On Mon, 25 Apr 2022 14:27:19 -0400, "Sven F." <[email protected]> wrote:
> Moreover just like -h send the hostname , in a SSL setup it would be > useful to log the CN of the client certificat , with -i maybe, > since it is a strong ID sorting logs with that feels more reliable > than ip, or modified hostnames. > > I may miss some important legacy behavior but a `-i` option that logs > the CN after the hostname in a similar manner looks non breaking and > useful. Ah that reminds me an issue I have. On my central logging machine, I filter logs by hostname. However, it appears sometimes my dns fails so it doesn't get a hostname and the logs with the IP address escape the filter. If I could filter based on the client's certificate hostname, that would be much more reliable! Cheers, Daniel
