fix: Auto-configure syslog file logging for CrowdSec
OpenWrt uses logd by default which doesn't write to files. CrowdSec file-based acquisition needs /var/log/messages to exist. Changes: - Init script: setup_syslog() configures log_file before each start - Defaults script: setup_syslog_file() configures at install time - openwrt-syslog.yaml: Remove non-existent /var/log/syslog reference The init script sets: uci set system.@system[0].log_file='/var/log/messages' uci set system.@system[0].log_size='512' Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
269688e64f
commit
27da0bb48c
@ -10,10 +10,10 @@
|
||||
# cscli collections install crowdsecurity/linux
|
||||
# cscli parsers install crowdsecurity/syslog-logs
|
||||
|
||||
# File-based acquisition for syslog (if log_file is configured)
|
||||
# File-based acquisition for syslog
|
||||
# The init script configures OpenWrt to write logs to /var/log/messages
|
||||
filenames:
|
||||
- /var/log/messages
|
||||
- /var/log/syslog
|
||||
labels:
|
||||
type: syslog
|
||||
---
|
||||
|
||||
@ -232,6 +232,32 @@ EOF
|
||||
fi
|
||||
}
|
||||
|
||||
# Configure OpenWrt to write logs to file
|
||||
setup_syslog_file() {
|
||||
echo "Configuring syslog file logging..."
|
||||
|
||||
local log_file
|
||||
log_file=$(uci -q get system.@system[0].log_file)
|
||||
|
||||
if [ -z "$log_file" ]; then
|
||||
echo "Enabling syslog file logging for CrowdSec acquisition"
|
||||
uci set system.@system[0].log_file='/var/log/messages'
|
||||
uci set system.@system[0].log_size='512'
|
||||
uci commit system
|
||||
/etc/init.d/log restart
|
||||
# Wait for log file to be created
|
||||
sleep 2
|
||||
else
|
||||
echo "Syslog file already configured: $log_file"
|
||||
fi
|
||||
|
||||
# Ensure log file exists
|
||||
if [ ! -f /var/log/messages ]; then
|
||||
touch /var/log/messages
|
||||
chmod 644 /var/log/messages
|
||||
fi
|
||||
}
|
||||
|
||||
# Detect and configure OpenWrt-specific log sources
|
||||
detect_openwrt_logs() {
|
||||
echo "Detecting OpenWrt log sources..."
|
||||
@ -291,6 +317,9 @@ main() {
|
||||
# Install Hub collections and parsers
|
||||
install_hub_items
|
||||
|
||||
# Setup syslog file logging (required for file-based acquisition)
|
||||
setup_syslog_file
|
||||
|
||||
# Detect OpenWrt log sources
|
||||
detect_openwrt_logs
|
||||
|
||||
|
||||
@ -14,6 +14,31 @@ service_triggers() {
|
||||
procd_add_reload_trigger crowdsec
|
||||
}
|
||||
|
||||
setup_syslog() {
|
||||
# CrowdSec needs log files to exist for acquisition
|
||||
# OpenWrt uses logd by default which doesn't write to files
|
||||
# Enable file logging so CrowdSec can read from /var/log/messages
|
||||
|
||||
local log_file
|
||||
log_file=$(uci -q get system.@system[0].log_file)
|
||||
|
||||
if [ -z "$log_file" ]; then
|
||||
logger -t crowdsec "Enabling syslog file logging for CrowdSec acquisition"
|
||||
uci set system.@system[0].log_file='/var/log/messages'
|
||||
uci set system.@system[0].log_size='512'
|
||||
uci commit system
|
||||
/etc/init.d/log restart
|
||||
# Wait for log file to be created
|
||||
sleep 2
|
||||
fi
|
||||
|
||||
# Ensure log file exists
|
||||
if [ ! -f /var/log/messages ]; then
|
||||
touch /var/log/messages
|
||||
chmod 644 /var/log/messages
|
||||
fi
|
||||
}
|
||||
|
||||
init_config() {
|
||||
config_load crowdsec
|
||||
config_get data_dir crowdsec data_dir "${RUNCONFDIR}"
|
||||
@ -36,6 +61,7 @@ init_config() {
|
||||
}
|
||||
|
||||
start_service() {
|
||||
setup_syslog
|
||||
init_config
|
||||
|
||||
procd_open_instance
|
||||
|
||||
Loading…
Reference in New Issue
Block a user