[syslog-ng] filter/parse based on certificate attributes?

Christian Tramnitz chris.ace at gmx.net
Tue Aug 11 19:52:42 CEST 2009

ILLES, Marton wrote:
> Hi,
> I was wondering what kind of information do you need? I can imagine a
> tag that reflects whether the message was received through an encrypted
> transport. The certificate attributes/details could be stored as
> name/value pairs which you can refer from templates or use in filters.
> Using tags for certificate attributes seems bit more tricky as tags has
> only on/off states.
> What kind of information would you need from certificates?

I was planning to use a single tls listener with multiple parties (using 
a cert generated by my own CA!) sending messages and then relay or 
modify the messages based on an attribute in the certificate (i.e. 
"subject unique identifier" or an arbitrary X509v3 extension).

I could also do filtering based on IP and/or hostname within the message 
but I think it would be more secure (as sender may modify their IP and 
hostname, but not the certificate) and faster to use tags.

What do you mean with tags only having on/off? In the examples they do 
not look like booleans, i.e. the ".source." tag being dynamically built 
from the receive channel name!?


More information about the syslog-ng mailing list