File tree Expand file tree Collapse file tree 1 file changed +5
-6
lines changed
crowdsec-docs/docs/log_processor Expand file tree Collapse file tree 1 file changed +5
-6
lines changed Original file line number Diff line number Diff line change @@ -8,16 +8,15 @@ The Log Processor is a core component of the Security Engine. It:
88
99- Reads logs from [ Data Sources] ( log_processor/data_sources/introduction.md ) via Acquistions.
1010- Parses logs and extract relevant information using [ Parsers] ( log_processor/parsers/introduction.mdx ) .
11- - Enriches the parsed information with additional context such as GEOIP, ASN using [ Enrichers] ( log_processor/parsers/enricher.md ) .
11+ - Enriches the parsed information with additional context such as GEOIP, ASN using [ Enrichers] ( log_processor/parsers/enricher.md ) .
1212- Monitors patterns of interest via [ Scenarios] ( log_processor/scenarios/introduction.mdx ) .
1313- Pushes alerts to the Local API (LAPI), where alert/decisions are stored.
14-
15- !TODO: Add diagram of the log processor pipeline
1614- Read logs from datasources
1715- Parse the logs
1816- Enrich the parsed information
1917- Monitor the logs for patterns of interest
2018
19+ <!-- !TODO: Add diagram of the log processor pipeline -->
2120
2221## Log Processor
2322
@@ -44,10 +43,10 @@ We support two ways to define Acquisitions in the [configuration directory](/u/t
4443## /etc/crowdsec/acquis.d/file.yaml
4544source: file ## The Data Source module to use
4645filenames:
47- - /tmp/foo/*.log
48- - /var/log/syslog
46+ - /tmp/foo/*.log
47+ - /var/log/syslog
4948labels:
50- type : syslog
49+ type: syslog
5150```
5251
5352For more information on Data Sources and Acquisitions, see the [Data Sources](log_processor/data_sources/introduction.md) documentation.
You can’t perform that action at this time.
0 commit comments