Fix documentation errors (#496)

crowdsecurity · Dec 1, 2020 · 8707140 · 8707140
1 parent b7190c9
commit 8707140
Show file tree

Hide file tree

Showing 31 changed files with 333 additions and 465 deletions.
diff --git a/cmd/crowdsec-cli/capi.go b/cmd/crowdsec-cli/capi.go
@@ -96,7 +96,7 @@ func NewCapiCmd() *cobra.Command {
 				fmt.Printf("%s\n", string(apiConfigDump))
 			}
 
-			log.Warningf("Run 'systemctl reload crowdsec' for the new configuration to be effective")
+			log.Warningf("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective")
 		},
 	}
 	cmdCapiRegister.Flags().StringVarP(&outputFile, "file", "f", "", "output file destination")

diff --git a/cmd/crowdsec-cli/collections.go b/cmd/crowdsec-cli/collections.go
@@ -31,7 +31,7 @@ func NewCollectionsCmd() *cobra.Command {
 			if cmd.Name() == "inspect" || cmd.Name() == "list" {
 				return
 			}
-			log.Infof("Run 'systemctl reload crowdsec' for the new configuration to be effective.")
+			log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.")
 		},
 	}
 

diff --git a/cmd/crowdsec-cli/lapi.go b/cmd/crowdsec-cli/lapi.go
@@ -107,7 +107,7 @@ Keep in mind the machine needs to be validated by an administrator on LAPI side
 			} else {
 				fmt.Printf("%s\n", string(apiConfigDump))
 			}
-			log.Warningf("Run 'systemctl reload crowdsec' for the new configuration to be effective")
+			log.Warningf("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective")
 		},
 	}
 	cmdLapiRegister.Flags().StringVarP(&apiURL, "url", "u", "", "URL of the API (ie. http://127.0.0.1)")

diff --git a/cmd/crowdsec-cli/parsers.go b/cmd/crowdsec-cli/parsers.go
@@ -35,7 +35,7 @@ cscli parsers remove crowdsecurity/sshd-logs
 			if cmd.Name() == "inspect" || cmd.Name() == "list" {
 				return
 			}
-			log.Infof("Run 'systemctl reload crowdsec' for the new configuration to be effective.")
+			log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.")
 		},
 	}
 

diff --git a/cmd/crowdsec-cli/postoverflows.go b/cmd/crowdsec-cli/postoverflows.go
@@ -34,7 +34,7 @@ func NewPostOverflowsCmd() *cobra.Command {
 			if cmd.Name() == "inspect" || cmd.Name() == "list" {
 				return
 			}
-			log.Infof("Run 'systemctl reload crowdsec' for the new configuration to be effective.")
+			log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.")
 		},
 	}
 

diff --git a/cmd/crowdsec-cli/scenarios.go b/cmd/crowdsec-cli/scenarios.go
@@ -35,7 +35,7 @@ cscli scenarios remove crowdsecurity/ssh-bf
 			if cmd.Name() == "inspect" || cmd.Name() == "list" {
 				return
 			}
-			log.Infof("Run 'systemctl reload crowdsec' for the new configuration to be effective.")
+			log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.")
 		},
 	}
 

diff --git a/cmd/crowdsec-cli/simulation.go b/cmd/crowdsec-cli/simulation.go
@@ -112,7 +112,7 @@ cscli simulation disable crowdsecurity/ssh-bf`,
 		},
 		PersistentPostRun: func(cmd *cobra.Command, args []string) {
 			if cmd.Name() != "status" {
-				log.Infof("Run 'systemctl reload crowdsec' for the new configuration to be effective.")
+				log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.")
 			}
 		},
 	}

diff --git a/config/profiles.yaml b/config/profiles.yaml
@@ -4,5 +4,5 @@ filters:
  - Alert.Remediation == true && Alert.GetScope() == "Ip"
 decisions:
  - type: ban
-   duration: 1h
+   duration: 4h
 on_success: break
diff --git a/docs/v1.X/docs/bouncers/index.md b/docs/v1.X/docs/bouncers/index.md
@@ -16,7 +16,7 @@ You can explore [available {{v1X.bouncers.name}} on the hub]({{v1X.hub.bouncers_
 To be able for your {{v1X.bouncers.Name}} to communicate with the local API, you have to generate an API token with `cscli` and put it in your {{v1X.bouncers.Name}} configuration file:
 
 ```bash
-$ cscli bouncers add testBouncer
+$ sudo cscli bouncers add testBouncer
 Api key for 'testBouncer':
 
    6dcfe93f18675265e905aef390330a35

diff --git a/docs/v1.X/docs/getting_started/crowdsec-tour.md b/docs/v1.X/docs/getting_started/crowdsec-tour.md
diff --git a/docs/v1.X/docs/getting_started/installation.md b/docs/v1.X/docs/getting_started/installation.md
@@ -78,4 +78,4 @@ make release
 
 This will create you a directory (`crowdsec-vXXX/`) and an archive (`crowdsec-release.tgz`) that are release built from your local code source. 
 
-Now, you can install either with [interactive wizard](#using-the-interactive-wizard) or the [unattended mode](#using-unattended-mode).
+Now, you can install either with [interactive wizard](#using-the-interactive-wizard) or the [unattended mode](#using-unattended-mode).
diff --git a/docs/v1.X/docs/localAPI/index.md b/docs/v1.X/docs/localAPI/index.md
@@ -7,7 +7,7 @@ The Local API (LAPI) is a core component of {{v1X.crowdsec.name}} and has a few
  - Allow `cscli` to view add or delete decisions
 
 
-[You can find the swagger documentation here](https://crowdsecurity.github.io/api_doc/index.html?urls.primaryName=LAPI)
+You can find the swagger documentation [here](https://crowdsecurity.github.io/api_doc/index.html?urls.primaryName=LAPI).
 
 ## Authentication
 
@@ -23,7 +23,7 @@ There is two kinds of authentication to the local API :
 To register a bouncer to your API, you need to run the following command on the server where the API is installed:
 
 ```bash
-$ cscli bouncers add testBouncer
+$ sudo cscli bouncers add testBouncer
 ```
 
 and keep the generated API token to use it in your {{v1X.bouncers.Name}} configuration file.
@@ -37,21 +37,21 @@ There is two ways to register a crowdsec to a local API.
 * You can create a machine directly on the API server that will be automatically validated, by running the following command on the server where the API is installed:
 
 ```bash
-$ cscli machines add testMachine
+$ sudo cscli machines add testMachine
 ```
 
 If your crowdsec run on the same server that the local API, then your credentials file will be generated automatically, else you will have to copy/paste them in your remote crowdsec credentials file (`/etc/crowdsec/local_api_credentials.yaml`)
 
 * You can use `cscli` to register to the API server:
 
 ```
-cscli lapi register -u <api_url>
+sudo cscli lapi register -u <api_url>
 ```
 
 And validate it with `cscli` on the server where the API is installed:
 
 ```
-cscli machines validate <machineName>
+sudo cscli machines validate <machineName>
 ```
 
 !!! tips
@@ -68,13 +68,18 @@ By default, `crowdsec` and `cscli` use `127.0.0.1:8080` as a default local API.
 * On the remote crowdsec server, run:
 
 ```
-$ cscli lapi register -u http://<remote_api>:<port>
+$ sudo cscli lapi register -u http://<remote_api>:<port>
 ```
 
 * On the local API server, validate the machine by running the command:
 
+
+```bash
+$ sudo cscli machines list # to get the name of the new registered machine
+```
+
 ```
-$ cscli machines validate <machineName>
+$ sudo cscli machines validate <machineName>
 ```
 
 

diff --git a/docs/v1.X/docs/observability/command_line.md b/docs/v1.X/docs/observability/command_line.md
@@ -1,5 +1,5 @@
 ```bash
-{{v1X.cli.name}} metrics
+sudo {{v1X.cli.name}} metrics
 ```
 
 This command provides an overview of {{v1X.crowdsec.name}} statistics provided by [prometheus client](/Crowdsec/v1/observability/prometheus/). By default it assumes that the {{v1X.crowdsec.name}} is installed on the same machine.
@@ -22,40 +22,67 @@ The metrics are split in 3 main sections :
 <details>
   <summary>{{v1X.cli.name}} metrics example</summary>
 ```bash
-INFO[0000] Buckets Metrics:                             
-+-----------------------------------------+-----------+--------------+--------+---------+
-|                 BUCKET                  | OVERFLOWS | INSTANTIATED | POURED | EXPIRED |
-+-----------------------------------------+-----------+--------------+--------+---------+
-| crowdsecurity/http-scan-uniques_404     | -         |            8 |      9 |       8 |
-| crowdsecurity/iptables-scan-multi_ports |         1 |         8306 |   9097 |    8288 |
-| crowdsecurity/ssh-bf                    |        42 |          281 |   1434 |     238 |
-| crowdsecurity/ssh-bf_user-enum          |        13 |          659 |    777 |     646 |
-| crowdsecurity/http-crawl-non_statics    | -         |           10 |     12 |      10 |
-+-----------------------------------------+-----------+--------------+--------+---------+
-INFO[0000] Acquisition Metrics:                         
-+------------------------------------------+------------+--------------+----------------+------------------------+
-|                  SOURCE                  | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET |
-+------------------------------------------+------------+--------------+----------------+------------------------+
-| /var/log/nginx/https.access.log |         25 |           25 | -              |                      7 |
-| /var/log/kern.log                        |      18078 |        18078 | -              |                   4066 |
-| /var/log/syslog                          |      18499 |        18078 |            421 |                   5031 |
-| /var/log/auth.log                        |       6086 |         1434 |           4652 |                   2211 |
-| /var/log/nginx/error.log                 |     170243 |       169632 |            611 | -                      |
-| /var/log/nginx/http.access.log  |         44 |           44 | -              |                     14 |
-+------------------------------------------+------------+--------------+----------------+------------------------+
-INFO[0000] Parser Metrics:                              
+$ sudo cscli metrics
+
+INFO[0000] Buckets Metrics:
++--------------------------------------+---------------+-----------+--------------+--------+---------+
+|                BUCKET                | CURRENT COUNT | OVERFLOWS | INSTANCIATED | POURED | EXPIRED |
++--------------------------------------+---------------+-----------+--------------+--------+---------+
+| crowdsecurity/http-bad-user-agent    | -             | -         |           10 |     10 |      10 |
+| crowdsecurity/http-crawl-non_statics | -             | -         |           91 |    119 |      91 |
+| crowdsecurity/http-probing           | -             | -         |            2 |      2 |       2 |
+| crowdsecurity/http-sensitive-files   | -             | -         |            1 |      1 |       1 |
+| crowdsecurity/ssh-bf                 |            13 |      6314 |         8768 |  46772 |    2441 |
+| crowdsecurity/ssh-bf_user-enum       |             6 | -         |         7646 |  14406 |    7640 |
++--------------------------------------+---------------+-----------+--------------+--------+---------+
+INFO[0000] Acquisition Metrics:
++---------------------------+------------+--------------+----------------+------------------------+
+|          SOURCE           | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET |
++---------------------------+------------+--------------+----------------+------------------------+
+| /var/log/auth.log         |     105476 |        46772 |          58704 |                  61178 |
+| /var/log/messages         |          2 | -            |              2 | -                      |
+| /var/log/nginx/access.log |        138 |          111 |             27 |                    100 |
+| /var/log/nginx/error.log  |        312 |           68 |            244 |                     32 |
+| /var/log/syslog           |      31919 | -            |          31919 | -                      |
++---------------------------+------------+--------------+----------------+------------------------+
+INFO[0000] Parser Metrics:
 +--------------------------------+--------+--------+----------+
 |            PARSERS             |  HITS  | PARSED | UNPARSED |
 +--------------------------------+--------+--------+----------+
-| crowdsecurity/geoip-enrich     |  37659 |  37659 |        0 |
-| crowdsecurity/http-logs        | 169701 |     27 |   169674 |
-| crowdsecurity/iptables-logs    |  36156 |  36156 |        0 |
-| crowdsecurity/nginx-logs       | 170316 | 169701 |      615 |
-| crowdsecurity/non-syslog       | 170312 | 170312 |        0 |
-| crowdsecurity/sshd-logs        |   6053 |   1434 |     4619 |
-| crowdsecurity/syslog-logs      |  42663 |  42663 |        0 |
-| crowdsecurity/dateparse-enrich | 207291 | 207291 |        0 |
+| child-crowdsecurity/http-logs  |    537 |    257 |      280 |
+| child-crowdsecurity/nginx-logs |    789 |    179 |      610 |
+| child-crowdsecurity/sshd-logs  | 436048 |  46772 |   389276 |
+| crowdsecurity/dateparse-enrich |  46951 |  46951 | -        |
+| crowdsecurity/geoip-enrich     |  46883 |  46883 | -        |
+| crowdsecurity/http-logs        |    179 |     66 |      113 |
+| crowdsecurity/nginx-logs       |    450 |    179 |      271 |
+| crowdsecurity/non-syslog       |    450 |    450 | -        |
+| crowdsecurity/sshd-logs        | 104386 |  46772 |    57614 |
+| crowdsecurity/syslog-logs      | 137397 | 137395 |        2 |
+| crowdsecurity/whitelists       |  46951 |  46951 | -        |
 +--------------------------------+--------+--------+----------+
+INFO[0000] Local Api Metrics:
++----------------------+--------+------+
+|        ROUTE         | METHOD | HITS |
++----------------------+--------+------+
+| /v1/alerts           | GET    |    4 |
+| /v1/alerts           | POST   | 5400 |
+| /v1/decisions/stream | GET    | 7694 |
+| /v1/watchers/login   | POST   |   27 |
++----------------------+--------+------+
+INFO[0000] Local Api Machines Metrics:
++----------------------------------+------------+--------+------+
+|             MACHINE              |   ROUTE    | METHOD | HITS |
++----------------------------------+------------+--------+------+
+| 7f0607a3469243139699bf2f30321fc4 | /v1/alerts | GET    |    4 |
+| 7f0607a3469243139699bf2f30321fc4 | /v1/alerts | POST   | 5400 |
++----------------------------------+------------+--------+------+
+INFO[0000] Local Api Bouncers Metrics:
++------------------------------+----------------------+--------+------+
+|           BOUNCER            |        ROUTE         | METHOD | HITS |
++------------------------------+----------------------+--------+------+
+| cs-firewall-bouncer-n3W19Qua | /v1/decisions/stream | GET    | 7694 |
++------------------------------+----------------------+--------+------+
 
 ```
 </details>
diff --git a/docs/v1.X/docs/observability/dashboard.md b/docs/v1.X/docs/observability/dashboard.md
@@ -11,7 +11,7 @@ The {{v1X.cli.name}} command `{{v1X.cli.bin}} dashboard setup` will use [docker]
 > Setup and Start crowdsec metabase dashboard
 
 ```bash
-{{v1X.cli.bin}} dashboard setup
+sudo {{v1X.cli.bin}} dashboard setup
 ```
 
 Optional arguments:
@@ -51,14 +51,14 @@ Now you can connect to your dashboard, sign-in with your saved credentials then
 Dashboard docker image can be managed by {{v1X.cli.name}} and docker cli also. Look at the {{v1X.cli.name}} help command using
 
 ```bash
-{{v1X.cli.bin}} dashboard -h
+sudo {{v1X.cli.bin}} dashboard -h
 ```
 
 ## Remove the dashboard
 > Remove crowdsec metabase dashboard
 
 ```bash
-{{v1X.cli.bin}} dashboard remove [-f]
+sudo {{v1X.cli.bin}} dashboard remove [-f]
 ```
 Optional arguments:
 
@@ -68,13 +68,13 @@ Optional arguments:
 > Stop crowdsec metabase dashboard
 
 ```bash
-{{v1X.cli.bin}} dashboard stop
+sudo {{v1X.cli.bin}} dashboard stop
 ```
 
 ## Start the dashboard
 > Start crowdsec metabase dashboard
 
 ```bash
-{{v1X.cli.bin}} dashboard start
+sudo {{v1X.cli.bin}} dashboard start
 ```
 
diff --git a/docs/v1.X/docs/references/enrichers.md b/docs/v1.X/docs/references/enrichers.md
@@ -17,7 +17,7 @@ It exposes three methods : `GeoIpCity` `GeoIpASN` and `IpToRange` that are used
 Enrichers can be installed as any other parsers with the following command:
 
 ```
-{{v1X.cli.bin}} install parser crowdsecurity/geoip-enrich
+sudo {{v1X.cli.bin}} parsers install crowdsecurity/geoip-enrich
 ```
 
 Take a tour at the {{v1X.hub.htmlname}} to find them !
diff --git a/docs/v1.X/docs/references/events.md b/docs/v1.X/docs/references/events.md
@@ -1,6 +1,11 @@
 # Events
 
-An `Event` is the runtime representation of an item being processed by crowdsec : It be a Log line being parsed, or an Overflow being reprocessed.
+An `Event` is the runtime representation of an item being processed by crowdsec, it can be: 
+
+ - a log line being parsed
+
+ - an overflow being reprocessed
+
 
 The `Event` object is modified by parsers, scenarios, and directly via user [statics expressions](/Crowdsec/v1/references/parsers/#statics) (for example).
 

diff --git a/docs/v1.X/docs/references/expressions.md b/docs/v1.X/docs/references/expressions.md
@@ -23,39 +23,39 @@ If the `debug` is enabled (in the scenario or parser where expr is used), additi
 
 In order to makes its use in {{v1X.crowdsec.name}} more efficient, we added a few helpers that are documented bellow.
 
-## Atof(string) float64
+## `Atof(string) float64`
 
 Parses a string representation of a float number to an actual float number (binding on `strconv.ParseFloat`)
 
 > Atof(evt.Parsed.tcp_port)
 
 
-## JsonExtract(JsonBlob, FieldName) string
+## `JsonExtract(JsonBlob, FieldName) string`
 
 Extract the `FieldName` from the `JsonBlob` and returns it as a string. (binding on [jsonparser](https://github.com/buger/jsonparser/))
 
 > JsonExtract(evt.Parsed.some_json_blob, "foo.bar[0].one_item")
 
-## File(FileName) []string
+## `File(FileName) []string`
 
 Returns the content of `FileName` as an array of string, while providing cache mechanism.
 
 > evt.Parsed.some_field in File('some_patterns.txt')
 > any(File('rdns_seo_bots.txt'), { evt.Enriched.reverse_dns endsWith #})
 
-## RegexpInFile(StringToMatch, FileName) bool
+## `RegexpInFile(StringToMatch, FileName) bool`
 
 Returns `true` if the `StringToMatch` is matched by one of the expressions contained in `FileName` (uses RE2 regexp engine).
 
 > RegexpInFile( evt.Enriched.reverse_dns, 'my_legit_seo_whitelists.txt')
 
-## Upper(string) string
+## `Upper(string) string`
 
 Returns the uppercase version of the string
 
 > Upper("yop")
 
-## IpInRange(IPStr, RangeStr) bool
+## `IpInRange(IPStr, RangeStr) bool`
 
 Returns true if the IP `IPStr` is contained in the IP range `RangeStr` (uses `net.ParseCIDR`)