This section describes the overall configuration procedure of syslog encryption.
Prerequisites
- If you select TCP, to complete the syslog receiving configuration in the ATIC, you must
ensure that you have completed the certificate configuration on the anti-DDoS device.
- Obtain the root certificate rootcert.pem and CA certificate cacert.pem from software installation path\Runtime\LegoRuntime\cert. The Italic words in the command must be replaced with the actual software installation path.
- Upload root certificate rootcert.pem and CA certificate cacert.pem of the management center to the cfcard:/security/ folder of the device through FTP. If this folder does not exist, create one.
- Enter ssl policy ssldl and access the ssl policy view. ssldl indicates the view name.
Enter trusted-ca load pem-ca rootcert.pem and import the root certificate.
Enter trusted-ca load pem-ca cacert.pem and import the CA certificate.
- If you select TCP, to complete the syslog receiving configuration, you shall run the info-center loghost ip-address transport tcp ssl-policy policy-name command on the device.
- If you select UDP, to complete the syslog receiving configuration, you shall run the info-center loghost ip-address command on the device.
- If you select both TCP and UDP, to complete the syslog receiving configuration, you shall run the info-center loghost ip-address transport tcp ssl-policy policy-name or info-center loghost ip-address command on the device as required.
