2

Background I am approaching this from a SIEM or Log Collection point of view. Our corporation is thinking about making encrypted logging mandatory

Question Cisco ASA default appears to me to be send logs via syslog on udp/514. Is this the only option or can we enable more secure logging such as syslog over tls?

Reference Generic logging reference https://sflanders.net/2018/08/22/syslog-and-what-protocol-to-send-events-over/

Thanks, J

Improve this question
2
  • Not in any version I'm aware of. The newer NGFW/FTD stuff might, but I've never looked at it. There's always IPSec to your syslog server. :-)
    – Ricky
    Commented Jan 12 at 16:19
  • Thanks for posting Ricky. And intersting option to ipsec to syslog server. Out of band someone pointed me towards a YouTube video showing Secure TLS syslog - so thanks to "October Leaf"
    – user3223819
    Commented Jan 14 at 12:07

1 Answer 1

Reset to default
3

This YouTube tutorial by October Leaf describes how to secure syslog traffic using certificates between a Cisco asa and syslog server.

Link: https://www.youtube.com/watch?v=8QTg8kslk20&t=1216s

Channel: https://www.youtube.com/@octoberleaf585

So today I learned this can be done. Hope this helps.

Improve this answer
4
  • Well look at that. "secure" was added in 8.0(2) apparently (which means all the way back to the PIX!) Cisco, of course, provides useless documentation for the feature.
    – Ricky
    Commented Jan 14 at 13:19
  • Yes, the Borg does not help itself. I asked 2 CCIE's and they both said secure Syslog is not supported. The 3rd one pointed me to the video above. Credit to the YouTuber octoberleaf585
    – user3223819
    Commented Jan 17 at 11:38
  • 1
    After a lot of digging, I did find [ cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-3/… ] FOR AN ASR9k. And even that's not the complete story.
    – Ricky
    Commented Jan 17 at 14:14
  • Apparently SSL/TLS was added to Rsyslog around 2008, but it's been a damned well hidden secret. Nobody's talking about it. 'tho I can find many references to people using ipsec as I suggested.
    – Ricky
    Commented Jan 17 at 14:22

Not the answer you're looking for? Browse other questions tagged or ask your own question.