8/27/2023 0 Comments Metabase status![]() INFO unmanaged items : 20 local, 0 taintedĬrowdsecurity/sshd-logs ✔️ enabled 0.1 /etc/crowdsec/parsers/s01-parse/sshd-logs.yamlĬrowdsecurity/syslog-logs ✔️ enabled 0.1 /etc/crowdsec/parsers/s00-raw/syslog-logs.yamlĬrowdsecurity/dateparse-enrich ✔️ enabled 0.1 /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yamlĬrowdsecurity/geoip-enrich ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yamlĬrowdsecurity/nginx-logs ✔️ enabled 0.2 /etc/crowdsec/parsers/s01-parse/nginx-logs.yamlĬrowdsecurity/http-logs ✔️ enabled 0.4 /etc/crowdsec/parsers/s02-enrich/http-logs.yaml INFO Loaded 14 collecs, 19 parsers, 23 scenarios, 3 post-overflow parsers ▶ sudo docker-compose exec crowdsec cscli hub list The command cscli hub list allows us to see which parsers and scenarios are deployed. The “buckets metrics” and “parser metrics” allow us to see which parsers and scenarios are being triggered.The “acquisition metrics” show us that our requests are indeed generating logs that are being read (“LINES READ”), parsed (“LINES PARSED”) and even matched with installed scenarios (“LINES POURED TO BUCKET”).The command cscli metrics queries the Prometheus metrics exposed locally by CrowdSec and presents them in a fancy terminal output: | crowdsecurity/geoip-enrich | 2 | 2 | - | | crowdsecurity/dateparse-enrich | 2 | 2 | - | | child-crowdsecurity/nginx-logs | 2 | 2 | - | | child-crowdsecurity/http-logs | 6 | 2 | 4 | | SOURCE | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET | | crowdsecurity/http-crawl-non_statics | - | - | 2 | 2 | 2 | | BUCKET | CURRENT COUNT | OVERFLOWS | INSTANCIATED | POURED | EXPIRED |+-+-+-+-+-+-+ ▶ sudo docker-compose exec crowdsec cscli metrics We have put the configuration files altogether on this repository, so that you can simply clone it to deploy.įrom the Docker Compose directory, you can deploy with docker-compose up -d and then check that everything is running with docker-compose ps. The reverse-proxy (nginx) container writes its logs to a logs volume mounted by the crowdsec container.ĬrowdSec's SQLite database is in a crowdsec-db volume mounted by the dashboard (metabase) container Initial deployment #we're using a custom Dockerfile so that metabase pops with pre-configured dashboards #metabase, because security is cool, but dashboards are cooler crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml #this is the list of collections we want to install #and later we're going to plug a firewall bouncer to it #the reverse proxy that will serve the application #the application itself : static html served by apache2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |