C
CrowdSec2mo ago
carrotcakee

Enable context using helm

In the documentation is says to check and enable using 
cscli console enable context
cscli console enable context
And check status with 
cscli lapi context status
cscli lapi context status
With output: 
target_user:
    - evt.Meta.target_user
target_user:
    - evt.Meta.target_user
The problem is i cant run any 
console
console
command since: 
Error: no configuration for Central API (CAPI) in '/etc/crowdsec/config.yaml'
Error: no configuration for Central API (CAPI) in '/etc/crowdsec/config.yaml'
And im guessing i have to enable the contexts in the values.yaml using the console.yaml file?
Contextualize Alerts | CrowdSec
Introduction
8 Replies
CrowdSec
CrowdSec2mo ago
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type /unresolve
© Created By WhyAydan for CrowdSec ❤️
iiamloz
iiamloz2mo ago
which pod type was you executing this from LAPI or Agent? as LAPI are sole owner of these credentials however, we are currently working on making this experience better in kubernetes if it helps I was just informed about this config key which allows you to mount the value directly https://github.com/crowdsecurity/helm-charts/blob/fe60c6df8b19d3a4a08ed605956c5913625c6dfc/charts/crowdsec/README.md?plain=1#L356 
config:
  console.yaml: |
    share_manual_decisions: true
    share_tainted: true
    share_custom: true
    share_context: true
config:
  console.yaml: |
    share_manual_decisions: true
    share_tainted: true
    share_custom: true
    share_context: true
(which I realise now is what you said at the bottom of your initial text so yes this is the best way currently)
carrotcakee
carrotcakeeOP2mo ago
From the crowdsec-lapi container I'll try this. thanks!
iiamloz
iiamloz2mo ago
hmmm, thanks for the headsup on this we will investigate but for now you have the other way
carrotcakee
carrotcakeeOP2mo ago
Added this, and running a cat on the console.yaml file proves its there: 
share_manual_decisions: true
share_tainted: true
share_custom: true
share_context: true
share_manual_decisions: true
share_tainted: true
share_custom: true
share_context: true
But running 
 cscli lapi context status
 cscli lapi context status
Still gives the same: 
target_user:
    - evt.Meta.target_user
target_user:
    - evt.Meta.target_user
With that said, It seems i did not need to enable anything else for the context i wanted, which was the target_uri, just got this notification and seems to work
No description
iiamloz
iiamloz2mo ago
however, cscli lapi context status is per deployment so if you run those on the agent nodes you will see different contexts
carrotcakee
carrotcakeeOP2mo ago
Ah yes, you're right. This is one of the agents: 
cve:
    - evt.Meta.cve
method:
    - evt.Meta.http_verb
status:
    - evt.Meta.http_status
target_uri:
    - evt.Meta.http_path
target_user:
    - evt.Meta.target_user
user_agent:
    - evt.Meta.http_user_agent
cve:
    - evt.Meta.cve
method:
    - evt.Meta.http_verb
status:
    - evt.Meta.http_status
target_uri:
    - evt.Meta.http_path
target_user:
    - evt.Meta.target_user
user_agent:
    - evt.Meta.http_user_agent
CrowdSec
CrowdSec2mo ago
Resolving Enable context using helm This has now been resolved. If you think this is a mistake please run /unresolve

Did you find this page helpful?