Skip to main content
Version: v1.3.4

File(s)

This module allows CrowdSec to acquire logs from text files (in one-shot and streaming mode), and GZ files in one-shot mode.

Configuration example#

A basic configuration is as follows:

source: filefilenames: - /tmp/foo/*.log - /var/log/sysloglabels: type: syslog

Parameters#

filename#

A single path to a file to tail. Globbing is supported. Required if filenames is not provided.

filenames#

A list of path to files to tail. Globbing is supported. Required if filename is not provided.

force_inotify#

default: false

If set to true, force an inotify watch on the log files folder, even if there is no log in it.

source#

Must be file.

DSN and command-line#

This module supports acquisition directly from the command line, to read files in one shot.

A single file URI is accepted with the -dsn parameter, but globbing is supported for multiple files:

crowdsec -type syslog -dsn file:///var/log/*.log

You can specify the log_level parameter to change the log level for the acquisition:

crowdsec -type syslog -dsn file:///var/log/*.log?log_level=info

Notes#

By default, if a glob pattern does not match any files in an existing directory, this directory will not be watched for new files (ie, /var/log/nginx/*.log does not match, but /var/log/nginx/ exists). You can override this behaviour with the force_inotify parameter, which will put a watch on the directory.