New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
caddy-logs parser not working, but apache2-logs parser works #9
Comments
So, I am openly calling myself out on knowing just enough to be dangerous and not having a full understanding of what I'm doing. Hello, world! In short, this is resolved by changing:
to:
...and thus benefitting from caddy's structured log files which is the purpose of this bouncer to begin with. |
@jzemla: great that you found out yourself! I should probably update the example for the logs in I've always considered the example for the logs as a kind of extra. It's not required to ingest the Caddy logs into CrowdSec to make the bouncer work, but it's a good thing to do, nonetheless. Have opened #10 to track this. Your example will help me test this. Thanks! |
Sorry to open an old issue. Could anyone get the caddy-logs parser to work in 2.6.2? I also tried using a grok debugger to find what changed, but couldn't get it to work with both console and json log formats. I was able to get it to work by downloading caddy with the transform plugin and outputting in the common_log format and use the apache2 collection.
Also, I had to change the apache2-logs.yaml file to look for the logs coming from caddy instead of apache (I use homeassistant, so needed to use the plugin name) Direct caddy logs would be nicer, but this method works. The bouncer works fine! |
So, what is the correct config file currently? And how can I test that? |
Hello,
Environment:
I'm having trouble getting this to parse my caddy access.log. I am using the suggested config from the example, but crowdsec is unable to parse the file. I apologize in advance for being a github/devops newbie -- if there is something I missed or can provide more insight into, please let me know!
Caddy - config.json:
Failed grok parse via caddy-logs:
I found that I can force crowdsec to use the apache2-logs parser by modifying
/etc/crowdsec/parsers/s01-parse/apache2-logs.yaml
to:...which then gets me this...
Successful grok parse via apache2-logs:
Did I configure something incorrectly?
The text was updated successfully, but these errors were encountered: