Caddy not showing up in acquisition metrics

I have the following acquisition for Caddy:

filenames:
- /var/log/caddy-crowdsec/*.log
labels:
  type: caddy

filenames:
- /var/log/caddy-crowdsec/*.log
labels:
  type: caddy

I've mounted the logs at this location because I can't change the permissions of the original directory. My problem is that it doesn't show up in the acquisition metrics. When I run...

sudo tail -n 10 /var/log/caddy-crowdsec/access-auth.haddock.cc.log | cs explain -f- --type caddy -v

sudo tail -n 10 /var/log/caddy-crowdsec/access-auth.haddock.cc.log | cs explain -f- --type caddy -v

...it gives me this output: https://gist.github.com/poperigby/fcf207a3ce03d51f3777b800358878bc

Gist

gist:fcf207a3ce03d51f3777b800358878bc

GitHub Gist: instantly share code, notes, and snippets.

CrowdSec•6/10/25, 10:00 PM

Important Information

Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command or press the green resolve button below.

Log Files

If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.

Guide Followed (CrowdSec Official)

If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.

Screenshots

Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.

•

6/10/25, 10:00 PM

PopeRigbyOP•6/10/25, 10:00 PM

Here are my acqusition metrics:

PopeRigbyOP•6/10/25, 10:04 PM

Here's my log: https://gist.github.com/poperigby/2a9342b5c6a2ffe1f1cf6bb966fa5621

Gist

gist:2a9342b5c6a2ffe1f1cf6bb966fa5621

GitHub Gist: instantly share code, notes, and snippets.

PPopeRigby I have the following acquisition for Caddy: ``` filenames: - /var/log/caddy-crow...

Loz•6/11/25, 10:20 AM

Can you add to the acquisition file this property

and see if that makes it show when a new log comes in

LLoz Can you add to the acquisition file this property ``` poll_without_inotify: tru...

PopeRigbyOP•6/12/25, 9:08 PM

Yeah that makes them show up

LLoz Can you add to the acquisition file this property ``` poll_without_inotify: tru...

PopeRigbyOP•6/13/25, 12:20 AM

Why do you think it's the case that they only show up with that?

PopeRigbyOP•6/18/25, 4:37 AM

Because if this is a bug I'd like to report it

PPopeRigby Yeah that makes them show up

Loz•6/18/25, 6:42 AM

its not a bug, most likely you are using some sort of NFS share or volume mount and because the default file datasource uses inotify, inotify does not work in NFS environments so enabling the option informs the datasource to manually poll the file instead.

LLoz its not a bug, most likely you are using some sort of NFS share or volume mount ...

PopeRigbyOP•6/18/25, 5:06 PM

Ohhhhh, I'm using a FUSE BindFS to allow CrowdSec to have permissions to access it. Hopefully I can make inotify work on that somehow.

╭──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮ │ Acquisition Metrics │ ├────────────────────────────────────────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────┬───────────────────┤ │ Source │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ Lines whitelisted │ ├────────────────────────────────────────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┼───────────────────┤ │ : │ - │ - │ - │ - │ 74 │ │ file:/var/log/audit/audit.log │ 2.05M │ 1.98M │ 79.16k │ 351.17k │ - │ │ journalctl:journalctl-%s_SYSTEMD_UNIT=authelia-haddock.service │ 510 │ 510 │ - │ - │ - │ │ journalctl:journalctl-%s_SYSTEMD_UNIT=immich-server.service │ 2 │ - │ 2 │ - │ - │ │ journalctl:journalctl-%s_SYSTEMD_UNIT=sshd.service │ 1.14k │ 935 │ 206 │ 2.06k │ - │ ╰────────────────────────────────────────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────┴───────────────────╯