Open marijusGood opened 1 week ago
@marijusGood: Thanks for opening an issue, it is currently awaiting triage.
If you haven't already, please provide the following information:
bug
, enhancement
or documentation
agent
, appsec
, configuration
, cscli
, local-api
In the meantime, you can:
@marijusGood: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
/kind bug
/kind documentation
/kind enhancement
Hmmm so I tested the logs within a debugger and its parses
Can you get the log lines directly from the file from what CrowdSec see's
Sure thing!
So the file that it tries to parse is /var/log/containers/nginx-in gress-microk8s-controller-ldlp5_ingress_nginx-ingress-microk8s-ace27de928e788d77337c3c2a8a60698f9b3a42109a834fb0d88a891eb3f04aa.log
I have attached a file that contains a part of the lines that are in the mentioned file ngnix.log
let me know if you need more information and thanks for the fast reply!
Sure thing!
So the file that it tries to parse is
/var/log/containers/nginx-in gress-microk8s-controller-ldlp5_ingress_nginx-ingress-microk8s-ace27de928e788d77337c3c2a8a60698f9b3a42109a834fb0d88a891eb3f04aa.log
I have attached a file that contains a part of the lines that are in the mentioned file ngnix.log
let me know if you need more information and thanks for the fast reply!
So looking at the logs that is cri format, so the container_runtime should be containerd
which sets the correct s00 and then the program should still be nginx
Please ensure the value is set as containerd
as if you miss any letters it will not work as intended
Thank you for the help, it worked!
I have a small question regarding email notifications. In my helm values I have added:
config:
notifications:
email.yaml: |
type: email
name: email_default
log_level: info
smtp_host: XXXXXXXX
smtp_username: XXXXXXXX
smtp_password: XXXXXXXX
smtp_port: 587
auth_type: login
sender_name: "CrowdSec"
sender_email: XXXXXXXX
email_subject: "CrowdSec Notification"
receiver_emails:
- XXXXXXXX
- XXXXXXXX
slack.yaml: ""
http.yaml: ""
splunk.yaml: ""
and running kubectl get configmap -n crowdsec crowdsec-notifications -o yaml
I see:
apiVersion: v1
data:
email.yaml: |
type: email
name: email_default
log_level: info
smtp_host: XXXXXXXX
smtp_username: XXXXXXXX
smtp_password: XXXXXXXX
smtp_port: 587
auth_type: login
sender_name: "CrowdSec"
sender_email: XXXXXXXX
email_subject: "CrowdSec Notification"
receiver_emails:
- XXXXXXXX
- XXXXXXXX
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: crowdsec
meta.helm.sh/release-namespace: crowdsec
creationTimestamp: "2024-07-05T14:03:50Z"
labels:
app.kubernetes.io/managed-by: Helm
name: crowdsec-notifications
namespace: crowdsec
resourceVersion: "23367747"
uid: 936867d2-3036-4d59-addf-97d9a29f0a37
but if I exec into the pod and do cat /etc/crowdsec/notifications/email.yaml
the values are not there and the email is not sent
and in /etc/crowdsec/profiles.yaml
the information also has not changed
Thanks for the help
Did you run a helm chart update using the new values.yaml? I dont know how the profiles are updated, as you would need to modify that to enable to email.yaml
yes, I have run helm update comand:
helm upgrade --install crowdsec crowdsec/crowdsec -f crowdsec-values-dev.yaml --create-namespace -n crowdsec
This can be seen as crowdsec-notifications
configmap has been updated with the values that I have specified
Hi team,
I seem to have the same problem as described before where none of my logs get parsed. I am deploying everything within a k8s cluster. The output of my cscli metrics
when my nginx logs look like this:
and my values.yaml is:
I tried setting container_runtime to cri, docker, container and ngnix with no avail. I also tried to add:
but it did not help. Help regarding this topic would be very appreciated, thanks!