search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
9.07k stars 467 forks source link

Improvement/Logging : log bucket creation / underflow #433

Open buixor opened 4 years ago

buixor commented 4 years ago

As suggested on gitter by a user, we should/could :

ririsoft commented 4 years ago

What I have in mind in something equivalent at fail2ban logs such:

2020-11-13 09:21:26,776 fail2ban.actions        [9470]: NOTICE  [apache-auth] Ban 91.241.19.84
2020-11-13 09:31:27,545 fail2ban.actions        [9470]: NOTICE  [apache-auth] Unban 91.241.19.84
2020-11-13 10:42:21,681 fail2ban.filter         [9470]: INFO    [apache-auth] Found 23.160.208.245 - 2020-11-13 10:42:21
2020-11-13 11:40:42,955 fail2ban.filter         [9470]: INFO    [apache-auth] Found 64.119.192.236 - 2020-11-13 11:40:42

It really help debugging CS and transition from fail2ban to crowdsec and see if some scenarios are correctly matched.