search
数据采集 采集源配置 TLS 证书数据采集

TLS 证书数据采集

简介

采集 X509 证书相关信息上报到 DataFlux 中

前置条件

配置

进入 DataKit 安装目录下的 conf.d/tls 目录,复制 x509_cert.conf.sample 并命名为 x509_cert.conf。示例如下:

# Reads metrics from a SSL certificate
[[inputs.x509_cert]]
  ## List certificate sources
  sources = ["/etc/ssl/certs/ssl-cert-snakeoil.pem", "https://example.org:443"]

  ## Timeout for SSL connection
  # timeout = "5s"

  ## Pass a different name into the TLS request (Server Name Indication)
  ##   example: server_name = "myhost.example.org"
  # server_name = "myhost.example.org"

  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"

配置好后,重启 DataKit 即可生效

采集指标

x509_cert

指标 描述 类型 单位 Tag
verification_code int - source,organization,organizational_unit,country,province,locality,verification,serial_number,signature_algorithm,public_key_algorithm,issuer_common_name,issuer_serial_number,san
verification_error string - source,organization,organizational_unit,country,province,locality,verification,serial_number,signature_algorithm,public_key_algorithm,issuer_common_name,issuer_serial_number,san
expiry int seconds source,organization,organizational_unit,country,province,locality,verification,serial_number,signature_algorithm,public_key_algorithm,issuer_common_name,issuer_serial_number,san
age int seconds source,organization,organizational_unit,country,province,locality,verification,serial_number,signature_algorithm,public_key_algorithm,issuer_common_name,issuer_serial_number,san
startdate int seconds source,organization,organizational_unit,country,province,locality,verification,serial_number,signature_algorithm,public_key_algorithm,issuer_common_name,issuer_serial_number,san
enddate int seconds source,organization,organizational_unit,country,province,locality,verification,serial_number,signature_algorithm,public_key_algorithm,issuer_common_name,issuer_serial_number,san