Home assistant logs not parsed

krisbogaerts · September 7, 2022, 2:47pm

Hi,

I installed the home assistant add-on, but the logs are not parsed, and it ignores failed logins or banned IP’s

Also tried to cscli explain the logs directly but this does not seem to parse

Configuration is default.

Any idea where to start?

Thanks
Kris

krisbogaerts · September 8, 2022, 7:53pm

Found the problem. The log format has been changed, they included a Request URL.

Changing the grok pattern in the parser fixed it for the failed logons

From:

pattern: “%{TIMESTAMP:time} WARNING \(%{DATA:threadName}\) \[homeassistant.components.http.ban\] Login attempt or request with invalid authentication from %{DATA:source_rdns} \(%{IPORHOST:source_ip}\). \(%{GREEDYDATA:http_user_agent}\)”

To:

pattern: “%{TIMESTAMP:time} WARNING \(%{DATA:threadName}\) \[homeassistant.components.http.ban\] Login attempt or request with invalid authentication from %{DATA:source_rdns} \(%{IPORHOST:source_ip}\). Requested URL: %{GREEDYDATA:request_uri}\. \(%{GREEDYDATA:http_user_agent}\)”

firestrife23 · October 4, 2022, 3:52pm

Has this been updated or do I still need to modify the file since I grabbed those from CrowdSec Hub?

krisbogaerts · October 4, 2022, 6:30pm

This has been fixed and available from the hub

cscli hub update
cscli hub upgrade

Topic		Replies	Views
Crowdsec Logs are not parsed	1	51	April 19, 2024
Nginx logs not being parsed - cscli explain works crowdsec	1	706	January 31, 2023
Agent fails to parse logs - but cscli explain works crowdsec	2	922	January 26, 2023
Help: caddy-logs parser failure crowdsec	4	1436	January 4, 2022
Help with parser failures for caddy logs crowdsec	19	705	September 22, 2023

Home assistant logs not parsed

Related Topics