Closed ptgott closed 2 years ago
ptgott
commented
2 years ago Hi @EdwardDowling, just checking whether there are any unexpected blockers here. If so, I can plan to document using the Fluentd exporter with the ELK stack and Fluentd (which would become the EFK stack), rather than the canonical ELK stack as originally planned. Thanks!
EdwardDowling
commented
2 years ago Sorry for the delay, I've made a PR for adding the issuer DN field. If we want to add options for the user to configure the fields I could add them to this PR.
ptgott
commented
2 years ago This looks good, thanks!
r0mant
commented
2 years ago @ptgott Do you have an environment set up by chance where we can validate that the fix Edward made in this PR fixes the issue?
ptgott
commented
2 years ago @r0mant I am writing/testing a guide to using the event handler with the Elastic Stack this week. I'll use an event handler build from this branch and post here when I've validated that this works.
ptgott
commented
2 years ago I ran into an issue with this, documented here: https://github.com/gravitational/teleport-plugins/pull/640#issuecomment-1233254971
The X.509 parsing package in the Java standard library (
sun.security.x509) requires that X.509 certs include an Issuer DN field. Currently, theevent-handlerplugin issues certificates without this field. This means that theevent-handlerplugin cannot establish a TLS handshake with log collection tools that use Java'ssun.security.x509package, such as Logstash. We should add an Issuer DN to these certificates so we can expand the range of log management tools that Teleport users can integrate theevent-handlerplugin with.