diff options
| author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2025-11-28 14:18:02 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-28 14:18:02 +0200 |
| commit | 155ddbd19d45aff33110ad456742aeaa9727fb68 (patch) | |
| tree | f15480df96701a2901a26af1ca73f739f6a2aca3 /docs | |
| parent | af8c829ed08869e02e0466b09bc3e9dce6257f0c (diff) | |
| parent | 85a097b4a19b52179b45966cbcc8c7f30030a884 (diff) | |
| download | vyos-documentation-155ddbd19d45aff33110ad456742aeaa9727fb68.tar.gz vyos-documentation-155ddbd19d45aff33110ad456742aeaa9727fb68.zip | |
Merge pull request #1701 from alexandr-san4ez/T4251-current-fix2
syslog: T4251: Rename "permitted-peers" to "permitted-peer"
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/configuration/system/syslog.rst | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst index 1b7b38c3..44fe286b 100644 --- a/docs/configuration/system/syslog.rst +++ b/docs/configuration/system/syslog.rst @@ -151,19 +151,19 @@ if you attempt to enable TLS while using UDP, the system will issue a warning. * **anon** - allow encrypted connection without verifying peer identity (not recommended, vulnerable to :abbr:`MITM (Man-in-the-Middle)`). * **fingerprint** - verify the peer certificate against an explicitly - configured fingerprint list (set with ``permitted-peers``). + configured fingerprint list (set with ``permitted-peer``). * **certvalid** - validate that the peer presents a certificate signed by a trusted CA, but do not check the certificate subject name (:abbr:`CN (Common Name)`). * **name** - validate that the peer presents a certificate signed by a trusted CA and that the certificate’s CN matches the value configured in - ``permitted-peers``. This is the recommended secure mode for production. + ``permitted-peer``. This is the recommended secure mode for production. .. note:: The default value for the authentication mode is ``anon``. -.. cfgcmd:: set system syslog remote <address> tls permitted-peers <peer_list> +.. cfgcmd:: set system syslog remote <address> tls permitted-peer <peer> - Comma-separated list of permitted peers or certificate’s subject names (CN). + Allowed peer certificate fingerprint or subject name (CN). * In ``fingerprint`` authentication mode: provide one or more peer certificate fingerprints (SHA1 or SHA256). @@ -195,7 +195,7 @@ Examples: set system syslog remote syslog.example.com protocol tcp set system syslog remote syslog.example.com tls ca-certificate my-ca set system syslog remote syslog.example.com tls auth-mode fingerprint - set system syslog remote syslog.example.com tls permitted-peers 'SHA1:10:C4:26:...,SHA256:7B:4B:10:...' + set system syslog remote syslog.example.com tls permitted-peer 'SHA1:10:C4:26:...' # Example of 'name' authentication mode set system syslog remote graylog.example.com facility all level debug @@ -204,7 +204,7 @@ Examples: set system syslog remote graylog.example.com tls ca-certificate my-ca set system syslog remote graylog.example.com tls certificate syslog-client set system syslog remote graylog.example.com tls auth-mode name - set system syslog remote graylog.example.com tls permitted-peers 'graylog.example.com' + set system syslog remote graylog.example.com tls permitted-peer 'graylog.example.com' Security Notes ^^^^^^^^^^^^^^ |
