Docker log source with socket proxy

crowdsec
1

Hi, I’m trying to configure docker as a data source and I have tried this 2 methods that leads me to the same error.

and with labels

this is adquis.yaml

source: docker
#use_container_labels: true
container_name:
- ProxyDMZ-Traefik
labels:
type: traefik
docker_host: tcp://proxydmz-socketproxy:2375

docker socket proxy and crowdsec

  proxydmz-socketproxy:
    container_name: ProxyDMZ-SocketProxy
    image: lscr.io/linuxserver/socket-proxy:latest #tecnativa/docker-socket-proxy
    <<: [*config]
    read_only: true
    tmpfs:
      - /run
    networks:
      - proxydmz-netsocketproxy
    ports:
      - 2375:2375
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - LOG_LEVEL=notice # debug,info,notice,warning,err,crit,alert,emerg (default=info)
      ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
      # 0 to revoke access.
      # 1 to grant access.
      ## Granted by Default
      - EVENTS=1
      - PING=1
      - VERSION=1
      ## Revoked by Default
      # Security critical
      - AUTH=0
      - SECRETS=0
      - POST=0 # Watchtower
      # Not always needed
      - BUILD=0
      - COMMIT=0
      - CONFIGS=0
      - ALLOW_START=0
      - ALLOW_STOP0
      - ALLOW_RESTARTS=0
      - CONTAINERS=1 # Traefik, portainer, netdata etc.
      - DISTRIBUTION=0
      - EXEC=0
      - IMAGES=0 # Portainer
      - INFO=1 # Portainer
      - NETWORKS=0 # Portainer
      - NODES=0
      - PLUGINS=0
      - SERVICES=1 # Portainer
      - SESSION=0
      - SWARM=0
      - SYSTEM=1
      - TASKS=0 # Portainer
      - VOLUMES=0 # Portainer

  crowdsec:
    image: crowdsecurity/crowdsec
    container_name: ProxyDMZ-CrowdSec
    <<: [*config, *dns]
    depends_on:
      - redis-cs
    networks:
      proxydmz-netsocketproxy:
      eth2:
        ipv4_address: ${ProxyDMZCrowdSec_ip}
    ports:
      - 8080:8080
     #- 6060:6060 # PROMETEUS
    environment:
      TZ:
      DOCKER_HOST: tcp://proxydmz-socketproxy:2375
      COLLECTIONS: "crowdsecurity/traefik crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/appsec-crs"
    # GID: "${GID-1000}"
      PGID:
      PUID:
      CUSTOM_HOSTNAME: CrowdSecDMZ
      DISABLE_LOCAL_API: "false" # True Only after successfully registering and validating remote agent below.
    volumes:
      - /mnt/services/docker/WebProxyDMZ/CrowdSec/data:/var/lib/crowdsec/data
      - /mnt/services/docker/WebProxyDMZ/CrowdSec:/etc/crowdsec
      - /mnt/services/docker/WebProxyDMZ/Traefik/logs:/var/log/traefik:ro
      - /mnt/services/docker/HomeAssistant:/var/log/homeassistant:ro

if I run cscli metrics

imagen
imagen1792×301 14.8 KB

traefik logs doesn’t appear

exactly what permissions are required in socket proxy to get the traefik logs?

@iiamloz

2

My bad, I was still writing traefik logs to disk
I fixed it, now it works.

accessLog: {}   
# accesslog:
#   filePath: "/etc/traefik/logs/access.log"
#   bufferingSize: 100
#   filters:
#     statusCodes: 
#       - "200-299"
#       - "400-499"
#       - "500-599"