Hi - I need to configure Telegraf (v1.28) to use the X509 Certificate input plugin to get information about the certs on a Windows server. I’m not sure what the configuration should look like - looking for suggestions. The certificates are stored in the Windows Certificate Store. I’m happy with how to configure the Linux equivalent (see https://github.com/influxdata/telegraf/tree/release-1.28/plugins/inputs/x509_cert).
Thanks in advance!
Hello @bzo,
I would use the default agent configs.
And then default config looks like:
# Reads metrics from a SSL certificate
[[inputs.x509_cert]]
## List certificate sources, support wildcard expands for files
## Prefix your entry with 'file://' if you intend to use relative paths
sources = ["tcp://example.org:443", "https://influxdata.com:443",
"smtp://mail.localhost:25", "udp://127.0.0.1:4433",
"/etc/ssl/certs/ssl-cert-snakeoil.pem",
"/etc/mycerts/*.mydomain.org.pem", "file:///path/to/*.pem"]
## Timeout for SSL connection
# timeout = "5s"
## Pass a different name into the TLS request (Server Name Indication).
## This is synonymous with tls_server_name, and only one of the two
## options may be specified at one time.
## example: server_name = "myhost.example.org"
# server_name = "myhost.example.org"
## Only output the leaf certificates and omit the root ones.
# exclude_root_certs = false
## Optional TLS Config
# tls_ca = "/etc/telegraf/ca.pem"
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"
# tls_server_name = "myhost.example.org"
## Set the proxy URL
# use_proxy = true
# proxy_url = "http://localhost:8888"
Id start with the default and then assess after.
Also use debug=true to get detailed logs.
And use --test: Run only inputs, output to stdout, and exit
