Apache parser failure
Hello
I am trying to setup crowdsec on one of my ubuntu servers.
I am at the very beginning of the process, and i can't event get a test working.
My apache stores logs in /var/log/apache2/other_vhosts_access.log
When i test a log with 'cscli explain', i always get a parser failure. What am i missing here ? I already tried to change the log format to "combined" in an other file with the same result ...
the command (with ip and domain changed) :
The result (with ip and domain changed) :
DEBU[2025-06-18T13:18:56Z] Using /etc/crowdsec/config.yaml as configuration file
DEBU[2025-06-18T13:18:56Z] the option 'daemonize' is deprecated and ignored
DEBU[2025-06-18T13:18:56Z] Enabled feature flags: none
DEBUG file /tmp/cscli_explain2737993452/cscli_test_tmp.log has 1 lines
WARNING Line 0/1 is missing evt.StrTime. It is most likely a mistake as it will prevent your logs to be processed in time-machine/forensic mode. file=/tmp/cscli_explain2737993452/parser-dump.yaml
line: mydomain.com:1.1.1.1 - - [18/Jun/2025:13:17:43 +0000] "GET /front/cron.php HTTP/1.1" 200 63 "https://mydomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
├ s00-raw
|├ crowdsecurity/syslog-logs
|└ crowdsecurity/non-syslog (+5 ~8)
├ s01-parse
|├ crowdsecurity/apache2-logs
|└ crowdsecurity/sshd-logs
└-------- parser failure
Thanks for the help
I am trying to setup crowdsec on one of my ubuntu servers.
I am at the very beginning of the process, and i can't event get a test working.
My apache stores logs in /var/log/apache2/other_vhosts_access.log
When i test a log with 'cscli explain', i always get a parser failure. What am i missing here ? I already tried to change the log format to "combined" in an other file with the same result ...
the command (with ip and domain changed) :
cscli explain --log 'mydomain.com:80 1.1.1.1 - - [18/Jun/2025:13:17:43 +0000] "GET /front/cron.php HTTP/1.1" 200 63 "https://mydomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"' --type apache --color yes --debugThe result (with ip and domain changed) :
DEBU[2025-06-18T13:18:56Z] Using /etc/crowdsec/config.yaml as configuration file
DEBU[2025-06-18T13:18:56Z] the option 'daemonize' is deprecated and ignored
DEBU[2025-06-18T13:18:56Z] Enabled feature flags: none
DEBUG file /tmp/cscli_explain2737993452/cscli_test_tmp.log has 1 lines
WARNING Line 0/1 is missing evt.StrTime. It is most likely a mistake as it will prevent your logs to be processed in time-machine/forensic mode. file=/tmp/cscli_explain2737993452/parser-dump.yaml
line: mydomain.com:1.1.1.1 - - [18/Jun/2025:13:17:43 +0000] "GET /front/cron.php HTTP/1.1" 200 63 "https://mydomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
├ s00-raw
|├ crowdsecurity/syslog-logs
|└ crowdsecurity/non-syslog (+5 ~8)
├ s01-parse
|├ crowdsecurity/apache2-logs
|└ crowdsecurity/sshd-logs
└-------- parser failure
Thanks for the help
