Hi I’m totally brand new to this coming from fail2ban.
I have a vps running with SWAG container from linuxserver.io that does my webhosting. I’ve added the location of my nginx logs from the container to acquis.yaml, the log files show up in when i run cscli metrics, but they’re not getting parsed, and the nginx log parser isn’t showing up metrics. nginx log parser is installed and up to date. Is there a step I’m missing?
Hello @badi95 
Can you share the output of cscli metrics ? It is possible that the logs are using a custom format that isn’t supported by crowdsec, but we can hopefully figure it out !
Would some pieces from access.log help?
yes it would be helpful ! Out of curiosity, is your data source tagged as nginx ? (in your acquis.yaml file)
#Generated acquisition file - wizard.sh (service: sshd) / files : /var/log/auth.log
filenames:
- /var/log/auth.log
labels:
type: syslog
#Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log
filenames:
- /var/log/syslog
- /var/log/kern.log
labels:
type: syslog
#Generated acquisition file - wizard.sh (service: sshd) / files : /var/log/auth.log
filenames:
- /var/log/auth.log
labels:
type: syslog
#Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log
filenames:
- /var/log/syslog
- /var/log/kern.log
labels:
type: syslog
filenames:
- /home/bmorris/docker/swag/config/log/nginx/access.log
- /home/bmorris/docker/swag/config/log/nginx/error.log
labels:
type: syslog
Doesn’t seem like, how do I tag them as nginx?
Updating type to nginx fixed the issue. Thanks
1 Like