7.2.3. Procedure – Configuring TLS-encrypted logging

Purpose: 

To encrypt the communication between the PNS host and your central syslog server, complete the following steps.

Steps: 

1. 

   Figure 7.16. Creating a new syslog destination

   Navigate to System logging > Destinations > New, and enter a name for the new destination (for example, tls-logserver).

2. Select Drivers > New, then Driver type > tcp.

3. 

   Figure 7.17. Configuring the syslog destination

   Set the hostname and port of your logserver in the Host and Port fields.

4. Select the network interface of PNS that faces the logserver from the Bind IP field.

5. Select Use encryption.

6. If your logserver requires mutual authentication, that is, it checks the certificates of the log clients, select the certificate PNS should show to the logserver from the Certificate field.

7. Select the trusted CA group that contains the certificate of the CA that signed the certificate of the logserver from the CA Group field.

8. By default, PNS will verify the certificate of the logserver, and accept only a valid certificate. If you do not need such strict check, modify the Peer verify option. For details on the possible values, see Section 3.2.5, Certificate verification options in Proxedo Network Security Suite 1.0 Reference Guide.

9. Click OK.

10. 

    Figure 7.18. Configuring the syslog router

    Select Routers, and add this new destination to a router.