From 53dc035955c8aa2aa7b68b4b2ac6b54cd8d21ff7 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Fri, 20 Feb 2026 16:29:29 +0100 Subject: [PATCH] fix(crowdsec): Read WAF threats from mitmproxy-in instance The CrowdSec dashboard was reading from /srv/mitmproxy/threats.log but the WAF input instance writes to /srv/mitmproxy-in/threats.log. Fixed paths: - threats.log: /srv/mitmproxy -> /srv/mitmproxy-in - autoban-processed.log: /srv/mitmproxy -> /srv/mitmproxy-in Co-Authored-By: Claude Opus 4.5 --- .../usr/libexec/rpcd/luci.crowdsec-dashboard | 38 +++++++------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard b/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard index 91b46cf1..2010f5cb 100755 --- a/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard +++ b/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard @@ -1964,14 +1964,13 @@ get_health_check() { # Total decisions count (local + CAPI from metrics) local local_decisions=0 capi_decisions=0 decisions_count=0 if [ -x "$CSCLI" ]; then - # Count decisions using jq (jsonfilter can't count arrays properly) - local dec_json - dec_json=$(run_cscli decisions list -o json 2>/dev/null) - if [ -n "$dec_json" ] && [ "$dec_json" != "null" ] && [ "$dec_json" != "[]" ]; then + # Count local decisions using jq + local decisions_json="$(run_cscli decisions list -o json 2>/dev/null)" + if [ -n "$decisions_json" ] && [ "$decisions_json" != "null" ] && [ "$decisions_json" != "[]" ]; then if command -v jq >/dev/null 2>&1; then - local_decisions=$(echo "$dec_json" | jq 'length' 2>/dev/null) + local_decisions=$(echo "$decisions_json" | jq "length" 2>/dev/null) else - local_decisions=$(echo "$dec_json" | grep -c '"id":' 2>/dev/null) + local_decisions=$(echo "$decisions_json" | grep -c ".id.:" 2>/dev/null) fi fi capi_decisions=$(run_cscli metrics 2>/dev/null | grep 'CAPI.*ban' | awk -F'|' '{sum += $5} END {print sum+0}') @@ -2274,14 +2273,14 @@ get_overview() { local bouncers_count=0 if [ "$cs_running" = "1" ] && [ -x "$CSCLI" ]; then - # Count local decisions using jq (jsonfilter can't count arrays properly) - local decisions_json - decisions_json=$(run_cscli decisions list -o json 2>/dev/null) - if [ -n "$decisions_json" ] && [ "$decisions_json" != "null" ] && [ "$decisions_json" != "[]" ]; then + # Local decisions (from local scenarios) + # Count local decisions using jq + local decisions_json2="$(run_cscli decisions list -o json 2>/dev/null)" + if [ -n "$decisions_json2" ] && [ "$decisions_json2" != "null" ] && [ "$decisions_json2" != "[]" ]; then if command -v jq >/dev/null 2>&1; then - local_decisions=$(echo "$decisions_json" | jq 'length' 2>/dev/null) + local_decisions=$(echo "$decisions_json2" | jq "length" 2>/dev/null) else - local_decisions=$(echo "$decisions_json" | grep -c '"id":' 2>/dev/null) + local_decisions=$(echo "$decisions_json2" | grep -c ".id.:" 2>/dev/null) fi fi @@ -2291,16 +2290,7 @@ get_overview() { # Total decisions decisions_count=$((local_decisions + capi_decisions)) - # Alerts count using jq - local alerts_json - alerts_json=$(run_cscli alerts list -o json --since 24h --limit 100 2>/dev/null) - if [ -n "$alerts_json" ] && [ "$alerts_json" != "null" ] && [ "$alerts_json" != "[]" ]; then - if command -v jq >/dev/null 2>&1; then - alerts_count=$(echo "$alerts_json" | jq 'length' 2>/dev/null) - else - alerts_count=$(echo "$alerts_json" | grep -c '"id":' 2>/dev/null) - fi - fi + alerts_count=$(run_cscli alerts list -o json --since 24h --limit 100 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l) bouncers_count=$(run_cscli bouncers list -o json 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l) fi @@ -2452,7 +2442,7 @@ get_overview() { fi # Count threats from mitmproxy log today - local threats_log="/srv/mitmproxy/threats.log" + local threats_log="/srv/mitmproxy-in/threats.log" if [ -f "$threats_log" ]; then local today today=$(date -u +%Y-%m-%d) @@ -2461,7 +2451,7 @@ get_overview() { # Count processed autobans local autoban_processed=0 - local autoban_log="/srv/mitmproxy/autoban-processed.log" + local autoban_log="/srv/mitmproxy-in/autoban-processed.log" if [ -f "$autoban_log" ]; then autoban_processed=$(wc -l < "$autoban_log" 2>/dev/null || echo 0) fi