C
CrowdSec5mo ago
TornaxO7

Difference between `datasources` and `acquisitions`?

As the title says, what's the difference between datasources and acquisitions?
Introduction | CrowdSec
Datasources
Documentation | CrowdSec
CrowdSec, the open-source & participative IPS
7 Replies
CrowdSec
CrowdSec5mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
TornaxO7
TornaxO7OP5mo ago
Are datasources basically preinstalled acquisitions which just need to be "configured"?
iiamloz
iiamloz5mo ago
Data source are the underlying modules to read from a log source, to configure a datasource you create an acquisition file then define the type to be the datasource type. However to aid in configuration for example if there is no type but a property for a file datasource the acquisition guesses the type. The reason it has a different name is because you can have multiple acqusitions that use the same datasource type.
TornaxO7
TornaxO7OP5mo ago
may I ask if you could please give me an example (like an analogy)? it feels like as if my brain is mixing them up or I can't really see a difference between those two
iiamloz
iiamloz5mo ago
I asked chatgpt as I can't think of one of the top of my head, but basically datasource is the module and acquisition is the configuration to use the module. But here what chatgpt said: Think of CrowdSec's datasources like plug adapters in a travel kit. ✈️ When you arrive in a new country (log source), your device (CrowdSec) needs the right plug (datasource) to read the power (log data). Each adapter is built to fit a specific socket—just like each datasource is designed to handle a specific type of log format (like journald, syslog, or files). To make the connection work, you write an acquisition file—this is like labeling which adapter to use. You can explicitly set the type (the plug model), but if you forget, CrowdSec tries to help by looking at the context (like the filename) and guessing the right plug for you. 🔌 Just like a good travel kit, CrowdSec makes it flexible to plug in and start reading logs wherever you go, no matter the format.
TornaxO7
TornaxO7OP5mo ago
hm... ok I... think I can work with that thanks
CrowdSec
CrowdSec5mo ago
Resolving Difference between datasources and acquisitions? This has now been resolved. If you think this is a mistake please run /unresolve

Did you find this page helpful?