Feature Idea: Extract TLS metadata, similar to beats input

[rwaweber]

Would it be possible to extract TLS metadata from clients? Something along the lines of this section in the beats input plugin would be spectacular.

https://github.com/logstash-plugins/logstash-input-beats/blob/master/lib/logstash/inputs/beats/message_listener.rb#L125-L155

The theory would be to pass along a TLS-wrapped message to a translate filter so that I could route certain applications to different endpoints based simply on the certificate principal they are identifying with.

[narthollis]

I would also like to see this feature.

We are currently using beats inputs from a number of environments and coping the peer subject into the output to identify the source of the information,

This is working great for environments where the beats have direct access to our ingest logstash.

However some of our environments are behind firewalls and other such items and so I am needing to run a something to collect the traffic from behind the firewall and forward it to out ingress setup from a centralised location.

The HTTP plugin looked like a winner until i realised I did not have access to the peer certificate in the processing pipeline.