SSL Subject Missing on TCP Input Plugin

I am working with Logstash (8.0.0) and using the TCP input plugin with SSL enabled. According the documentation, there should be a field that contains the subject of the certificate for the connecting client. However, it seems like the field is missing from @metadata.

Here is the pipeline that I'm using:

input {
    tcp {
        port => 6514
        ssl_enable => true
        ssl_cert => "/usr/share/logstash/tls/syslog.cert.pem"
        ssl_key => "/usr/share/logstash/tls/syslog.key.pem"
        ssl_certificate_authorities => ["/usr/share/logstash/tls/ca.cert.pem"]
    }
}
filter {
    grok {
        match => { "message" => ".+-: (?<raw_json>{.+}$)"}
    }
    json {
        source => "raw_json"
    }
}
output {
    stdout { codec => rubydebug { metadata => true } }
    elasticsearch {
        cloud_id => <redacted>
        user => <redacted>
        password => <redacted>
    }
}

All I see in @metadata is the following:

"@metadata" => {
    "input" => {
        "tcp" => {
            "source" => {
                "name" => <redacted>,
                    "ip" => <redacted>,
                "port" => 54097
            }
        }
    }
}

There is a GitHub issue that has been open for almost three years with two PRs that describes the same issue I'm having: https://github.com/logstash-plugins/logstash-input-tcp/issues/143

Is anyone else experiencing this issue? Does anyone have a workaround? Thanks!

The decoration is conditional on socket not being nil. The DecoderImpl always sets socket to nil, so it appears to me that anyone using a tcp input in server mode will have this problem.

Back in 5.0 it looks like the input loop had access to the socket directly, I cannot find when this changed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.