Meraki

Community

Secure syslog

GaryShainberg
Building a reputation
‎Sep 25 2019 10:22 AM
‎Sep 25 2019 10:22 AM

Secure syslog

Guys and Girls,

 

I have a need to take the syslogs from about 20 networks all within the same organisation has anyone one done this in a secure way - I guess I could use site:site VPN's but I would rather not unless there is no other option.

 

Any thoughts / suggestions would be appreciated

 

Gary

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
0 Kudos
5 Replies 5
jdsilva
Kind of a big deal
‎Sep 25 2019 10:29 AM
‎Sep 25 2019 10:29 AM

Syslog itself has no built in encryption or authentication so you will need to build something that can provide whatever you need. If you have to go over the Internet then a VPN tunnel is a good option. 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
BrandonS
Kind of a big deal
‎Sep 25 2019 12:19 PM
‎Sep 25 2019 12:19 PM

I agree VPN is probably it, but you have your own or a hosted, central syslog server?  I suppose you could store and forward syslog securely with TLS from each site via a local machine or VM.  Since Meraki does not support encrypted syslog it would be local syslog traffic that is secure on your internal network and then forward it using TLS encrypted syslog to your central server.  Here is something about it I was reading in relation to a cloud syslog server I use: https://help.papertrailapp.com/kb/configuration/encrypting-remote-syslog-with-tls-ssl

 

 

- Ex community all-star (⌐⊙_⊙)
0 Kudos
In response to BrandonS
GaryShainberg
Building a reputation
‎Sep 25 2019 1:00 PM
‎Sep 25 2019 1:00 PM

Brandon, thanks for this and I'll have a read, but I think I have come to the same conclusion as you guys that from Meraki kit, it cant be done, but using either a local collector and then via TLS or keeping it on-net and using vpn tunnels would work.

 

Thanks

 

I'll leave this open for a couple of days, just to see if anyone else has any thoughts

 

-Gary

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
In response to GaryShainberg
G_ControlScan
Here to help
‎Sep 27 2019 6:27 AM
‎Sep 27 2019 6:27 AM

Gary,

When looking to send syslog over VPN read this article.

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...

 

What is not mentioned in the article, when sending SYSLOG from a MX, over a VPN tunnel, the source will be the highest VLAN #. 

 

If you have:

VLAN 5 - 192.168.5.0/24

VLAN 20 - 192.168.20.0/24

 

The source will be 192.168.20.1 

 

You may want to consider a Management VLAN 254,   192.168.254.0/29 and do a network NAT to a unique site subnet.  

 

In response to G_ControlScan
GaryShainberg
Building a reputation
‎Sep 30 2019 7:50 AM
‎Sep 30 2019 7:50 AM

Hi there,

 

Much thanks for this as its sounds like the classic "gotcha" of which one would spend hours trying to solve.

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.