[syslog-ng] filter/parse based on certificate attributes?
Florian Pieper
florian at linux-infobase.net
Tue Feb 8 16:49:12 CET 2011
Christian Tramnitz <chris.ace <at> gmx.net> writes:
>
> ILLES, Marton wrote:
> > Hi,
> >
> > I was wondering what kind of information do you need? I can imagine a
> > tag that reflects whether the message was received through an encrypted
> > transport. The certificate attributes/details could be stored as
> > name/value pairs which you can refer from templates or use in filters.
> > Using tags for certificate attributes seems bit more tricky as tags has
> > only on/off states.
> > What kind of information would you need from certificates?
>
> I was planning to use a single tls listener with multiple parties (using
> a cert generated by my own CA!) sending messages and then relay or
> modify the messages based on an attribute in the certificate (i.e.
> "subject unique identifier" or an arbitrary X509v3 extension).
>
> I could also do filtering based on IP and/or hostname within the message
> but I think it would be more secure (as sender may modify their IP and
> hostname, but not the certificate) and faster to use tags.
>
> What do you mean with tags only having on/off? In the examples they do
> not look like booleans, i.e. the ".source." tag being dynamically built
> from the receive channel name!?
>
> Thanks,
> Christian
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
Hi folks,
I found the post and I'm planning to do the same kind of setup / filtering.
Is there any process being made since then to filter on a certifiate's values?
I'd really like to compare some values in the certificate and based on this
re-route the message.
I also read the newer article about syslog-ng string tagging (posted in August)
but not sure whether this will be helpful for my needs?
Thanks for any hint,
Florian
More information about the syslog-ng
mailing list