Christian Tramnitz <chris.ace <at> gmx.net> writes:
ILLES, Marton wrote:
Hi,
I was wondering what kind of information do you need? I can imagine a tag that reflects whether the message was received through an encrypted transport. The certificate attributes/details could be stored as name/value pairs which you can refer from templates or use in filters. Using tags for certificate attributes seems bit more tricky as tags has only on/off states. What kind of information would you need from certificates?
I was planning to use a single tls listener with multiple parties (using a cert generated by my own CA!) sending messages and then relay or modify the messages based on an attribute in the certificate (i.e. "subject unique identifier" or an arbitrary X509v3 extension).
I could also do filtering based on IP and/or hostname within the message but I think it would be more secure (as sender may modify their IP and hostname, but not the certificate) and faster to use tags.
What do you mean with tags only having on/off? In the examples they do not look like booleans, i.e. the ".source." tag being dynamically built from the receive channel name!?
Thanks, Christian ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi folks, I found the post and I'm planning to do the same kind of setup / filtering. Is there any process being made since then to filter on a certifiate's values? I'd really like to compare some values in the certificate and based on this re-route the message. I also read the newer article about syslog-ng string tagging (posted in August) but not sure whether this will be helpful for my needs? Thanks for any hint, Florian