Ask Your Question
0

how to add the ssl_client_dn to the puppet server log file running puppet 4.6

asked 2016-09-02 08:14:36 -0500

Hello,

In passenger i can add the client certificate name to the logging file by using the %{SSLCLIENTS_DN}e

LogFormat "%v %h %l %u %t \"%r\" %>s %b %{SSLCLIENTS_DN}e"

I found the config file that i need to change voor puppetserver 4.6 /etc/puppetlabs/puppetserver/request-logging.xml

But i can't find what i need to add to the pattern file to get de cliens ssl dn logged.

With regards,

Richard

edit retag flag offensive close merge delete

Comments

Hello, Found extra info? http://logback.qos.ch/manual/layouts.html#AccessPatternLayout Even found in de jar file that the info was mapped to name But tried without success until now. Maybe if this is not posible i need to look into a nginx/apache ssl offloading. With regards, Richard

R.deVos gravatar imageR.deVos ( 2016-09-05 10:00:47 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-09-06 10:23:55 -0500

camlow325 gravatar image

Unfortunately, I don't think there is a way to do this with the current logback Jetty access log functionality that Puppet Server is using. Using the same pattern documentation you mentioned, I also haven't found anything in the standard set of options which maps to the DN or CN of the client's X509Certificate.

If you have some sort of a proxy / load balancer between your agents and the master and are able to extract the DN from the client certificate and inject into the request as a header, e.g., X-Client-DN, then you could use the %i{X-Client-DN} in the request-logging.xml file in order to have the DN written to the access log file.

This would seem like a good feature to add to Puppet Server - and logback-access in general. If you'd like to pursue this further, you might open a feature request under the SERVER project at https://tickets.puppetlabs.com.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-09-02 08:14:36 -0500

Seen: 36 times

Last updated: Sep 06 '16