Issue with Apache / modsec - replay

No matching files for pattern access_log Trying to replay against old data. Error while loading acquisition config

Trying to import old log files (replay) when website was undergoing authentication brute force attempts with numerous modsec rules flag we can get approval installing Crowdsec to production.

Using Apache with modsecurity on web server.
I have apache2 and modsecurity latest collections installed.

Apache logs are not in default location.
crowdsec -dsn file://var/log/httpd/nonStandard/access_log-20211215 -type apache

FATA[23-01-2022 21:56:28] crowdsec init: Error while loading acquisition config : failed to configure datasource for file://var/log/httpd/nonStandard/access_log-20211215 : while configuration datasource for file://var/log/httpd/nonStandard/access_log-20211215 : no matching files for pattern var/log/httpd/nonStandard/access_log-20211215

Do I need to make a tweak to the Apache and Modsec yaml to look for the log names?

Do I need to edit the pattern file?
Looks like:
Already matches pattern sytntax:

I don’t seem to have an apache / httpd pattern file despite the collections are installed.

Any documentation?


The DSN that you provided is not good, you forgot a / at the begining of your log file path.
Can you try with:

crowdsec -dsn 'file:///var/log/httpd/nonStandard/access_log-20211215' -type apache

Do you still need help on this?

Thank you.

I see decisions now listed from crowdsecurity/modsecurity

Great! Thanks for posting!