zeek/scripts/policy/protocols/ssl/log-hostcerts-only.zeek at d38923cfcf3feb7ce5fa839b8303fcfcd6df4803 - Mirror/zeek - git.uphillsecurity.com: We code.

Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00

Johanna Amann b02f22a667 Change SSL and X.509 logging format

This commit changes the SSL and X.509 logging formats to something that,
hopefully, slowly approaches what they will look like in the future.

X.509 log is not yet deduplicated; this will come in the future.

This commit introduces two new options, which determine if certificate
issuers and subjects are still logged in ssl.log. The default is to have
the host subject/issuer logged, but to remove client-certificate
information. Client-certificates are not a typically used feature
nowadays.

2021-06-29 09:26:43 +01:00

13 lines

340 B

Text

Raw Blame History

 ##! When this script is loaded, only the host certificates (client and server)
 ##! will be logged to x509.log. Logging of all other certificates will be suppressed.
 @load base/protocols/ssl
 @load base/files/x509
 module X509;
 hook X509::log_policy(rec: X509::Info, id: Log::ID, filter: Log::Filter)
 	{
 	if ( ! rec$host_cert )
 		break;
 	}