question on issue reading logs from bunkerweb
Hi Currently we configured bunkerweb with crowdsec, and it seems to be working when we manually add the IP address in the crowdsec lapi but it seems to be an issue reading the logs not sure what would be the issue in the parsing
image:
tag: "v1.6.11"
secrets:
username: "bunkerweb"
password: "Passw0rd123!"
agent:
acquisition:
- namespace: bunkerweb
podName: bunkerweb-*
program: nginx
env:
- name: COLLECTIONS
value: "crowdsecurity/nginx"
- name: BOUNCER_KEY_bunkerweb
valueFrom:
secretKeyRef:
name: bunkerweb-settings-secret
key: xxxxxxxxxxxx
appsec:
enabled: true
acquisitions:
- source: appsec
listen_addr: "0.0.0.0:7422"
path: /
appsec_config: crowdsecurity/virtual-patching
labels:
type: appsec
env:
- name: COLLECTIONS
value: "crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules"
lapi:
enabled: true
env:
- name: BOUNCER_KEY_bunkerweb
valueFrom:
secretKeyRef:
name: bunkerweb-settings-secret
key: xxxxxxxxxxxx
``
4 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
hey @killmasta93 ! you should try to give a shot to https://doc.crowdsec.net/u/user_guides/cscli_explain to understand why the logs aren't parsed
Understand logs processing | CrowdSec
cscli explain relies on your local setup, parsers, scenario to display its data. It requires a working local crowdsec setup.
(ping @rr404_ as I know you're in touch with bunkerweb )
hi @bui @rr404_ thanks for the reply, finally got the logs to able to parse but cant get crowdsec to block not sure what i missed out? if i add it manually it works which is odd, after checking the logs i keep seeing 2025/10/02 04:05:20 [warn] 713383#713383: *8636332 using uninitialized "is_whitelisted" variable while logging request, client: xxxxx, server: xxxxxxx, request: "GET /ZD95E6nB.tmp HTTP/1.1", host: "xxxxxxxx" just testing out running a nikito scan normally on version crowdsec 1.6.5 blocks but on 1.6.9 does not block it
