I have the following rsyslog config file 10-custom.conf in which I want to have access to the distinguished name (CN, OU, L etc.) of the TLS client certificate that is used to establish the connection to rsyslog.
module(
load="imtcp"
StreamDriver.Name="gtls"
StreamDriver.Mode="1"
StreamDriver.Authmode="x509/name"
PermittedPeer="peers.mydomain.com"
)
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile ca-root.cer
$DefaultNetstreamDriverCertFile rsyslog.cer
$DefaultNetstreamDriverKeyFile syslog_private.key
ruleset(name="tofile"){
action(type="omfile" file="/var/log/test.log")
}
input(type="imtcp" port="1514" ruleset="tofile")
Is there a way to access the before mentioned distinguished name properties for log processing? E.g. passing logs to different hosts depending on the common name? Non-working example:
if ($commonname contains "client1") then {
action(type="omfile" file="/var/log/client1.log")
}
if ($commonname contains "client2") then {
action(type="omfile" file="/var/log/client2.log")
}