Hello,
I search to valide a format in acquis.yaml. Whith Apache2 we uses Rotatelogs for logs like this
ErrorLog "|/usr/bin/rotatelogs -lc /var/www/site_name/var/log/apache2/error.%Y.%m.%d 86400"
CustomLog "|/usr/bin/rotatelogs -lc /var/www/site_name/var/log/apache2/access.%Y.%m.%d 86400" combined
Do you think we could send all daily logs at crowdsec with in acquis.yml
---
filenames:
- /var/www/*/var/log/apache2/access.%Y.%m.%d
- /var/www/*/var/log/apache2/error.%Y.%m.%d
labels:
type: apache2
---
Thanks for you're help
We dont know what variable are so they would be treated as literal. The best way would be to do this
filenames:
- /var/www/*/var/log/apache2/access.*
- /var/www/*/var/log/apache2/error.*
labels:
type: apache2
---
@iiAmLoz ok I’ll go to modify my acquis.yml
But If i do access.* all old logs are parsed ? For exemple access log of today is access.2023.03.28 but logs of yesterday is access.2023.03.27 …
Yes but the file module only tails the file so if no lines are added then nothing will be brought into memory. Unless you can specify a latest file which is just a symlink to the latest log.
Hello @iiAmLoz all seems to works we could show logs files with cscli metrics
Thanks for you’re help
1 Like