Hi,
I installed the home assistant add-on, but the logs are not parsed, and it ignores failed logins or banned IP’s
Also tried to cscli explain the logs directly but this does not seem to parse
Configuration is default.
Any idea where to start?
Thanks
Kris
Found the problem. The log format has been changed, they included a Request URL.
Changing the grok pattern in the parser fixed it for the failed logons
From:
pattern: “%{TIMESTAMP:time} WARNING \(%{DATA:threadName}\) \[homeassistant.components.http.ban\] Login attempt or request with invalid authentication from %{DATA:source_rdns} \(%{IPORHOST:source_ip}\). \(%{GREEDYDATA:http_user_agent}\)”
To:
pattern: “%{TIMESTAMP:time} WARNING \(%{DATA:threadName}\) \[homeassistant.components.http.ban\] Login attempt or request with invalid authentication from %{DATA:source_rdns} \(%{IPORHOST:source_ip}\). Requested URL: %{GREEDYDATA:request_uri}\. \(%{GREEDYDATA:http_user_agent}\)”
Has this been updated or do I still need to modify the file since I grabbed those from CrowdSec Hub?
This has been fixed and available from the hub
cscli hub update
cscli hub upgrade