I search to valide a format in acquis.yaml. Whith Apache2 we uses Rotatelogs for logs like this
ErrorLog "|/usr/bin/rotatelogs -lc /var/www/site_name/var/log/apache2/error.%Y.%m.%d 86400"
CustomLog "|/usr/bin/rotatelogs -lc /var/www/site_name/var/log/apache2/access.%Y.%m.%d 86400" combined
Do you think we could send all daily logs at crowdsec with in acquis.yml
Thanks for you're help
We dont know what variable are so they would be treated as literal. The best way would be to do this
@iiAmLoz ok I’ll go to modify my acquis.yml
But If i do access.* all old logs are parsed ? For exemple access log of today is access.2023.03.28 but logs of yesterday is access.2023.03.27 …
Yes but the file module only tails the file so if no lines are added then nothing will be brought into memory. Unless you can specify a latest file which is just a symlink to the latest log.
Hello @iiAmLoz all seems to works we could show logs files with cscli metrics
Thanks for you’re help