Another option that was recently presented to me was using GDOI to authenticate the traffic from the client before it's sent. Then, only the syslog traffic would be encrypted and passed. I'm still researching this but it sounds plausable albeit overkill. In the end, we may just policy route the syslog traffic thru a tunnel. Thanks for all the input.
-Hammer- "I was a normal American nerd." -Jack Herer On Fri, Mar 25, 2011 at 3:37 PM, Bruce Pinsky <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hammer wrote: > > Cool. Doesn't apply to IOS but will work for my CheckPoints. If I make > > some headway I'll post back to this thread. Don't hold your breath. > > > > Well, I was thinking of rsyslogd on the server side, not the client. Then > if the IOS TLS transport works for syslog, you'd be good to go. > > - -- > ========= > bep > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk2M/QoACgkQE1XcgMgrtyZAigCfT8tW61b/4/OJupm7R+x4PFLO > bRsAoOsRN/NrwOAgzTGA+OPsW3FCDBGF > =oOAL > -----END PGP SIGNATURE----- > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
