Describe the bug
With version 4 of OWASP CRS the logging information in Nginx/Apache error.log has been changed.
To Reproduce
Update OWASP CRS to version 4.
Expected behavior
Crowdsec should still detect relevant information.
Additional context
An issue has already been filed at CRS project to discuss the matter.
So problem has been tracked down. It affects only Modsecurity3 / Nginx. With CRS 4 the blocking rules are no longer logged with a severity which makes the Crowdsec parser to ignore it.
If Nginx error log level is set to ‘info’ the detection rule is logged to the error.log and the Crowdsec parser will detect the log entries.