Encrypted Syslog Support
Encrypted Syslog is supported as an alert recipient (see
Recipients, for details) for sending secure notifications to a remote syslog server, as defined in RFC 5425.
These controls are provided for configuring an encrypted syslog recipient:
◼ Click to configure encrypted syslog local certificate – This displays the General System Settings page, open to the Encrypted Syslog Certificate tab. This is the certificate that the remote server uses to verify the AppResponse 11 system's identity, and it is used only when connecting to a remote syslog server. A self-signed certificate can be generated, or a certificate and private key can be imported.
◼ Host – Type the hostname or IP address of the syslog server.
◼ Port – This defaults to 6514, the well known port for encrypted syslog.
◼ Auth method – For both of these methods, the certificate must match the hostname being contacted (the Subject/Common Name). If validation of the server fails, the connection will be terminated, and no syslog message will be sent.
– Certificate validation – This is the preferred authentication method. Add the root CA and any intermediate certificates for the remote syslog server. When the remote server is connected, the server's certificate is verified as properly signed; the same as for a typical browser connection. The server's certificate does not need to be known ahead of time.
– Certificate matching – For this, enter the server's certificate here. When a connection is made, the certificate presented by the server is compared with this certificate, and the server is authenticated if the two match.
◼ Certificates
– Add – Click this to display the Add Certificate dialog, in which you can type a certificate name and paste in its CA-signed certificate, in Privacy Enhanced Mail (PEM) format. Up to 30 certificates can be added for one remote syslog server.
Backup/Restore Considerations
Encrypted syslog uses a private key to identify the AppResponse 11 system. Configuration backups are not encrypted, so that private key is not included in the backup. After a restore, the system creates a new self-signed certificate and key for itself. Depending on how the remote syslog server is configured, it’s likely that you will need to reconfigure the AppResponse 11 system's old certificate and key manually. This behavior is the same as the certificate/key used for web UI connections. Note that certificates for the remote servers are public by nature, and these are included in configuration backups.