Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     
     

    Sample Syslog Server Configuration on a Linux System

    Before you begin, the Linux-based syslog server must be configured with the IP address and gateway, and the StrongSwan IPsec client must be installed on the syslog server to initiate a VPN connection with the Junos OS device.

    Note: The following procedure is just an example to show how to configure a syslog server on a Linux platform using the StrongSwan configuration to provide IPsec.

    To setup a StrongSwan configuration on the remote syslog server to provide IPsec VPN capability:

    1. Modify the /etc/ipsec.secrets settings in accordance with the Junos OS device configuration.
      root@host# vi /etc/ipsec.secrets 192.168.1.2 192.168.1.1 : PSK “12345”
    2. Modify the /etc/ipsec.conf settings in accordance with the Junos OS device configuration.
      user@host# vi /etc/ipsec.conf
      config setup
                      plutodebug=all
                      plutostart=yes
                      nat_traversal=yes
      conn %default
                      ikelifetime=60m
                      keylife=20m
                      rekeymargin=3m
                      keyingtries=1
                      authby=secret
                      ike=aes-sha256-modp2048
                      auth=esp
                      esp=aes128-sha1
                      pfs=no
      conn home
                      leftfirewall=yes
                      left=192.168.1.2
                      right=192.168.1.1
                      rightsubnet=192.168.2.0/24
                      leftsubnet=20.20.20.0/24
                      auto=add
      

      Note: Here conn home specifies the name of the IPSec tunnel connection to be established between a Junos OS device and Strongswan VPN Client on Syslog server, ike=aes-sha256-modp2048 specifies the IKE encryption and authentication algorithms and DH Group to be used for the connection, andesp=aes128-sha1 specifies the ESP encryption and authentication algorithms to be used for the connection.

    3. Activate IPsec service by using ipsec up <being-established-ipsec-tunnel-name> command. For example,
      [root@fipscc-pc02 regress]# ipsec up home
      002 "home" #3: initiating Main Mode
      104 "home" #3: STATE_MAIN_I1: initiate
      010 "home" #3: STATE_MAIN_I1: retransmission; will wait 20s for response
      
    4. Restart the IPsec StrongSwan service.
      root@host# ipsec restart
    5. Check for syslog encrypted traffic.
      root@host# tcpdump –I eth1 –vv –s 1500 –c 10 –o /var/tmp/Syslog_Traffic.pcap
    6. Copy /var/log/syslog to /var/tmp/syslog_verify file on the syslog server to validate the syslog from the Junos OS device.
      root@host# cp /var/log/syslog /var/tmp/syslog_verify
     
     

    Modified: 2015-01-13