Différences

Ci-dessous, les différences entre deux révisions de la page.

--- tuto:monitoring:graylog_to_crowdsec [05/03/2021 18:35]
dani
+++ tuto:monitoring:graylog_to_crowdsec [05/03/2021 18:39]
dani [g2cs]
@@ Ligne 12: / Ligne 12: @@
 ===== Send logs from Graylog to ? =====
-As I already have all my logs in Graylog, it'd be better to send this stream of logs to a single crowdsec installation. But, for now, crowdsec doesn't have network logs input, it can only reads files and the Journal (I've opened a [[https://github.com/crowdsecurity/crowdsec/issues/621|ticket]] for this). So, the idea is to somehow forward the logs I want fro Graylog to a small daemon, which would write logs for crowdsec to consume.
+As I already have all my logs in Graylog, it'd be better to send this stream of logs to a single crowdsec installation. But, for now, crowdsec doesn't have network logs input, it can only reads files and the Journal (I've opened a [[https://github.com/crowdsecurity/crowdsec/issues/621|ticket]] for this). So, the idea is to somehow forward the logs I want from Graylog to a small daemon, which would write logs for crowdsec to consume.
+Here's the global flow
+{{ :tuto:monitoring:graylog_to_crowdsec.png |}}
 ===== g2cs =====
@@ Ligne 36: / Ligne 39: @@
 <note tip>You can choose a directory on a tmpfs filesystem to improve performance, as you do not need those logs to be persistent</note>
+<note>We could probably do the same thing with rsyslog, but it's configuration is arcane to me, so, it was easier to write the small g2cs daemon instead</note>
 ===== Configure crowdsec =====
 Now that we have our g2cs daemon running, you can configure crowdsec acquisition to read these files. Something like