-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NGINX Log Parsing Issue in Ubuntu 18.04.4 (missing evt.StrTime) #817
Comments
@oyale: Thanks for opening an issue, it is currently awaiting triage. In the meantime, you can:
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
I've realized that the difference was the response time in the log. I've managed to temporally fix it by adding:
to the
(both of them on I wonder what is the proper way to fix the expression because I guess those patches will be overridden in future updates. Could you help me with that? Should I write a new parser? |
Never knew the response time could be a float, I will transfer to the hub which can handle this update. |
What happened?
After installing CrowdSec v1.5.2 on Ubuntu 18.04.4 using the provided repository and script, and then installing
crowdsec
andcrowdsec-firewall-bouncer-iptables
, the NGINX logs are not being parsed correctly.What did you expect to happen?
crowdsec
andcrowdsec-firewall-bouncer-iptables
.How can we reproduce it (as minimally and precisely as possible)?
I used the
cscli explain
command with the following log:And received the following error:
Anything else we need to know?
nginx's log_format:
log_format nginx '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent $request_time ' '"$http_referer" "$http_user_agent"';
nginx -v
nginx/1.18.0
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
Config show
Prometheus metrics
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.
No response
The text was updated successfully, but these errors were encountered: