Configuring an encrypted syslog server, Installing the ssl client certificate – Brocade Multi-Service IronWare Administration Guide (Supporting R05.6.00) User Manual

334

Multi-Service IronWare Administration Guide

53-1003028-02

Configuring the Syslog service

A

Configuring an encrypted syslog server

You can configure up to six encrypted syslog servers, but only one is active at any time, with the
other servers acting as standby. When you add an encrypted syslog server, if there is no active
syslog server, a session is established with the configured server. If a new connection is added
when an active session exists, a new session with another encrypted syslog server is not
attempted.

A new syslog server session is attempted in the following scenarios:

•

Current active encrypted syslog server configuration is removed or the SSL connection to the
active syslog server is closed

•

During a device reload

•

During switch over of the management module

•

No active syslog server is found when the device sends syslog messages

Attempts to connect to a new syslog server starts with the first configured syslog server. The device
attempts to establish an SSL connection with a server until a successful SSL connection is
established. During this interval, the trap hold down timer is started and all the syslog messages
are queued. When the timer expires, the device sends queued log messages to the connected
syslog server.

Configuring encrypted syslog servers requires two steps:

•

Installing the SSL Client certificate from a remote machine

•

Adding encrypted syslog servers

Installing the SSL client certificate

Before you can configure an encrypted syslog server for the device, you must install the SSL client
certificate. Do one of the following to install the SSL client certificate.

Using TFTP:

1. Use TFTP to copy the SSL Client Certificate and private key from the remote machine if TFTP is

enabled on the device. Enter the following commands in sequence in any order:

Brocade# copy tftp flash 10.25.101.121 cert.p12 client-certificate

Brocade# copy tftp flash 10.25.101.121 privkeyfile client-private-key

Brocade(config)# show log

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)

Buffer logging: level ACDMEINW, 38 messages logged

level code: A=alert C=critical D=debugging M=emergency E=error

I=informational N=notification W=warning

Static Log Buffer:

Dynamic Log Buffer (50 entries):

21d07h02m40s:warning:list 101 denied tcp 10.157.22.191(0)(Ethernet 4/18

0000.001f.77ed) -> 10.99.4.69(http), 1 event(s)

19d07h03m30s:warning:list 101 denied tcp 10.157.22.26(0)(Ethernet 4/18

0000.001f.77ed) -> 10.99.4.69(http), 1 event(s)

17d06h58m30s:warning:list 101 denied tcp 10.157.22.198(0)(Ethernet 4/18

0000.001f.77ed) -> 10.99.4.69(http), 1 event(s)