Support for TLS in the syslog client

As of LCOS 10.90 the syslog client supports TLS-encrypted transmission in addition to the transport protocols UDP and TCP.

The corresponding setting can be found in LANconfig under Logging/Monitoring > Protocols > SYSLOG via Protocol.

Protocol

Defines the protocol used. Possible values:

UDP

User Datagram Protocol

TCP

Transmission Control Protocol

TLS

The syslog client supports three scenarios in TLS mode:

1. The syslog client accepts all TLS server certificates from the syslog server. For this purpose, no trusted CA certificate is stored in the router.
2. The syslog client only accepts server certificates signed by a trusted CA. To do this, the CA certificate must be uploaded to the corresponding certificate slot on the router.
3. The syslog client authenticates itself with the syslog server using a TLS client certificate and the syslog server authenticates itself with its CA certificate. To do this, both the TLS client certificate for the router and the CA certificate must be uploaded to the corresponding certificate slot on the router, e.g. in a container as a PKCS#12 file.

Certificates for syslog can be loaded into the device either via WEBconfig or LANconfig.

• LANconfig:Right-click on the device > Configuration Management > Upload Certificate or File
  • Syslog - container as PKCS#12 file or
  • Syslog - Root CA Certificate
• WEBconfig: Extras > File management > Upload Certificate or File > File Type
  • Syslog - container as PKCS#12 file or
  • Syslog - Root CA Certificate