-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Audiobookshelf collection #1153
Conversation
Hey 👋🏻 Thank you for the PR, do you have any log lines we can add to some tests to ensure the parser works plus it will help us keep compatibility moving forward incase anything changes to crowdsec / patterns. You can redact any PII data (IP address, usernames) and provide a place holder EG: Edit: plus a crowdsec team member is currently running this inside a homelab and seem you might have JSON logs? is this the default or a custom setting you have enabled? |
Sure. Here you are:
Yes, this is a JSON log by default. There is no option to change the format. |
Hey @plague-doctor, How is audiobookshelf deployed ? I have an instance running in docker, and my logs are not in JSON (AFAIK, it's using a default configuration, and should be on the latest version):
|
Hey 👋🏻 I extended the parser a little to support non-json logs as per @blotus has, added some tests (positive failed auths and postive authentication requests). Can you take a look over my changes and if you are happy we can proceed. |
Helps users with advplyr/audiobookshelf#2579 |
…trictive on failed attempts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but is like signing my own homework, I let others approve from the team also
I merged since we added tests and all should be working. Thank you @plague-doctor for creating the PR and your first contribution to the crowdsec hub. You can now download the collection by running
if you get a not found you may need to run
before hand! I linked an issue from audiobookshelf, hopefully we be able to bring some light to this new collection and introduce new user to CrowdSec because of it 🎆 |
We are investigating an issue on our side, you changes are published, however, there currently issue downloading them remotely. I will update this PR once we have it resolved. |
@blotus I run this in docker. As per this information: https://www.audiobookshelf.org/guides/server_logs#server-logs the logs are JSON. I vaguely remember they were a plain text a while ago, but it has changed.
@LaurenceJJones Thanks for taking care of quirks of grok configuration. Thanks a lot! I am still unable to install with
even after
I get:
I have also noticed that https://app.crowdsec.net/hub/author/PlagueDoctor/collections/audiobookshelf |
Yes this should all be resolved now via https://app.crowdsec.net/hub/author/plague-doctor/collections/audiobookshelf |
* Add Audiobookshelf collection * enhance: Add tests and extend parser to support non json output also * enhance: Since we are parsing the application logs we can be more restrictive on failed attempts * chore: run index workflow manually --------- Co-authored-by: Laurence <[email protected]>
* Add Audiobookshelf collection * enhance: Add tests and extend parser to support non json output also * enhance: Since we are parsing the application logs we can be more restrictive on failed attempts * chore: run index workflow manually --------- Co-authored-by: Laurence <[email protected]>
A collection to defend Audiobookshelf self hosted deployments against common attacks.