backup-mm | backup-node | nvram | syslog {ipaddress {udp-port {udp_port}} | ipPort | ipaddress tls-port {tls_port} } {vr vr_name} {local} } | filter {filter-name}}
# show log configuration target syslog Log Target : syslog; 10.68.6.3:6555 (vr VR-Mgmt), local0 Enabled : yes Filter Name : DefaultFilter Match regex : Any Severity : Debug-Data (through Critical) Format : PRI Mmm DD HH:MM:SS HOSTNAME TAG: Port Type : TLS Recnct Cnt : 0 Recnct Msg : No Error