x509_cert

package
v1.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: MIT Imports: 24 Imported by: 8

README

x509 Certificate Input Plugin

This plugin provides information about X509 certificate accessible via local file, tcp, udp, https or smtp protocol.

When using a UDP address as a certificate source, the server must support DTLS.

Global configuration options

In addition to the plugin-specific configuration settings, plugins support additional global and plugin configuration settings. These settings are used to modify metrics, tags, and field or create aliases and configure ordering, etc. See the CONFIGURATION.md for more details.

Configuration

# Reads metrics from a SSL certificate
[[inputs.x509_cert]]
  ## List certificate sources, support wildcard expands for files
  ## Prefix your entry with 'file://' if you intend to use relative paths
  sources = ["tcp://example.org:443", "https://influxdata.com:443",
            "smtp://mail.localhost:25", "udp://127.0.0.1:4433",
            "/etc/ssl/certs/ssl-cert-snakeoil.pem",
            "/etc/mycerts/*.mydomain.org.pem", "file:///path/to/*.pem"]

  ## Timeout for SSL connection
  # timeout = "5s"

  ## Pass a different name into the TLS request (Server Name Indication).
  ## This is synonymous with tls_server_name, and only one of the two
  ## options may be specified at one time.
  ##   example: server_name = "myhost.example.org"
  # server_name = "myhost.example.org"

  ## Only output the leaf certificates and omit the root ones.
  # exclude_root_certs = false

  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
  # tls_server_name = "myhost.example.org"

  ## Set the proxy URL
  # use_proxy = true
  # proxy_url = "http://localhost:8888"

Metrics

  • x509_cert
    • tags:
      • type - "leaf", "intermediate" or "root" classification of certificate
      • source - source of the certificate
      • organization
      • organizational_unit
      • country
      • province
      • locality
      • verification
      • serial_number
      • signature_algorithm
      • public_key_algorithm
      • issuer_common_name
      • issuer_serial_number
      • san
      • ocsp_stapled
      • ocsp_status (when ocsp_stapled=yes)
      • ocsp_verified (when ocsp_stapled=yes)
    • fields:
      • verification_code (int)
      • verification_error (string)
      • expiry (int, seconds) - Time when the certificate will expire, in seconds since the Unix epoch. SELECT (expiry / 60 / 60 / 24) as "expiry_in_days"
      • age (int, seconds)
      • startdate (int, seconds)
      • enddate (int, seconds)
      • ocsp_status_code (int)
      • ocsp_next_update (int, seconds)
      • ocsp_produced_at (int, seconds)
      • ocsp_this_update (int, seconds)

Example Output

x509_cert,common_name=ubuntu,ocsp_stapled=no,source=/etc/ssl/certs/ssl-cert-snakeoil.pem,verification=valid age=7693222i,enddate=1871249033i,expiry=307666777i,startdate=1555889033i,verification_code=0i 1563582256000000000
x509_cert,common_name=www.example.org,country=US,locality=Los\ Angeles,organization=Internet\ Corporation\ for\ Assigned\ Names\ and\ Numbers,organizational_unit=Technology,province=California,ocsp_stapled=no,source=https://example.org:443,verification=invalid age=20219055i,enddate=1606910400i,expiry=43328144i,startdate=1543363200i,verification_code=1i,verification_error="x509: certificate signed by unknown authority" 1563582256000000000
x509_cert,common_name=DigiCert\ SHA2\ Secure\ Server\ CA,country=US,organization=DigiCert\ Inc,ocsp_stapled=no,source=https://example.org:443,verification=valid age=200838255i,enddate=1678276800i,expiry=114694544i,startdate=1362744000i,verification_code=0i 1563582256000000000
x509_cert,common_name=DigiCert\ Global\ Root\ CA,country=US,organization=DigiCert\ Inc,organizational_unit=www.digicert.com,ocsp_stapled=yes,ocsp_status=good,ocsp_verified=yes,source=https://example.org:443,verification=valid age=400465455i,enddate=1952035200i,expiry=388452944i,ocsp_next_update=1676714398i,ocsp_produced_at=1676112480i,ocsp_status_code=0i,ocsp_this_update=1676109600i,startdate=1163116800i,verification_code=0i 1563582256000000000

Documentation

Overview

Package x509_cert reports metrics from an SSL certificate.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type X509Cert

type X509Cert struct {
	Sources          []string        `toml:"sources"`
	Timeout          config.Duration `toml:"timeout"`
	ServerName       string          `toml:"server_name"`
	ExcludeRootCerts bool            `toml:"exclude_root_certs"`
	Log              telegraf.Logger `toml:"-"`
	common_tls.ClientConfig
	proxy.TCPProxy
	// contains filtered or unexported fields
}

X509Cert holds the configuration of the plugin.

func (*X509Cert) Gather

func (c *X509Cert) Gather(acc telegraf.Accumulator) error

Gather adds metrics into the accumulator.

func (*X509Cert) Init

func (c *X509Cert) Init() error

func (*X509Cert) SampleConfig

func (*X509Cert) SampleConfig() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL