CL-Softwares
/
telegraf
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
telegraf/plugins/inputs/x509_cert
History
jaroug b2b361356e
Wildcard support for x509_cert files (#6952) 
* Accept standard unix glob matching rules

* comply with indentation

* update readme

* move globing expand and url parsing into Init()

* chore: rebase branch on upstream master

* rename refreshFilePaths to expandFilePaths
* expandFilePaths handles '/path/to/*.pem' and 'files:///path/to/*.pem'
* update sample config

* fix: recompile files globing pattern at every gather tic

 * add var globFilePathsToUrls to stack files path
 * add var globpaths to stack compiled globpath
 * rework sourcesToURLs to compile files path and stack them
 * rename expandFilePaths to expandFilePathsToUrls
 * rework expandFilePathsToUrls to only match compiled globpath
 * rework the `Gather` ticker to match globpath at each call

* fix: comply with requested changes

 * add specifics regarding relative paths in sample config
 * add logger and use it in expandFilePathsToUrls()
 * precompile glob for `files://`, `/` and `://`

* fix: update README to match last changes

* fix: comply with last requested changes

 * rename expandFilePathsToUrls() to collectCertURLs()
 * collectCertURLs() now returns []*url.URL to avoid extra field
globFilePathsToUrls in structure
 * update the Gather() ticker accordingly

* fix(windows): do not try to compile glopath for windows path as it's not supposed to be supported by the OS

* fix(ci): apply go fmt

* fix(ci): empty-lines/import-shadowing

Co-authored-by: Anthony LE BERRE <aleberre@vente-privee.com>
 		2021-03-23 17:31:15 -04:00
..
dev Add certificate verification status to x509_cert input (#6143) 2019-07-22 16:10:40 -07:00
README.md Wildcard support for x509_cert files (#6952) 2021-03-23 17:31:15 -04:00
x509_cert.go Wildcard support for x509_cert files (#6952) 2021-03-23 17:31:15 -04:00
x509_cert_test.go Revive fixes - part 4: (#8981) 2021-03-12 14:21:51 -06:00

README.md

x509 Certificate Input Plugin

This plugin provides information about X509 certificate accessible via local file or network connection.

Configuration

# Reads metrics from a SSL certificate
[[inputs.x509_cert]]
  ## List certificate sources, support wildcard expands for files
  ## Prefix your entry with 'file://' if you intend to use relative paths
  sources = ["/etc/ssl/certs/ssl-cert-snakeoil.pem", "tcp://example.org:443",
            "/etc/mycerts/*.mydomain.org.pem", "file:///path/to/*.pem"]

  ## Timeout for SSL connection
  # timeout = "5s"

  ## Pass a different name into the TLS request (Server Name Indication).
  ## This is synonymous with tls_server_name, and only one of the two
  ## options may be specified at one time.
  ##   example: server_name = "myhost.example.org"
  # server_name = "myhost.example.org"

  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
  # tls_server_name = "myhost.example.org"

Metrics

  • x509_cert
    • tags:
      • source - source of the certificate
      • organization
      • organizational_unit
      • country
      • province
      • locality
      • verification
      • serial_number
      • signature_algorithm
      • public_key_algorithm
      • issuer_common_name
      • issuer_serial_number
      • san
    • fields:
      • verification_code (int)
      • verification_error (string)
      • expiry (int, seconds)
      • age (int, seconds)
      • startdate (int, seconds)
      • enddate (int, seconds)

Example output

x509_cert,common_name=ubuntu,source=/etc/ssl/certs/ssl-cert-snakeoil.pem,verification=valid age=7693222i,enddate=1871249033i,expiry=307666777i,startdate=1555889033i,verification_code=0i 1563582256000000000
x509_cert,common_name=www.example.org,country=US,locality=Los\ Angeles,organization=Internet\ Corporation\ for\ Assigned\ Names\ and\ Numbers,organizational_unit=Technology,province=California,source=https://example.org:443,verification=invalid age=20219055i,enddate=1606910400i,expiry=43328144i,startdate=1543363200i,verification_code=1i,verification_error="x509: certificate signed by unknown authority" 1563582256000000000
x509_cert,common_name=DigiCert\ SHA2\ Secure\ Server\ CA,country=US,organization=DigiCert\ Inc,source=https://example.org:443,verification=valid age=200838255i,enddate=1678276800i,expiry=114694544i,startdate=1362744000i,verification_code=0i 1563582256000000000
x509_cert,common_name=DigiCert\ Global\ Root\ CA,country=US,organization=DigiCert\ Inc,organizational_unit=www.digicert.com,source=https://example.org:443,verification=valid age=400465455i,enddate=1952035200i,expiry=388452944i,startdate=1163116800i,verification_code=0i 1563582256000000000