I would suggest making the information from the cert available as if it was structured data in the log in 6.3+ that way it can be used for filters (or logged) as desired.

having the ability to create a single tag that contains a bunch of info without significantly polluting the namespace or having to hard-code property names is a _really_ powerful feature.

David Lang

On Fri, 8 Jun 2012, Rainer Gerhards wrote:

-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of [email protected]
Sent: Friday, June 08, 2012 9:37 AM
To: rsyslog-users
Subject: [rsyslog] filter incoming logs by client TLS cert?

Hello,

is there a way to filter incoming logs by a unique property of a TLS
certificate?

Sorry - interesting, but currently not possible.

Something along the lines of:

----
Cleint certificate:
Subject: C=LT,O=smt,L=Vilnius,ST=Lietuva,CN=server1.servers.local

Central logging server config:
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer server1.servers.local
$InputTCPServerStreamDriverMode 1

if tls_client_cn='server1.servers.local' then
/logs/server1.servers.local/logfile
----

?

I'm searching how to authenticate a client.

This is done automatically. No peer other than server1.servers.local can 
connect with above config...

Raienr
Thank you,
IgnasR
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards

Reply via email to