Crowdsec docker - alert notifications to STDOUT
Hello,
I want to use filebeats docker input to ingest alerts from crowdsec. Is there anyway i can redirect alert notifications to stdout?
https://www.elastic.co/guide/en/beats/filebeat/7.17/filebeat-input-docker.html
I read a previous post about someone successfully configured the file notification plugin to write to stdout, but did not work in my case.
https://discourse.crowdsec.net/t/file-notification-plugin-on-k8s/1748/7
time="2025-02-05T19:23:22Z" level=fatal msg="api server init: unable to run plugin broker: while loading plugin: while confi
guring log_alerts: rpc error: code = Unknown desc = open /proc/1/fd/1: permission denied
Thanks :)CrowdSec
File notification plugin on k8s
Hello ! First of all, thanks for your work, my setup works and I’m just coming back to share what I did (maybe it can help someone else who knows). So I’m using the crowdsec/crowdsec helm chart in order to deploy crowdsec on kubernetes and I just needed to redirect the alerts to the standard output of the lapi pod in order to retrieve them wit...
4 Replies
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type
/unresolve© Created By WhyAydan for CrowdSec ❤️
The reason the user on discourse probably achieved it is they modified the notification user/group to run as root, this is a security risk and we dont advise to do it.
Ah now i see, it. Yepp thats probably not a good idea :) Thanks for responding!
Resolving Crowdsec docker - alert notifications to STDOUT
This has now been resolved. If you think this is a mistake please run
/unresolve