log acquisition
With the recent addition of https://docs.crowdsec.net/docs/log_processor/data_sources/docker/#swarm I wondered what would be the recommended way to acquite logs from traefik and bouncer: https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin .
Questions:
- Should I use a bind mounts or use the new api to read logs directly from the Docker Data Source.
- What are tradeoffs? (pros/cons)
- How does Crowdsec read from swarm/docker directly (technical). I think it uses the docker socket.
Traefik adds a disclaimer: Accessing the Docker API without any restriction is a security concern
https://doc.traefik.io/traefik/reference/install-configuration/providers/docker/#docker-api-access
⇒ would this apply to crowdsec too?
Thanks in advance!
Questions:
- Should I use a bind mounts or use the new api to read logs directly from the Docker Data Source.
- What are tradeoffs? (pros/cons)
- How does Crowdsec read from swarm/docker directly (technical). I think it uses the docker socket.
Traefik adds a disclaimer: Accessing the Docker API without any restriction is a security concern
https://doc.traefik.io/traefik/reference/install-configuration/providers/docker/#docker-api-access
⇒ would this apply to crowdsec too?
Thanks in advance!
GitHub
Traefik plugin for Crowdsec - WAF and IP protection - maxlerebourg/crowdsec-bouncer-traefik-plugin
Learn how to achieve configuration discovery in Traefik through Docker. Read the technical documentation.
This module allows the Security Engine to acquire logs from running containers, in one-shot and streaming mode.
