I am working with Logstash (8.0.0) and using the TCP input plugin with SSL enabled. According the documentation, there should be a field that contains the subject of the certificate for the connecting client. However, it seems like the field is missing from @metadata.
Here is the pipeline that I'm using:
input {
tcp {
port => 6514
ssl_enable => true
ssl_cert => "/usr/share/logstash/tls/syslog.cert.pem"
ssl_key => "/usr/share/logstash/tls/syslog.key.pem"
ssl_certificate_authorities => ["/usr/share/logstash/tls/ca.cert.pem"]
}
}
filter {
grok {
match => { "message" => ".+-: (?<raw_json>{.+}$)"}
}
json {
source => "raw_json"
}
}
output {
stdout { codec => rubydebug { metadata => true } }
elasticsearch {
cloud_id => <redacted>
user => <redacted>
password => <redacted>
}
}
All I see in @metadata is the following:
"@metadata" => {
"input" => {
"tcp" => {
"source" => {
"name" => <redacted>,
"ip" => <redacted>,
"port" => 54097
}
}
}
}
There is a GitHub issue that has been open for almost three years with two PRs that describes the same issue I'm having: https://github.com/logstash-plugins/logstash-input-tcp/issues/143
Is anyone else experiencing this issue? Does anyone have a workaround? Thanks!