[syslog-ng] filter/parse based on certificate attributes?

ILLES, Marton illes.marton at balabit.hu
Tue Aug 11 19:16:08 CEST 2009

On Mon, 2009-08-10 at 17:27 +0200, Christian Tramnitz wrote:
> With syslog 3.0 and ssl support using mutual certificate authentication
> is it possible to parse/filter/tag based on attributes in the certificate?
> I'd like to have a common listener and then relay or append messages
> based on client-cert attribute values...
> (Sorry if this message is arriving more than once, I seem to have 
> problems with posting through Gmane.)


I was wondering what kind of information do you need? I can imagine a
tag that reflects whether the message was received through an encrypted
transport. The certificate attributes/details could be stored as
name/value pairs which you can refer from templates or use in filters.
Using tags for certificate attributes seems bit more tricky as tags has
only on/off states.
What kind of information would you need from certificates?


Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D

More information about the syslog-ng mailing list