CrowdSec introduces a new version to simplify parsers creation and troubleshooting
We’ve released version 1.2.1 of CrowdSec
This version contains a few bug fixes, improvements for people dealing with massive databases with many agents and bouncers. But mostly, it introduces a new feature to make the creation and troubleshooting of parsers and scenarios easier – cscli explain.
Debugging a faulty parser or creating a new scenario can be tricky when you don’t know what data ends up in which field, or which parser of a chain misbehaves.
Until now, the easiest way would be to turn the given parser(s) into debug more and run CrowdSec with the faulty log lines, which is tedious and time-consuming.
That’s what cscli explain helps to solve: it shows the user which parsers picked up the line, and if it did succeed parsing it, along with the changes it made to it.
Concretely cscli explain works like this:
Here we can see the lines being picked up by the non-syslog parser, then by the nginx parser, as well as by various enrichers (such as GeoIP), before finally landing in various scenarios: http-crawl-non_statics and http-probbing.
It has been something we meant to do for a while. And we hope the form it takes in this release will help solve the issue.
cscli explain intends to help not only troubleshoot but also create and customize parsers and scenarios. Thus, it also allows to see detailed changes of each step:
And that’s mostly it for this release. Stay tuned for more!