i can not start services Crowdsec on Windows. How can start it ??
Hello,
Can you paste the crowdsec logs please?
They are located in C:\ProgramData\CrowdSec\log
Hi, AlteredCoder
If use default config acquis.yaml. i can start service crowdsec. But i add more config for iis so it cant start
source: wineventlog
event_channel: Application
event_ids:
- 18456
event_level: information
labels:
type: eventlog
use_time_machine: true
filenames:
- C:\inetpub\logs\LogFiles\\.log
labels:
type: iis
Hello,
Can you show me the crowdsec logs please? Without this i can’t see what error is occuring
Hello, can you paste your acquis.yaml file in a block code please? so we can see that is the formatting error
Hi AlteredCoder,
My acquis.yml :
source: wineventlog
event_channel: Microsoft-IIS-Logging/Logs
event_ids:
- 6200
event_level: information
labels:
type: iis
use_time_machine: true
filenames:
- C:\inetpub\logs\LogFiles\\.log
labels:
type: iis
Hello,
Can you try to put only --- as a separator please?
In yaml, the separator is --- so can you please use --- to separe the 2 yaml blocs ?
Hi AlteredCoder,
I solved the problem. Before “—” have a white space, i copy/paste from blog but don’t paying this attention.
Thanks your supporting