Siemens RUGGEDCOM ROX II User Manual page 117

RUGGEDCOM ROX II
CLI User Guide
IMPORTANT!
The client (RUGGEDCOM ROX II) and server certificates must by signed by the same CA.
CONTENTS
• Section 4.10.3.1, "Enabling/Disabling Secure Remote Syslog"
• Section 4.10.3.2, "Viewing a List of Permitted Peers"
• Section 4.10.3.3, "Adding a Permitted Peer"
• Section 4.10.3.4, "Deleting a Permitted Peer"
• Section 4.10.3.5, "Configuring a Source IP Address for Remote Syslog Messages"
Section 4.10.3.1
Enabling/Disabling Secure Remote Syslog
To configure a specific source IP address for all remote syslog messages, do the following:
1. Make sure the CLI is in Configuration mode.
NOTE
Once secure remote system logging is enabled and a remote syslog server is configured, TCP port
6514 is automatically opened.
2. Enable or disable secure remote syslog by typing either:
Enabling
admin logging secure-remote-syslog enable
Disabling
no admin logging secure-remote-syslog enable
IMPORTANT!
All certificates must meet the following requirements:
• X.509 v3 digital certificate format
• PEM format
• RSA key pair, 512 to 2048 bits in length
3. If secure remote syslog is enabled, specify a certificate to use for authentication with remote syslog server by
typing:
certificate certificate
Where:
• certificate is the name of the certificate
If the desired certificate is not listed, add it. For more information, refer to
Certificate".
4. [Optional] Define one or more match patterns or permitted peers. Permitted peers compare the server's host
name to the common name defined in the SSL certificate. For more information, refer to
"Adding a Permitted
Enabling/Disabling Secure Remote Syslog
Peer".
Device Management
Section 6.8.7.3, "Adding a
Section 4.10.3.3,
Chapter 4
71