When I try to replay a modsecurity log I get an error that there are no matching patterns.
I have the modsecurity collection installed.
When I look at my acquistion list:
I only see apache2 log filenames.
I do not see: modsec_audit.log or mod_jk.log
I believe these are default out of box log files.
I have the parser.
crowdsecurity/modsecurity enabled 0.9 /etc/crowdsec/parsers/s01-parse/modsecurity.yaml
Is it possible the parsers don’t have patterns for these modsecurity logs?
Do I need to re-run my wizard.sh or manually add to the acquis.yaml ?
I wonder if there is a list of what log files / collections that there exists patterns in the parsers.