Manualshelf

Technical data

ManualsBrandsMB QUART ManualsAmplifierMLX-100
31323334353637383940
Brocade MLX Series and NetIron Family Documentation Updates 29
53-1002805-03
Configuring an encrypted syslog server
1
Configuring an encrypted syslog server
You can configure up to six encrypted syslog servers, but only one is active at any time, with the
other servers acting as standby. When you add an encrypted syslog server, if there is no active
syslog server, a session is established with the configured server. If a new connection is added
when an active session exists, a new session with another encrypted syslog server is not
attempted.
A new syslog server session is attempted in the following scenarios:
Current active encrypted syslog server configuration is removed or the SSL connection to the
active syslog server is closed
During a device reload
During switch over of the management module
No active syslog server is found when the device sends syslog messages
Attempts to connect to a new syslog server starts with the first configured syslog server. The device
attempts to establish an SSL connection with a server until a successful SSL connection is
established. During this interval, the trap hold down timer is started and all the syslog messages
are queued. When the timer expires, the device sends queued log messages to the connected
syslog server.
Configuring encrypted syslog servers requires two steps:
Installing the SSL Client certificate from a remote machine
Adding encrypted syslog servers
Installing the SSL client certificate
Before you can configure an encrypted syslog server for the device, you must install the SSL client
certificate. Do one of the following to install the SSL client certificate.
Using TFTP:
1. Use TFTP to copy the SSL Client Certificate and private key from the remote machine if TFTP is
enabled on the device. Enter the following commands in sequence in any order:
Brocade# copy tftp flash 10.25.101.121 cert.p12 client-certificate
Brocade# copy tftp flash 10.25.101.121 privkeyfile client-private-key
Syntax: copy tftp flash <remote_ip> <cert_file> client-certificate
and
Syntax: copy tftp flash <remote_ip> <priv_key_file> client-private-key
The remote_ip keyword specifies the IP address of the remote host where the SSL Client certificate
and private key are present. The cert_file keyword specifies the filename of the SSL Client
Certificate, and the priv_key_file keyword specifies the filename of the private key.