New collection and ignored files

Hi,
I would like to add a custom collection that include a parser and 2 scenarios for gitlab.
After testing them using How to write CrowdSec parsers & scenarios - the Asterisk VoIP use case - The open-source & collaborative IPS as a walkthrough, I’ve copied my files to /etc/crowdsec on my preprod machine. However, I see information logs about my files being ignored:

time="06-03-2022 13:01:00" level=info msg="Ignoring file /etc/crowdsec/hub/parsers/s01-parse/orange/gitlab-logs.yaml of type parsers"
time="06-03-2022 13:01:00" level=info msg="Ignoring file /etc/crowdsec/hub/scenarios/orange/gitlab-bf.yaml of type scenarios"
time="06-03-2022 13:01:00" level=info msg="Ignoring file /etc/crowdsec/hub/scenarios/orange/gitlab-user-enum.yaml of type scenarios"
time="06-03-2022 13:01:00" level=info msg="Ignoring file /etc/crowdsec/hub/collections/orange/gitlab.yaml of type collections"

For testing purposes, I’ve modified the /etc/crowdsec/hub/.index.json by injecting the files (as base64 + sha256 digest) and they’re loaded but this is not a solution of course.

Are my custom parsers and scenarios available or they’re simply ignored ?

I’m sorry for this newbie question.

Regards

Hey

Great to hear that you’re already creating parsers and scenarios :-). I have a sneaky suspicion that the ignoring part relates to the agent not sending signals to the central API based on this since it’s nonstandard and noone else uses it. But I am not certain. So I have two suggestions: Check out this article and the cscli explain command - it’s great for debugging and made exactly for your usage. And also feel free to submit your parsers and scenarios as PRs to the hub repo on our github. It would be great for others to have them as well. If that’s not an option, just post them in here and we’ll add them ourselves.

Thank you very much.
I’ve just opened ticket #1319.

Cheers

1 Like

This issue has been solved here: Bug/collecttions: custom files are ignored for gitlab · Issue #1319 · crowdsecurity/crowdsec · GitHub