CyberMind-FR
27da0bb48c
OpenWrt uses logd by default which doesn't write to files. CrowdSec file-based acquisition needs /var/log/messages to exist. Changes: - Init script: setup_syslog() configures log_file before each start - Defaults script: setup_syslog_file() configures at install time - openwrt-syslog.yaml: Remove non-existent /var/log/syslog reference The init script sets: uci set system.@system[0].log_file='/var/log/messages' uci set system.@system[0].log_size='512' Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
29 lines
859 B
YAML
29 lines
859 B
YAML
# OpenWrt System Syslog Acquisition
|
|
# This configuration monitors OpenWrt system logs via syslog
|
|
# For local log files or syslog forwarding scenarios
|
|
#
|
|
# Note: OpenWrt uses logd by default which doesn't write to files.
|
|
# Enable syslog-ng or configure log_file in /etc/config/system
|
|
# to enable file-based log acquisition.
|
|
#
|
|
# Required collections:
|
|
# cscli collections install crowdsecurity/linux
|
|
# cscli parsers install crowdsecurity/syslog-logs
|
|
|
|
# File-based acquisition for syslog
|
|
# The init script configures OpenWrt to write logs to /var/log/messages
|
|
filenames:
|
|
- /var/log/messages
|
|
labels:
|
|
type: syslog
|
|
---
|
|
# Alternative: Syslog service acquisition
|
|
# Uncomment this section if using remote syslog forwarding
|
|
# or if CrowdSec should act as a syslog server
|
|
#
|
|
# source: syslog
|
|
# listen_addr: 127.0.0.1
|
|
# listen_port: 10514
|
|
# labels:
|
|
# type: syslog
|