Configuring Mutual Authentication for SYSLOG

Before you begin

Install or import the certificates for the SYSLOG client.

At least one SYSLOG server must be configured on the device using the logging syslog-server host command.

About this task

To configure Mutual Authentication do the following:

Procedure

  1. Import the SYSLOG client certificate. Use the following command.
    crypto ca import-pkcs type pkcs12 cert-type syslog-client protocol FTP directory /mydir-name 
        file /myfile-name source-ip 10.11.12.13 user user-name password password ​
  2. Import the SYSLOG server CA certificates.
    crypto import syslogca directory /mydir-name file /myfile-name host 10.11.12.13 user user-name password password​
  3. Configure the SYSLOG server. Navigate to the global configuration mode. This configures a SYSLOG server with IP 10.11.12.13 with secure port 9449 which is a user configured port.
    SLX (config)# logging syslog-server host 10.11.12.13 use-vrf mgmt-vrf
    SLX (config)# secure port 9449  

Example

The following example shows the complete configuration of SYSLOG server for Mutual Authentication.

logging raslog console INFO
logging syslog-server 10.11.12.13 use-vrf mgmt-vrf
 secure port 9449
!
logging auditlog class SECURITY
logging auditlog class CONFIGURATION
logging auditlog class FIRMWARE
logging syslog-facility local LOG_LOCAL7