This module allows
CrowdSec to acquire logs from text files (in one-shot and streaming mode), and GZ files in one-shot mode.
A basic configuration is as follows:
source: filefilenames: - /tmp/foo/*.log - /var/log/sysloglabels: type: syslog
A single path to a file to tail. Globbing is supported. Required if
filenames is not provided.
A list of path to files to tail. Globbing is supported. Required if
filename is not provided.
If set to
true, force an inotify watch on the log files folder, even if there is no log in it.
This module supports acquisition directly from the command line, to read files in one shot.
A single file URI is accepted with the
-dsn parameter, but globbing is supported for multiple files:
crowdsec -type syslog -dsn file:///var/log/*.log
You can specify the
log_level parameter to change the log level for the acquisition:
crowdsec -type syslog -dsn file:///var/log/*.log?log_level=info
By default, if a glob pattern does not match any files in an existing directory, this directory will not be watched for new files (ie,
/var/log/nginx/*.log does not match, but
You can override this behaviour with the
force_inotify parameter, which will put a watch on the directory.