No matching files for pattern access_log Trying to replay against old data. Error while loading acquisition config
Trying to import old log files (replay) when website was undergoing authentication brute force attempts with numerous modsec rules flag we can get approval installing Crowdsec to production.
Using Apache with modsecurity on web server.
I have apache2 and modsecurity latest collections installed.
Apache logs are not in default location.
crowdsec -dsn file://var/log/httpd/nonStandard/access_log-20211215 -type apache
FATA[23-01-2022 21:56:28] crowdsec init: Error while loading acquisition config : failed to configure datasource for file://var/log/httpd/nonStandard/access_log-20211215 : while configuration datasource for file://var/log/httpd/nonStandard/access_log-20211215 : no matching files for pattern var/log/httpd/nonStandard/access_log-20211215
Do I need to make a tweak to the Apache and Modsec yaml to look for the log names?
/etc/crowdsec/collections/apache2.yaml
/etc/crowdsec/collections/modsecurity.yaml
Do I need to edit the pattern file?
Looks like:
/etc/crowdsec/patterns/modsecurity
Already matches pattern sytntax:
https://hub.crowdsec.net/author/crowdsecurity/configurations/modsecurity
I don’t seem to have an apache / httpd pattern file despite the collections are installed.
Any documentation?