> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Friday, June 08, 2012 10:07 PM > To: rsyslog-users > Subject: Re: [rsyslog] filter incoming logs by client TLS cert? > > I would suggest making the information from the cert available as if it > was structured data in the log in 6.3+ that way it can be used for > filters > (or logged) as desired. > > having the ability to create a single tag that contains a bunch of info > without significantly polluting the namespace or having to hard-code > property names is a _really_ powerful feature.
That's definitely a good suggestion. However, it requires a bit of plumbing and is not done in half a day. I'll see if I can find a quick interim solution, but it looks like it needs to wait until more engine changes have happened (I am still somewhat undecided on which lib/code to use for the internal tree representation - probably need to talk to Dmitri a bit more). Rainer > David Lang > > On Fri, 8 Jun 2012, Rainer Gerhards wrote: > > >> -----Original Message----- > >> From: [email protected] [mailto:rsyslog- > >> [email protected]] On Behalf Of [email protected] > >> Sent: Friday, June 08, 2012 9:37 AM > >> To: rsyslog-users > >> Subject: [rsyslog] filter incoming logs by client TLS cert? > >> > >> Hello, > >> > >> is there a way to filter incoming logs by a unique property of a TLS > >> certificate? > > > > Sorry - interesting, but currently not possible. > >> > >> Something along the lines of: > >> > >> ---- > >> Cleint certificate: > >> Subject: C=LT,O=smt,L=Vilnius,ST=Lietuva,CN=server1.servers.local > >> > >> Central logging server config: > >> $InputTCPServerStreamDriverAuthMode x509/name > >> $InputTCPServerStreamDriverPermittedPeer server1.servers.local > >> $InputTCPServerStreamDriverMode 1 > >> > >> if tls_client_cn='server1.servers.local' then > >> /logs/server1.servers.local/logfile > >> ---- > >> > >> ? > >> > >> I'm searching how to authenticate a client. > >> > > This is done automatically. No peer other than server1.servers.local > can connect with above config... > > > > Raienr > >> Thank you, > >> IgnasR > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
