plugins
plugins copied to clipboard
opnsense
os-crowdsec - Log not forwarded to central logging
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
- [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- [x] The title contains the plugin to which this issue belongs
Describe the bug The log of the crowdsec plugin is not available in the list of the programs to get forwarded to the central logging.
To Reproduce Steps to reproduce the behavior:
- Go to 'System - > Settings -> Logging / Targets'
- Click on 'edit of your log target'
- Click on Applications
- crowdsec is not in that list.
Expected behavior I use the selection "Nothing selected" to forward all logs to the central logging platform. I would expect that crowdsec is included in that as well.
Screenshots Guess this is not need. Please let me know if you need a screen shot.
Relevant log files none
Additional context none
Environment OPNsense 23.7.7_3-amd64 FreeBSD 13.2-RELEASE-p3 OpenSSL 1.1.1w 11 Sep 2023 Intel(R) Xeon(R) Silver 4214R CPU @ 2.40GHz (12 cores, 24 threads)
I have looked into the issue and as far as I understand, the applications in the list go through syslog first and only write to /var/log from the syslog-ng configuration. Whereas crowdsec - and the bouncer - writes and rotates logs directly to /var/log/crowdsec/.
Is it acceptable (in terms of opnsense dev practice) to have syslog-ng monitor the log files, or should we add syslog output support directly into crowdsec?
This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
