Skip to content

Commit e7c3843

Browse files
buixorbuixor
committed
add configuration paths
1 parent abcbd68 commit e7c3843

File tree

1 file changed

+57
-0
lines changed

1 file changed

+57
-0
lines changed

crowdsec-docs/docs/configuration/crowdsec_configuration.md

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,63 @@ You can find the default configurations on our GitHub repository:
1515

1616
[Windows default configuration](https://github.com/crowdsecurity/crowdsec/blob/master/config/config_win.yaml)
1717

18+
## Common configuration directories & paths
19+
20+
### `/etc/crowdsec/`
21+
22+
All CrowdSec configuration are living in this directory.
23+
24+
### `/etc/crowdsec/config.yaml`
25+
26+
Main configuration file for Log Processor and Local API.
27+
28+
### `/etc/crowdsec/acquis.d` and `/etc/crowdsec/acquis.yaml`
29+
30+
Documents which log sources and datasources are processed by the Log Processor.
31+
32+
`/etc/crowdsec/acquis.yaml` is the historical acquisition configuration file.
33+
`/etc/crowdsec/acquis.d/*.yaml` is prefered when possible.
34+
35+
### `/etc/crowdsec/bouncers/*.yaml`
36+
37+
Individual configuration file for bouncers.
38+
39+
### `/etc/crowdsec/collections/*.yaml`
40+
41+
Collections currently installed on the Log Processor.
42+
43+
### `/etc/crowdsec/console.yaml`
44+
45+
Console specific flags to enable/disable manual decisions management, alert context sharing.
46+
47+
### `/etc/crowdsec/contexts/*.yaml`
48+
49+
Enabled alert context for Local API and Log Processor.
50+
51+
### `/etc/crowdsec/hub/`
52+
53+
Local Hub Mirror.
54+
55+
### `/etc/crowdsec/local_api_credentials.yaml` and `/etc/crowdsec/online_api_credentials.yaml`
56+
57+
Credentials for Local API and Central API.
58+
59+
### `/etc/crowdsec/parsers`
60+
61+
Contains all parsers enabled on the Log Processor, organised in stages:
62+
- `/etc/crowdsec/parsers/s00-raw/*.yaml` : parsers for based formats such as syslog.
63+
- `/etc/crowdsec/parsers/s01-parse/*.yaml` : service specific parsers such as nginx or ssh.
64+
- `/etc/crowdsec/parsers/s02-enrich/*.yaml` : enrichment parsers and whitelists.
65+
66+
### `/etc/crowdsec/scenarios`
67+
68+
Contains all scenarios enabled on the Log Processor.
69+
70+
### `/etc/crowdsec/profiles.yaml`
71+
72+
Contains profiles used by Local API to eventually turn alerts into decisions or dispatch them to notification plugins.
73+
74+
1875
## Environment variables
1976

2077
It is possible to set configuration values based on environment variables.

0 commit comments

Comments
 (0)