Syslog messages containing log events can be optionally sent over TLS instead of UDP. TLS support for log event syslog messages is based on RFC 5425, which provides security for syslog through the use of encryption and authentication.To enable the use of TLS for syslog log events, configure a TLS profile against the syslog profile, as shown in the following example:
configure log syslog "3" tls-client-profile "secure-44"
Syslog over TLS packets are sent with a fixed TCP source port of 6514.
TLS is supported for the following log event syslogs:
system syslogs (configure log syslog), which can send syslog messages as follows:
in-band (for example, out a port on an IMM)
out-of-band (out a CPM Ethernet port in the management router instance)
The configure log route-preference command configuration determines where the TLS connection is established for the base system syslogs.
service VPRN syslogs (configure service vprn log syslog)