Question about docker labels

icanthelp · January 6, 2026, 6:59pm

I have an Emby server that I want to protect.
Luckily, I have found this crowdsec collection for it.
I have added the two crowdsec labels and the traefik middlewares label you see here:

    labels:
      traefik.http.routers.emby.tls: true
      traefik.http.routers.emby.middlewares: crowdsec@file
      traefik.http.services.emby.loadbalancer.server.port: 8096
      crowdsec.enable: true
      crowdsec.labels.type: emby

Now my question is: how does crowdsec know how to get to the emby log file? Am I not supposed to provide a filepath for the log?

iiAmLoz · January 7, 2026, 4:06pm

Using docker labels instructs crowdsec to read the stdout of the container, if the logs go to a file then you must mount the file from the container into crowdsec itself. Or if emby supports writing to stdout then set that.

icanthelp · January 7, 2026, 7:12pm

I see. Ok. But then do you have any idea what is this LOG_FILE environment variable that is mentioned in the emby collection web page? I’m wondering because cscli metrics show acquisition says none of the 326 lines read for docker:/emby were parsed, so am I correct in guessing it’s not finding the pattern it’s looking for in the emby container stdout?

Topic		Replies	Views
Crowdsec not parsing docker log	8	505	July 2, 2025
Docker log source with socket proxy crowdsec	1	862	November 6, 2024
Solution for parsing logs of docker containers crowdsec	5	5574	July 30, 2022
Nextcloud (Docker) - Crowdsec (Docker)	1	354	October 9, 2024
Issues with running on Docker crowdsec	1	1423	February 18, 2022

Question about docker labels

Related topics