C
CrowdSecβ€’6mo ago
DJKatastrof

Uptime-kuma baremetal

Im running uptime-luma baremetal from proxmox helper scripts. Can my acquis.yaml look like this? 
#Generated acquisition file - wizard.sh (service: ssh) / files : 
journalctl_filter:
 - _SYSTEMD_UNIT=ssh.service
labels:
  type: syslog
---
journalctl_filter:
 - _SYSTEMD_UNIT=uptime-kuma.service
labels:
  type: uptime-kuma
#Generated acquisition file - wizard.sh (service: ssh) / files : 
journalctl_filter:
 - _SYSTEMD_UNIT=ssh.service
labels:
  type: syslog
---
journalctl_filter:
 - _SYSTEMD_UNIT=uptime-kuma.service
labels:
  type: uptime-kuma
I can see that my parser is getting stuff, but its not banning any
No description
19 Replies
CrowdSec
CrowdSecβ€’6mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❀️
iiamloz
iiamlozβ€’6mo ago
Most likely it should be syslog to strip the prefix and then syslog parser will set the program to uptime-kuma for the next stage. plus also the service is writing the logs as npm and not uptime-kuma
DJKatastrof
DJKatastrofOPβ€’6mo ago
instead of journalctl?
iiamloz
iiamlozβ€’6mo ago
So did you create a systemd service?
DJKatastrof
DJKatastrofOPβ€’6mo ago
Yea, there is one πŸ™‚
iiamloz
iiamlozβ€’6mo ago
can you systemctl cat uptime-kuma.service and provide it
DJKatastrof
DJKatastrofOPβ€’6mo ago
No description
iiamloz
iiamlozβ€’6mo ago
Can you run sudo systemctl edit uptime-kuma to create an override file then add these contents: 
[Service]
SyslogIdentifier=uptime-kuma
[Service]
SyslogIdentifier=uptime-kuma
DJKatastrof
DJKatastrofOPβ€’6mo ago
like this right? πŸ™‚
DJKatastrof
DJKatastrofOPβ€’6mo ago
No description
iiamloz
iiamlozβ€’6mo ago
Yes then you must run: 
sudo systemctl daemon-reload
sudo systemctl restart uptime-kuma
sudo systemctl daemon-reload
sudo systemctl restart uptime-kuma
DJKatastrof
DJKatastrofOPβ€’6mo ago
Done πŸ˜„
iiamloz
iiamlozβ€’6mo ago
Now if you get the logs the name should be correct and not npm
DJKatastrof
DJKatastrofOPβ€’6mo ago
Cool! yes, that correct
No description
iiamloz
iiamlozβ€’6mo ago
Then change the type to syslog in acquisition and it should be magic after reload?
DJKatastrof
DJKatastrofOPβ€’6mo ago
Thank you so much, working great!!
iiamloz
iiamlozβ€’6mo ago
So a tldr; by default if there is no identifer it will default to process name as npm to work with journalctl the name has to be what the parser expect so an override is needed in this case.
DJKatastrof
DJKatastrofOPβ€’6mo ago
Learning new things everyday. Thank you for being so helpful πŸ™πŸ½
CrowdSec
CrowdSecβ€’6mo ago
Resolving Uptime-kuma baremetal This has now been resolved. If you think this is a mistake please run /unresolve

Did you find this page helpful?