gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(crowdsec): Fix alerts/scenarios/countries stats in dashboard

Browse Source 
- alerts_24h now uses local_decisions count instead of empty file
- top_scenarios_raw now extracts from decisions JSON (was parsing CAPI metrics)
- top_countries_raw now correctly parses IsoCode from alerts GeoIP metadata
- Double-buffer caching via cron job already in place

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-03-16 08:26:21 +01:00
parent c74ba2e474
commit b9f789fdb7
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
View File

@ -2417,9 +2417,8 @@ refresh_overview_cache() {
[ -z "$capi_decisions" ] && capi_decisions=0 [ -z "$capi_decisions" ] && capi_decisions=0
decisions_count=$((local_decisions + capi_decisions)) decisions_count=$((local_decisions + capi_decisions))
# Parse alerts count # Alerts count = decisions count (each decision comes from an alert)
alerts_count=$(grep -c '"id":' "$alerts_file" 2>/dev/null) alerts_count=$local_decisions
[ -z "$alerts_count" ] && alerts_count=0
# Parse bouncers count # Parse bouncers count
if [ -n "$bouncers_json" ] && [ "$bouncers_json" != "[]" ]; then if [ -n "$bouncers_json" ] && [ "$bouncers_json" != "[]" ]; then
@ -2439,19 +2438,21 @@ refresh_overview_cache() {
fi fi
fi fi
# Parse scenarios from metrics # Parse top scenarios from decisions file (count by scenario name)
if [ -n "$metrics_output" ]; then scenarios=$(cat "$decisions_file" | \
scenarios=$(echo "$metrics_output" | \ grep -oE '"scenario"[[:space:]]*:[[:space:]]*"[^"]*"' | \
grep -E '^\| [a-z].*\| CAPI' | \ sed 's/"scenario"[[:space:]]*:[[:space:]]*"//;s/"$//' | \
sed 's/|//g;s/^[ ]*//;s/[ ]*$//' | \ sort | uniq -c | sort -rn | head -5 | \
awk '{print $4, $1}' | sort -rn | head -5 | \ awk '{print "{\"scenario\":\"" $2 "\",\"count\":" $1 "}"}' | \
awk '{print "{\"scenario\":\"" $2 "\",\"count\":" $1 "}"}' | \ tr '\n' ',' | sed 's/,$//')
tr '\n' ',' | sed 's/,$//')
fi
# Parse countries from alerts file # Parse top countries from full alerts (with GeoIP metadata)
countries=$(cat "$alerts_file" | \ # Format is "key": "IsoCode",\n"value": "US" on separate lines
jsonfilter -e '@[*].source.cn' 2>/dev/null | \ local alerts_full
alerts_full=$("$CSCLI" alerts list -o json --limit 50 2>/dev/null || echo "[]")
countries=$(echo "$alerts_full" | \
grep -A1 '"key": "IsoCode"' | grep '"value":' | \
sed 's/.*"value"[[:space:]]*:[[:space:]]*"//;s/".*$//' | \
grep -v '^$' | sort | uniq -c | sort -rn | head -10 | \ grep -v '^$' | sort | uniq -c | sort -rn | head -10 | \
awk '{print "{\"country\":\"" $2 "\",\"count\":" $1 "}"}' | \ awk '{print "{\"country\":\"" $2 "\",\"count\":" $1 "}"}' | \
tr '\n' ',' | sed 's/,$//') tr '\n' ',' | sed 's/,$//')
@ -2554,8 +2555,8 @@ refresh_overview_cache() {
"geoip_enabled":$([ "$geoip_enabled" = "1" ] && echo true || echo false), "geoip_enabled":$([ "$geoip_enabled" = "1" ] && echo true || echo false),
"acquisition_count":$acquisition_count, "acquisition_count":$acquisition_count,
"scenario_count":$scenario_count, "scenario_count":$scenario_count,
"top_scenarios_raw":"[$scenarios]", "top_scenarios_raw":[$scenarios],
"top_countries_raw":"[$countries]", "top_countries_raw":[$countries],
"decisions_raw":$(cat "$decisions_file"), "decisions_raw":$(cat "$decisions_file"),
"alerts_raw":$(cat "$alerts_file"), "alerts_raw":$(cat "$alerts_file"),
"logs":$logs_json, "logs":$logs_json,