Parser syslog-logs.yaml has no name,author or description. Skipping?

On a fresh install of crowdsec on Debian 10, still figuring things out I had a look at /var/log/crowdsec.log and found this|

time="02-11-2020 13:29:51" level=info msg="Node in /etc/crowdsec/config/parsers/s00-raw/syslog-logs.yaml has no name,author or description. Skipping."

that sounds weird, seeing that I haven’t touched that file. I tried a cscli upgrade parser followed by systemctl reload crowdsec but that entry in the log file popped up again.


This is weird. Can you tell us how did you install the syslog-logs parser ? Did you use the wizard ?

And can you post the content of your /etc/crowdsec/config/parsers/s00-raw/syslog-logs.yaml file ?

Thanks for your feedback

I installed crowdsec using the details from here:

curl -s | grep browser_download_url| cut -d '"' -f 4  | wget -i -
tar xvzf crowdsec-release.tgz
cd crowdsec-v*
sudo ./ -i

I left all checkboxes which the wizard suggested checked after which I used cscli and installed a few more collections and restarted the service.

This is the current content of the yaml file but meanwhile I have tried a few more times to update via cscli so the problem might be solved.

cat /etc/crowdsec/config/parsers/s00-raw/syslog-logs.yaml
#If it's syslog, we are going to extract progname from it
filter: "evt.Line.Labels.type == 'syslog'"
onsuccess: next_stage
name: crowdsecurity/syslog-logs
  #this is a named regular expression. grok patterns can be kept into separate files for readability
  name: "SYSLOGLINE"
  #This is the field of the `Event` to which the regexp should be applied
  apply_on: Line.Raw
#if the node was successfull, statics will be applied.
  - parsed: "logsource"
    value: "syslog"
# syslog date can be in two different fields (one of hte assignment will fail)
  - target: evt.StrTime
    expression: evt.Parsed.timestamp
  - target: evt.StrTime
    expression: evt.Parsed.timestamp8601
#if it's not syslog, the type is the progname
filter: "evt.Line.Labels.type != 'syslog'"
onsuccess: next_stage
name: crowdsecurity/non-syslog
#debug: true
  - parsed: message
    expression: evt.Line.Raw
  - parsed: program
    expression: evt.Line.Labels.type


Then we’ll try to reproduce your issue on our side to fix it.

Can you check the outputs of cscli list and cscli metrics to be sure that your installation is now ok ? If you are not sure you can provide us these outputs.



After some double-checking it’s a normal caveat. It’s only because of the trailing “—” in the syslogs-logs parsing configuration file. It doesn’t mean that anything is wrong. this will be fixed in a near future release.

1 Like

Thanks for looking into it.